Home / Resource Centre / Case Studies

BCIP6 Technical Demonstrator Programme

The Challenge

BOWMAN will meet the tactical communications needs of those elements of the three Armed Services that take part in, or provide direct support to, UK land, amphibious and air manoeuvre operations until at least 2026. BCIP6 is required in order to meet the updated requirement of the BOWMAN core capability digital secure voice and data backbone of the UK digitisation programme at the tactical level. It is designed to provide situation awareness and command and control tools that allow information exchange from the division to the soldier. The Technical Demonstrator Programme (TDP) for BCIP6 was the conclusion of the Validation Phase and ran until March 2008. The TDP required General Dynamics UK (GDUK), in partnership with the DE&S BATCIS IPT, to provide a view of potential capabilities available in BCIP6. It was designed to inform options for capability enhancements for battlespace information management, improved interoperability with UK and allied systems, and improved resilience through advanced system management. The TDP allowed GDUK to demonstrate how BCIP6 enables:

  • The automated sharing of data across coalition networks
  • Automated information sharing within BCIP using the contract-based approach
  • Information access, management and sharing from higher commands
  • Backwards compatibility between BCIP6 and BCIP5 system elements
  • Upgraded user tools, showing lower impact on system resources and reduced reliance on human intervention.

The system architecture created by BCIP6 is intended to enable easier technology insertion and integration with improved security.

Within BOWMAN, the Tactical Network Gateway (TNG) provides protection for connection between domains at the same security classification. There is a requirement to enable and appropriately protect connections between domains at different security levels. A mechanism is therefore required which controls the flow of information based on classification. The UK Ministry of Defence’s (MoD) aspiration is that this information will be in a variety of formats and not limited to simple messaging formats. Nexor was invited to join the TDP by GDUK because of its broad security policy capability, its ability to turn security concepts into practical solutions and, specifically, to demonstrate its capability in the area of domain and multi protocol guarding.

The Nexor Solution

Nexor provided support to the programme in the specialist area of security policy and its application. Working with the GDUK team, Nexor, within the context of the TDP participated in the following activities:

  • The definition of a security policy demonstration providing proof of concept covering:
    • Labelling
    • Domain routing
    • Allowed words
    • Dirty words
  • The creation of a security policy for use by the demonstration applications:
    • This involved the creation of a Security Policy Information File (a digitally signed object that can be centrally managed and distributed across an organisation)
  • The design and implementation of guard solution architectures:
    • Meeting the requirement to support open platforms using Linux
  • The enforcement of the security policy
  • Testing and validating the security solutions
  • Supporting the resulting demonstration to the BATCIS IPT.

Nexor’s involvement resulted in two demonstrations. The first showed how increased security and assurance can be incorporated into an instant messaging system by validating security policies between domains, in this case between an appropriate representative UK domain and the BOWMAN domain. Nexor demonstrated how to integrate military extensions into commercial instant messaging products and thus enable additional security measures and tracking features in an instant messaging system by validating security policies within domains. Using the extension mechanism in XMPP instant messaging protocol, Nexor defined a military standard security label to be included in chat sessions.

The demonstration utilised the Ignite Realtime open source XMPP instant messaging system consisting of Spark clients enhanced by Nexor to support a military standard security label and Openfire Servers. Nexor deployed the Watchman component of its Nexor Border Gateway COTS product suite to validate the security policy on the domain boundary and to implement dirty word checking.

A second demonstration utilised the Mailer and Watchman components of its Border Gateway suite running on the Linux operating system to validate security labels and control the flow of information based on security classification. This was implemented at the border between two domains containing Microsoft Exchange Servers utilising the SMTP protocol.

The Result

The TDP provided MoD with a clear insight into the practical application of security policies and of the benefits of an open architecture utilising industry standards in accelerating route to field, whilst maximising industry technological advances.

Version 1
Information in this document is provided as is without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose and freedom from infringement.