Article: Cross-domain solutions: the present and future of a growing industry

Cross-domain solutions (CDS) consist of the secure exchange of information between security domains. This type of solution, which emerged as a technological answer to the need to share data between segregated or classified networks, has seen a sharp rise in demand due to its growing application in military command and control systems and critical infrastructure protection. 

The rise in digitalization has made modern societies highly dependent on the availability of digital infrastructure in strategic sectors, and there is a movement towards taking the protection mechanisms offered by this type of solutions and applying them in these areas. The organization of a nation’s or agency’s confidential or sensitive information into tiers to control access to it is called an “information classification system.” Originally, confidential information was handled on paper and access was managed through physical and procedural controls. When computer networks emerged, the same criteria were followed: information from the different levels was managed in separate networks at each level, completely isolated from any other C network. Information exchanges (inputs and outputs) with these networks were carried out through human intervention, with some physical supports and following strict procedures. 

With the increase in the volume of information and the number of formats, this approach was no longer operational, leading to the need to automate this process. Of course, this automation must not compromise the security properties of the networks between which the information is transferred. To understand cross-domain solutions, as well as their evolution and the challenges of these information exchange systems, we must understand certain key concepts, such as security domains, interconnections, and asymmetry. In classified information environments, networks that handle information of a certain classification level and are managed by a certain operational authority are known as security domains. 

There may be different security domains with the same classification level that cannot be directly connected because they are managed by different operational authorities. In military environments, this is common in mission networks and in the networks of multinational organizations. In both cases, they cannot be directly connected to the national networks, even if they are of the same or equivalent classification level. The concept of security domains can also be applied to networks that are kept isolated for convenience even if they don’t handle classified information and there are no formal obligations. Interconnection is the set of information exchanges between two security domains. When there are two security domains between which there is a need for information exchange, the interconnection must be analyzed in terms of the general criteria of the risks and threats that such interconnection may pose to the information assets of both domains. The criteria applied by each nation are not fully transparent and are, in general, themselves classified matters. 

There are NATO reference standards that establish general criteria and principles. However, they cover a wide range of scenarios, since many factors are involved, such as the difference in levels between the domains to be connected, operational needs, risks, etc. In a broad sense, a cross-domain solution is not a single device or system, but rather a set of measures (hardware, software, organizational, etc.) that are deployed for a given interconnection. The number and characteristics of these measures depend on the risk analysis, the security levels of the domains involved in the interconnection, and particular characteristics of the environment that may warrant additional restrictions. 

Strictly speaking, the term “cross-domain solution” is commonly used to refer to the core component of the interconnection that includes the physical medium of information exchange. An important feature to take into account in cross-domain solutions is asymmetry: The greatest risk is the unauthorized outflow of information from the top-ranked domain. The terms typically used are “highsecurity domains” (or HIGH domain) and “low-security domains” (or LOW domain), and sometimes “internal” and “external” domains. In typical classified information scenarios, where protecting confidentiality is the priority, outbound or downstream flows will be more restricted (sometimes even not allowed).

CURRENT CROSS-DOMAIN SOLUTIONS 

A cross-domain solution must ensure that the flows through it are as intended and that there are no other parallel flows. It must fully control all flows between the two domains. Though there are varying approaches, all of them provide specific support for the permitted flows, rather like adding a designated bridge for each of the supported data flows. This approach is radically different from that of a firewall, where only filtering is applied to decide whether a flow passes or not, but the flow is transferred as is. 

There are a number of general criteria that apply to all current cross-domain solutions: 

■ Inter-domain flows must be defined and documented. 

■ Separation of inflows and outflows as much as possible. 

■ Complete breakage of the protocol stack. 

■ Prevent interactive communication between domains. 

■ Strict filtering of all exchanged data. 

When the security of a type of transfer cannot be guaranteed in any other way, human authorizations are used, with the systems validating them through tags and digital signatures. Based on the security properties of the assets to be protected, the following application scenarios for cross-domain solutions can be identified: Classic scenarios of classified networks: The main goal is to protect the confidentiality of data in the highest security domain. The most drastic approach is to completely limit the information output, for example, by using data diodes. In scenarios where this is not possible or necessary, greater restrictions will be applied to outflows than to inflows. 

Critical infrastructure scenarios: In these cases, the industrial control network is kept isolated to ensure its integrity and availability. However, data must be sent out of the network for management and operational monitoring. This case is traditionally solved through data diodes placed in such a way so as to allow flow out from the isolated network, but not the other way around. Corporate scenarios: This use case consists of keeping certain critical assets of an organization in an isolated network either for confidentiality or for availability or integrity. It involves taking segmentation one step further. The same solutions applied in the other scenarios can be applied here as well, adapting them appropriately to the particular case at hand. 

