PANDORA: The single cable to desktop challenge

August 2017

PANDORA is a concept demonstrator programme undertaken by the UK Ministry of Defence, as part of the C4ISR Secure Information Infrastructure and Services (CSIIS) research programme, to remove the risk from future equipment programmes.

It set out to allow critical data to be shared between different security domains in a high assurance manner within a small-scale and deployable Communication and Information System (CIS).

In 2015 at a demonstration that showcased the PANDORA architecture, a challenge was thrown down by the Chief Defence Information Officer and the Head of Joint Forces Command (JFC).

That challenge was “give us one cable to the desktop”.

Nexor responds to the challenge

In direct response to this gauntlet being thrown down, the PANDORA security enabling enhancements project was established to allow secure interoperability between the different security domains within the PANDORA node.

To deliver the required security enhancements Nexor worked with L3 TRL on:

  • High Assurance Guards – to enable the transfer of data in both directions between higher and lower trust security domains in a secure manner;
  • Segregated Browse Down – a cross-domain desktop capability, in order to remotely utilise and interact with applications and data in a lower security domain from a higher security domain.

To find out more you can listen to my colleagues explain, far more eloquently than I can, the work that was done for the project.

Delivering a secure cross-domain capability

So, in answer to the challenge laid down, the PANDORA SEE project followed the approach of focussing upon deployability, configurability and modularity to deliver a cross-domain capability which is:

  • Flexible / Modular – each component supports a single service, and the various components can be incorporated into the host architecture in a manner that supports, and is responsive, to operational requirements;
  • Scalable – extra capacity or additional services can be achieved by adding another device to the host architecture;
  • Re-configurable – each device can be configured to support the security policy and environment it is deployed within, potentially allowing for re-deployment between different security domains;
  • Architecture agnostic – although aspects of the PANDORA architecture were utilised, the Segregated Browse Down and High Assurance Guard capabilities were NOT tied into the PANDORA architecture in any way;
  • Deployable – the technologies were all delivered in a low Size, Weight & Power (SWaP) format.

And finally, what about the “single cable to desktop” challenge? Well, I can say it has been a success!

The project truly delivered a single cable to the desktop. A user can now access and interact with multiple lower domains, from one desktop within a native higher domain. The user can send information from those lower domains to the user’s native higher domain.

This vastly reduces the set-up time, infrastructure costs and footprint for deployments. If you want to know more about the work we’ve done for PANDORA then you can read this case study.

Demonstrating the high assurance guarding and segregated browse capabilities

To help spread the word on the new capabilities, the PANDORA SEE project has been showcased at several high-profile information assurance events.

PANDORA demonstration day photo

A PANDORA demonstration day was held for the UK Ministry of Defence and specially invited guests.


PANDORA presentation at NIAS 2016

A joint Dstl and Nexor presentation at NATO’s NIAS 2016 conference.


PANDORA demonstration at CSIIS showcase event

A demonstration at the CSIIS annual showcase.

Author Bio - Martin Cooper

Martin CooperMartin Cooper is a Solution Architect at Nexor delivering cyber security solutions to governments, defence and critical national infrastructure organisations.


Be the first to know about developments in secure information exchange