March 2017

Nexor recently played a key role in a concept demonstrator programme carried out for the Defence Science and Technology Laboratory (Dstl), part of the UK Ministry of Defence (MOD).

dstl logoCalled PANDORA, it investigated ways to remove the risk from critical information sharing. The research took place against a backdrop of an increasingly complex UK security operating environment with rapidly-forming coalitions of organisations with differing security classifications.

Critical data transfer between key players in real time is essential, with high assurance information sharing between security domains. Therefore, communication and information systems need to be much more flexible and responsive to this fluid, fast-changing operational landscape.

Andy Walker, Managing Director at Nexor, comments:

“The security enabling enhancements produced form our work on the PANDORA concept demonstrator enable flexible real-time high assurance critical information sharing..

“For example, a chat guard could support secure interoperable working between UK SECRET and a NATO SECRET domains one day and then be reutilised the next day, to enable information sharing between MISSION SECRET and OFFICIAL domains.”


The challenge of sharing information securely

Within its own deployable communications and information systems, the Ministry of Defence has a pressing need to reduce:

  • The configuration time and management overhead, which would provide more agile systems that can respond to the evolving operational requirements;
  • The size, weight and power of the system to create a lighter weight, less resource-hungry infrastructure with fewer end-user terminals on the desktop;
  • System complexity to minimise training for end users and maintenance professionals.

What’s more, the systems deployed by the MOD need to provide access to many different operational environments running at different security classifications. These include SECRET, including UK SECRET (S) as well as multiple different coalition MISSION SECRET (MS) environments – NATO S and NATO MS, as well as OFFICIAL (including OFFICIAL SENSITIVE).

Incorporating security enabling enhancements

In order to access the differing security classifications covered by the PANDORA concept demonstrator, the Ministry needed to enhance the security aspects of the PANDORA node. This became known as the PANDORA security enabling enhancements project, which looked into the MOD’s need for:

  • High assurance guards (HAG) – to enable the transfer of data in both directions between higher and lower trust security domains in a secure manner;
  • Segregated browse down (SBD) – to manipulate and interact with applications and data in a lower security domain from a higher security domain.

To deliver the required security enhancements, Nexor worked with L3 TRL on:

  • A bidirectional XMPP (Extensible Messaging and Presence Protocol) Chat HAG;
  • A bidirectional NFFI (NATO Friendly Force Information) Tracks HAG;
  • A SBD capability that allows users in the SECRET domain to interact with applications in other domains.

The Tracks and Chat HAGs adapt existing commercial off-the-shelf applications from Nexor’s SIXA product portfolio to run on the HAG platform, and take advantage of the security enforcing functions that the platform offers.

Critical information exchange across security domains

The high assurance guards (HAG) provide a quickly deployable and easily-managed facility that enables critical information to be exchanged between security domains in a PANDORA node. The Chat HAG supports cross-domain collaboration. The Tracks HAG allows all track information to flow up to the highest connected security domain, and allows releasable tracks to flow down to other domains.

PANDORA Case Study imageThe segregated browse down capability (SBD) enables desktop clients to access many domains using a separate component. This solution replaces one terminal for each domain with a single terminal – saving space in the deployed environment, simplifying cabling and making management of the end user environment easier.

All in all, the security enabling enhancements have given the MOD the following benefits:

  • Better use of space in the deployed environment;
  • Reduced system running costs;
  • Collaborative working with improved interaction between domains;
  • Enhanced situational awareness and a more consolidated view of data;
  • Reduced infrastructure with a single cable to the desktop;
  • Flexibility and agility, as a common platform enables rapid reconfiguring or repurposing of any device;
  • Improved security with faster validation of transferred data and blocking threats;
  • Minimal user training, configuration and systems management.

Read the full case study



This PANDORA work was coordinated as part of the C4ISR Secure Information Infrastructure and Services (CSIIS) research programme, which has been established by Dstl on behalf of MOD to respond in a timely manner to research needs across a number of technical disciplines.

The research programme consists of a consortium of over 60 organisations including leading UK defence, industry prime contractors, subject matter experts, non-defence companies and academia.

The PANDORA concept demonstrator was developed by a multi-industry team including QinetiQ, Antillion, Nexor, L3 TRL, Roke, Harris, 3SDL, GDUK, Thales and ITSUS.

For more information visit the CSIIS website.

<br /><a class="twitter-timeline" href="" data-widget-id="697041719305568257" data-tweet-limit="2">Tweets by @Nexor</a><script>!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?'http':'https';if(!d.getElementById(id)){js=d.createElement(s);;js.src=p+"://";fjs.parentNode.insertBefore(js,fjs);}}(document,"script","twitter-wjs");</script>

Be the first to know about developments in secure information exchange