FUTURE PROSPECTS 

As systems become more complex, cross-domain solutions must continue to adapt to meet new challenges. In this regard, there are several trends that will shape the future of CDS in the medium and long term. First, integration with multi-cloud architectures and distributed environments, where CDS is evolving to ensure secure interoperability between multiple clouds and dispersed networks, thus allowing enterprises and organizations to operate in complex environments while ensuring that data flows securely. Secondly, it is important to highlight the need to ensure security in critical infrastructure and Internet of Things (IoT) environments, where crossdomain systems are crucial, as they must be able to manage large volumes of data in real time, ensuring that only authorized information crosses domains. Third, with the advent of quantum computing, CDS will have to adapt to new threats linked to cryptography. Future solutions will incorporate post-quantum cryptography, which offers new ways to protect the security properties needed in many parts of cross-domain solutions from the challenges posed by quantum computing.

THE MARKET FOR CROSS-DOMAIN SOLUTIONS 

In Spain, the market for cross-domain solutions is aligned with the most sensitive sectors, such as defense and critical infrastructure. In the defense area, the Spanish Armed Forces and Ministry of Defense have increased their investment in cybersecurity and interoperability technologies, such as CDS, to improve the protection and sharing of classified information. Regarding critical infrastructure, sectors such as energy, transportation, and telecommunications require cross-domain solutions to ensure the secure interoperability of their control and operational systems. The market for cross-domain solutions in Spain is expected to continue to grow in the future. Military modernization and increasing international defense cooperation (NATO, EU) will drive the adoption of CDS to ensure secure interoperability of defense systems. 

In fact, CDS investment in the defense sector is expected to grow approximately 10-12% per year until 2030. Furthermore, critical infrastructure protection will be one of the main growth drivers for CDS. With the adoption of the Internet of Things (IoT) in these sectors, there will be a greater need to guarantee communications between OT and IT systems. This sector is expected to see an annual growth of 8-10% in CDS implementation. Another major growth driver is the modernization of public administration systems and compliance with the National Security Framework, which will continue to promote the adoption of cross-domain systems, especially in secure interoperability projects between ministries and government agencies. It is estimated that this market will have a sustained annual growth rate of around 8-10%. In Europe, the cross-domain market is even larger due to the presence of multiple government organizations, military alliances such as NATO, and the need for interoperability among members of the European Union. 

CDS is crucial for defense, cybersecurity, and regulatory compliance in sectors such as critical infrastructure and financial services. The European CDS market size is estimated to be growing at an annual rate of 10-12% until 2030. The CDS market is in a phase of accelerated growth at the Spanish, European, and global levels, driven by increasing digitalization, the need to protect classified and critical information, and regulatory compliance in strategic sectors. Defense cybersecurity, critical infrastructure, and the use of multi-cloud architecture will be the main drivers of this market in the coming years.

AUTEK, LEADER IN CROSS-DOMAIN SOLUTIONS 

Autek is a Spanish company specializing in the development of cross-domain solutions with proprietary technology, certified by organizations such as Spain’s National Cryptology Center (CCN) and NATO. The company is a pioneer in Spain in offering advanced products for the secure exchange of information between networks with different levels of security classification. 

Autek focuses on strategic sectors such as defense and security, protecting the secure exchange of the government and military’s classified information; critical infrastructure, securing interconnections between industrial control networks and administrative networks in sectors such as energy and transportation; and aerospace, contributing to high-security projects to ensure the exchange of information in complex systems. Autek stands out not only for its CDS technological innovation, but also for its focus on continuous improvement and working closely with its clients to ensure secure solutions tailored to their needs. With these products and its focus on cybersecurity, Autek has earned a solid reputation in critical sectors, positioning itself as a key partner for the protection of classified information in Spain and beyond.

Autek’s main cross-domain solution products: 

PSTgateways: These security gateways are bi-directional devices that allow for the exchange of data between high and low security domains. They are designed to provide physical separation of networks, TCP/IP protocol stack breaking, and advanced filtering. Its architecture includes two appliances that manage communication from both domains. They are marketed as COTS products, but there are also specific solutions for certain use cases (JISR scenarios, air traffic control information, command and control information, etc.). 

PSTdiode: These hardware data diodes allow for one-way transfer of information between domains, providing a physical guarantee that transmission can only take place in one direction. These diodes are used in environments where extreme security is critical, such as in military networks or critical infrastructure, preventing any possibility of data backflow that could compromise security. Autek products are Common Criteria certified up to EAL 4+, an international standard that certifies product safety. The company has also been included in the NIAPC (NATO Information Assurance Product Catalog) listings, underscoring its commitment to the highest security standards.