Security Architecture

• All links in the network linking Monitor/Control Stations with the Master Control Station and all satellite control uplinks are encrypted. This provides security against clandestine monitoring.
• Proper key management and control also allows encipherment to provide authentication and data integrity, as well as the capability to detect attempts at spoofing or intrusion. Key distribution can be either manual or electronic, with electronic recommended due to distances involved. Pairwise unique keying (e.g., a unique key per communications link and/or satellite) should be considered and, if feasible, used to limit the damage associated with the compromise of a single encryption key.
• The use of a private network without external internet connectivitiy provides for a measure of protection against external attempts at intrusion or denial of service. (This protection against denial of service, however, is not absolute if an external attacker should gain access to the communications circuitry used.)
• The redundant network architecture chosen (ring/star combination) provides a large degree of protection against external denial of service attacks. It is highly unlikely that an attacker could successfully gain physical access to or control over enough communications links to successfully isolate a Monitor/Control station by rendering these links unusable due to disconnection or interference.
• The threat of jamming of satellite control uplinks and/or GPS satellite signals cannot be avoided.
• Physical control, exclusionary zones, and protected/shielded cabling systems are used in lieu of intra-site encryption at the Master Control Station and Monitor/Control Stations.