<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

Improving Fly-Away Kit Visibility for Tactical Federal Teams

October 29, 2020

Tactical federal team
"Fly away" kits have been in use by the federal government for years, gaining widespread adoption around 2015, with the Army's first Cyber Innovation Challenge. "The speed of technology, combined with always-changing threats, demand that we go faster in getting capabilities to the field," said Doug Wiltsie, director of the Army Rapid Capabilities Office (RCO).1

Garland Technology has been working with the Department of Defense (DoD), providing visibility solutions for various tactical operations, including developing custom network TAPs for the team at Fort Bragg for battlefield communications exercises, as well as various agency network visibility needs. 

For most of these environments, as you look at situational awareness, where information warfare is a reality, network visibility becomes a critical component of cybersecurity. Counter measures are important right now, so the more we can be on top of it, the more we can be aware of the kinds of evolving attacks we are seeing.

Recently, we’ve been working with the DoD and federal civilian Cyber Protection Teams (CPTs) to provide visibility for their fly-away kits. The challenges they kept running into were size-related: the solutions our competitors provide are 1U data center appliances that do not work for the travel and mobility that is needed. Running into flexibility and “ease of use” issues, they need to be able to plug and play with various media and speeds in a moment's notice. Also, cost and reliability, they need a visibility product that will last. For example, they had a big Department of Homeland Security (DHS) deployment where a device was End of Life (EoL) and was no longer supported. It becomes critically important because these federal organizations can't deploy anything that can't be supported.

The Need for Troubleshooting Disparate Networks Environments 

As you can imagine the federal government’s computer network is a sprawling operation. The Department of Defense Information Networks (DoDIN), has on every Garrison, post-camp station, naval base, or remote location an access point where the DoDIN connects to that facility, and from that point, all of the network traffic that is DoD related gets dispersed across the Garrison. 

Fort Bragg, Fort Lewis, Fort Huachuca, for example, is what they call a power projection platform, it's a place where the US government can deploy its military might. Fort Bragg and Pope Army Airfield are right next to each other, so you've got this combination of the military transport, and the 82nd and the 101st airport division together. The DoDIN network connects to Fort Bragg at a drop off point. And then all the DoD traffic from that drop off point, that connection point, is disseminated across the fiber optic switches and local area networks Garrison-wide. Within a Garrison there are enclaves, which are basically organizations or entities that connect to the DoDIN, but have no connection to the internet. 

With these disparate networks, troubleshooting performance and security are critical to not only communication and information but situational awareness and mission critical response.

The various government networks can be looked at in a similar way enterprise networks may use managed security service providers (MSSP) teams with their security. Their network enterprise center (NEC) team is responsible for providing the services that run the network, from the telephone, cable, internet, a lot of different technologies. But, in many cases, each location may not have a team well-versed in cybersecurity and troubleshooting.

So they've organized this procedure and structure that has those are assets available to fly out on a moment's notice. Leading to the need for the Fly-away kit.

>> Download Now: Zero Trust Cybersecurity [Free Whitepaper]

What is a Fly-away Kit?

A Fly-Away Kit (FAK) or expeditionary kit is a self-contained suite of equipment, typically with the DoD and CPTs to operate in both tactical field-deployments and back-office environments. 

The suite of cyber tools are used to conduct vulnerability analysis, incident response, and other forensic analysis on both classified and unclassified networks. 

Fly-away Kit-NextComputing-case

To properly access and analyze these solutions cyber teams require network data from sensors from deployable servers, packet visibility with network TAP, analytic capability from the hardware and software, and user interface typically via their laptops. These suites support a wide variety of user-supplied software modules, including Government Off-the-Shelf (GOTS), Commercial Off-the-Shelf (COTS), and free and open-source software (FOSS).

The Fly-Away Kit Tactical Team Deployments

"Tiger teams” refer to the tactical teams deployed around the world, they can be both uniformed services or government contractors. These tiger teams equipped with Fly-away kits are deployed at a moments notice to various garrisons, bases and offices to perform diagnostics, certifications, accreditations and are periodically testing for vulnerabilities.

These tiger teams often fly commercial airlines and their fly-away kits need to be carry-on luggage, either a backpack or pelican case that typically needs to fit into the overhead compartments.

Network Diagnostics for a Modern Military

  1. Network Performance. As an example, when the NEC team gets a complaint from a commanding general from the 82nd airport division that the internet's slow, the tiger team is deployed for diagnostics. The team ultimately found that there were guys in the organization that were flooding the network with YouTube videos, leading to a slow response to emails. 

  2. Cyber Security. The various teams are constantly monitoring who is attacking the network, learning what kind of attacks they are using. They regularly perform cyber surveillance, where they fly out and install equipment, leave it there, record the data, just to check and see what's going on in the network, testing vulnerabilities.

  3. User access. The government has very formal outlines with respect to what you can do on a government computer. So they regularly look for unauthorized laptops that are trying to connect to the internet or monitor users who aren’t approved to access the internet.

Enhancing Fly-away Kit Visibility and Ease of Use

The challenges government integrators run into are easily solved by Garland Technology’s network TAP line, which excels in providing complete packet data in any environment.

Size Form Factor

Garland Technology provides two portable form factors, both being used in Fly-aways kits today. Our portable 4 port network TAP and our new pocket size USB FieldTAP - both easily fit in a backpack or Pelican case and are made of a rugged steel casing that easily handles bumps and drops.

Flexibility and Function

Garland XtraTAPs set the bar in the industry for innovation and ease of use, allowing teams to go into any environment and get to work, without having to dissect network access. Our TAPs not only provide complete packet visibility, they can perform various advanced functions not found in competing TAP devices, including ‘breakout’ tap mode, aggregation, regeneration, inline bypass, as well as advanced filtering and media conversion.

Media conversion is critical going into different environments where you have to adjust on the fly accessing various media options like single-mode, multi-mode, 100base-FX fiber and copper. Utilizing the FieldTAP’s USB monitoring makes it even easier to connect to your laptop.

Applying TAP level filtering becomes useful when troubleshooting high bandwidth critical 1G or 10G links that may be running at 50-60% utilization. Simply filter only the traffic you need without overloading your analyzer.

Quality and Lifespan

Made, supported and tested in the USA, Garland Technology prides itself on quality standards, ensuring all TAPs are stress tested with live network data and validated; proving to be the industry’s most reliable TAP with zero failures. Network TAPs are made to never die, to be the reliable backbone of network visibility.


Looking to add network TAP visibility to your troubleshooting or fly-away kit, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.

zero-trust-cybersecurity-free-whitepaper

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES