End of Support for Sectéra Wireline Terminal
In early 2019, an announcement was made by the National Security Agency (NSA) declaring End of Support (EOS) for the Sectéra Wireline Terminal (SWT). The EOS directive was a result of SWT unable to support the NSA Advanced Cryptographic Capabilities (ACC) requirements. REDCOM’s innovative Secure Gateway solution utilizes either the SWT or the similar STE in conjunction with our HDX or SLICE 2100 to provide access to a secure enclave.
However, with the Sectéra Wireline Terminal declared EOS and the STE/STE-R no longer manufactured, access to secure networks/enclaves has become more difficult. Now, only IP Commercial Solutions for Classified (CSfC) are available, which neglect non-IP networks.
Need for non-IP
Non-IP networks such as analog, TDM, and ISDN are still in demand for network support and access to classified networks. Moving completely to IP is not likely to take place given that the current state of the IP network can present risks. Hacking by bad actors and the chance of espionage and whistleblowing is always a concern over IP networks. Considering these hazards, an IP-only non-Type 1 solution appears to be unpopular with those responsible for “their” network security.
History of specialized solutions
REDCOM has been providing secure network access capabilities for over forty years and has often responded to the special needs of the market by developing new capabilities. These solutions have supported critical communication capabilities for many security purposes including:
- Air/ground gateways and tactical radios
- Enhanced conferencing (with special military/government features)
- Gateways to secure networks
- Multi-level Secure (MLS) conferencing
- TLS/SRTP SIP and AS-SIP support. REDCOM participated in the development of the DISA Unified Capabilities Requirements (UCR) 2013.
- SCIP 150.1 (Modem Relay) networks that actually work. REDCOM participated in the development of the V.150.1 protocol.
- Non-secure warning tone trunk and line interfaces
Working on the solution
As a leader in secure communications, REDCOM has been receiving inquiries about alternate solutions to the now EOS SWT. There has been speculation in the industry that there may be some future replacement solution for the aforementioned devices. The NSA is relying on the mass adoption of the CSfC solution, which has yet to produce a suitable alternative.
REDCOM has and always will be proactive in meeting the special needs of the secure world. We are actively pursuing solutions to the current issue for our current and future customers. If you’re not already, subscribe to the REDCOM newsletter to stay up-to-date on our latest developments including possible solutions to the Sectéra Wireline Terminal EOS issue.
History of REDCOM’s developments for the secure world. Some detail of special C2 features are also provided:
First STU-IIIR interface support
REDCOM partnered with Diversified Products to create the Remote capability. One use of this card was to support air/ground secure comms for SHAEF command.
First KY-68R interface support
Again, REDCOM partnered with Diversified Products to create the Remote capability. It allowed TRI-TAC KY-68’s to talk securely over a non-TRI-TAC network, and non-secure access to Black network phones and radios. It also enabled secure second-dialing, conferencing, and radio access.
First KY-69 interface
It supported TRI-TAC KY-68’s and TRI-TAC switches access to non-TRI-TAC secure network trunking. It also enabled secure second-dialing, conferencing and radio access.
First STE-R interface
It allowed STE’s and other SCIP devices on Black networks secure access to classified networks. It also enabled secure second-dialing, conferencing and radio access. The interface supported ISDN and POTS networks. For outbound calls, it acted like a shared trunk, and prevented audio cut-through until secure run-up was completed.
Available in REDCOM IGX, HDX, and SLICE 2100 products. It allowed STE’s and other SCIP devices on Black networks secure access to classified networks. It enabled secure second-dialing and conferencing. The interface supported POTS networks. For outbound calls, it acted like a shared trunk, and prevented audio cut-through until secure run-up was completed.
When used with an HDX or SLICE 2100 at the enclave, and a SLICE 2100 as the Black switch, an inbound caller’s Automatic Number Identification (ANI), Multi-level Precedence and Pre-emption (MLPP) level can be passed to the Red enclave switch, allowing same-MLPP level call origination on the Red network, and Red Network Number Hiding is enabled. Number hiding allows the incoming called number to be re-translated in the Red switch to another number to prevent giving away clues to the network numbering or deducing called party locations. Outbound Caller ID is blocked. Optionally, an ANI number can be added to the access trunk group for outbound calls into the black network to provide a call-back number (typically the intercept operator) serving the gateway function.
Denial of access service attack protection is provided. In the Black switch, ANI matching and filtering can screen incoming calls (to the Red network) can be allowed to connect or be intercepted to a live operator for challenging, or to be given an announcement. Additionally, a password can be required to access the Red switch trunk group. A record is made of both successful and denied calls for downstream processing to assist with attack analysis.
Non-Secure Warning Tone trunk
This trunk allows for controlled non-secure access to/from a secure location, such as a command post. Outgoing calls can be screened by ANI and/or a password for access. Incoming calls are off-hook serviced to a designated phone inside the secure area, and the call is not answered to the Black-side switch unless and until the secure area user has answered and allowed the call to complete. Non-secure warning tone bursts are played only to the secure-side user.
Secure radio interface
Available in the HDX and SLICE 2100. It provides a wire interface to military and commercial radios. It enables VOX and/or positive Network PTT to key the radio and can be programmed to not allow transmit audio unless a secure indication is received from the radio. The interface has numerous other features for radio compatibility and network functions, including radio to radio relay locally or via trunking to another switch location.