FBI looks to put secret and unclassified systems on the same screen
Connecting state and local government leaders
The solution uses virtual desktop infrastructure to give users access to the unclassified network through the Secret network, saving on hardware and system administration and boosting security and efficiency.
FBI officials are drawing on the idea that less is more in their move to replace the bureau’s unclassified infrastructure with a virtual network that will give users access to networks of different classification levels from the same workstation.
The Justice Department awarded Raytheon-Websense an $8 million contract to make this happen in accordance with FBI’s Enclave Consolidation Initiative. With ECI, the FBI aims to reduce its unclassified distributed infrastructure by moving it to the data center and having users access the new virtual network over the more secure agency network. Besides cost savings in the areas of hardware, cooling, power and system administration, the change will also result in better security and efficiency, both in terms of IT and workforce productivity.
“From a user experience perspective, right now they have multiple workstations on their desktops with different classification levels,” said Ward Ponn, consulting engineer and chief architect at Raytheon-Websense. That means users can’t see their unclassified Microsoft Outlook email and their Outlook schedule from the Secret-level system on the same screen. They currently use a KVM switch -- a hardware device that lets users control multiple computers from one keyboard, video monitor and mouse -- to toggle between the enclaves.
This technology gives them “a single pane of glass, without the use of the KVM switching device,” Ponn said. On the same monitor, they can work with applications that are hosted on FBI’s Secret network while being able to see the entire virtual desktop of their unclassified network, “interacting with both of them simultaneously in a secure and controlled fashion,” Ponn said. “It is their desktop as they view it from the unclassified side displayed in a container on their existing Windows desktop for their Secret desktop.”
To collapse the unclassified network into the Secret one, Raytheon-Websense is working with Dell to leverage virtual desktop infrastructure and deploying the Raytheon-WebsenseTrusted Thin Client, originally developed about a decade ago for the intelligence and defense industries. The solution also includes Trusted Print Delivery, in which print jobs that would normally go to an unclassified printer will now be routed through TPD to print on Secret printers.
“The users are accessing their virtual desktops in the cloud on the unclassified network, and they’re printing to a printer that is closely located to them – same office space, for example – but resides on the FBI Secret network,” Ponn said.
The main goal of the consolidation is cost savings, but security and productivity will benefit, too. For instance, the money saved will go toward making the Secret-level infrastructure more robust, said Michelle Youngers, director of federal sales at Raytheon-Websense.
“By collapsing that network infrastructure, it allowed them to effectively take the savings from that and increase the network infrastructure on the Secret fabric to provide a better service delivery to their end users. And at FBI, it’s all about the end user community and service to the agents and analysts that are in the field,” Youngers said.
Additionally, moving easily between unclassified and Secret on the same screen will let employees work faster, said George Kamis, chief technology officer for Raytheon-Websense Federal.
“The capabilities that we give them with accessing the unclassified network and resources from their Secret workstation allows them to go between two different security domains quickly to get access to information,” Kamis said. “So not only is it IT efficiencies, it’s work efficiencies. If they’re working at the Secret level, they can monitor what’s going on at the unclassified level at the same time, where they didn’t have the capability before.”
The new setup will also benefit FBI’s large mobile workforce. “It allows them to go to different offices without having to be restricted to go to their own desktop machine to access their day-to-day workload,” Youngers added. That’s a huge game changer in providing value to the field.”
The effort is being rolled out in a phased approach that lets the FBI avoid replacing everything at 800 sites at once. The process follows FBI’s internal testing and evaluation program, Ponn said. As of now, Raytheon-Websense has met all of the agency’s critical milestones for the project and has begun deployment into the data center. The current program schedule has the business pilot – bringing on more users to monitor performance – starting in the second quarter of 2016.