[ PROTOCOLS:OSDIR-3.TXT ] [ OJ, 5/86 ] THE UNDER SECRETARY OF DEFENSE WASHINGTON D.C. 20301 10 March 1983 MEMORANDUM FOR THE MILITARY DEPARTMENTS DIRECTORS, DEFENSE AGENCIES DIRECTORS, JOINT STAFF, OJCS SUBJECT: Defense Data Network (DDN) Implementation References: (a) Dep Sec Def Memorandum, Subject: Termination of AUTODIN II, 2 April 1982 (b) DTACCS Memorandum, Subject: AUTODIN II Phase I Decision Paper and OSD Guidance for Data Network Developments, 16 July 1975 This memorandum directs the implementation of the Defense Data Network (DDN) in accordance with Reference (a). This memorandum replaces the previous guidance contained in Reference (b). The Director, Defense Communications Agency (DCA) is overall Program Manager for DDN. In order to ensure that DDN is implemented as an operationally and economically effective program, the following areas must receive expeditious attention: (1) The user system requirements for all DoD data communication systems must be confirmed. This must include accurate operational and technical information. (2) System users must select interfacing methods as well as the timeframes required for their systems to connect to the DDN. (3) An effective cost recovery scheme which provides for equitable user service costs must be established. The enclosure hereto contains Guidance and Program Direction applicable to DDN and other DoD Data Networks, and tasking in support of the Defense Data Network Program (to be reviewed by DUSD (C3I) on a continuing basis). In order to assure success of the DDN, a DDN Coordinating Committee has been established, chaired by the Director of Information Systems with membership from the OJCS, Services, and appropriate Defense Agencies. Intensive and continuing management support from every echelon will be required to make this vital effort a success. Richard D. DeLauer GUIDANCE AND PROGRAM DIRECTION APPLICABLE TO THE DEFENSE DATA NETWORK AND OTHER DoD DATA NETWORKS References: (a) Dep Sec Def Memorandum, Subject: Termination of AUTODIN II, 2 April 1982 (b) DTACCS, Memorandum, Subject: AUTODIN II Phase I Decision Paper and OSD Guidance for Data Network Developments, 16 July 1975 (c) DUSD (C3I) Memorandum, Subject: Defense Data Network -- Security Architecture Options, 10 May 1982 (d) Director of DCA Memorandum, Subject: Defense Data Network, -- Security Architecture Options, 19 Nov 1982 (e) Director of NSA Memorandum, Subject: DoD Policy on Standardization of Host-to-Host Protocols for Data Communications Networks, 23 March 1982 I. Applicability of Program Guidance and Direction This guidance shall be applicable to the Office of the Secretary of Defense, the Joint Chiefs of Staff, Military Departments, and Defense Agencies. The definition and scope of the Defense Data Network (DDN) will be updated or redefined as dictated by changes in user requirements, technological developments, and economic factors. Evolution of the DDN as a Defense Communications System (DCS) element will be governed by the DCS Five Year Plan (FYP) process. Any major changes in the scope, schedules, cost, or composition of the network must be reviewed and approved by DUSD (C3I). II. Definition of the DDN DDN is a data communications service which will utilize packet technology as its primary switching technique to fulfill the data communications needs of the DoD. The DDN is the data communications service of the Defense Communications System (DCS). The DDN Program Plan, revised 19 May 1982, and augmented by the DDN Security Architecture Reports, (Ref d and e) provides a comprehensive description of the initial planning for the network. III. Program Strategy for Data Networks The DDN will supply data communications services in support of critical military operational systems, including WWMCCS and intelligence systems, general purpose ADP and other command based systems and data networks, which have requirements for long-haul data communication services. The DDN will provide connectivity for these subscriber systems with the goal of maximum potential for interoperability. The DDN is designed to incorporate the maximum practical modularity and flexibility in the backbone system and its various interfaces to accommodate significant changes in the user requirements, in ADP and data communications technology, and in the economic factors influencing this program. Contractual and implementation planning for DDN must accommodate variations in the number of switches to be implemented and in the overall implementation schedule of the program. Every attempt must be made to balance this flexibility against reasonable cost impacts to the backbone system and the individual subscriber systems. It is essential that the DDN planning be phased in a cohesive total program implementation that is operationally and economically viable. DUSD (C3I) memorandum, 10 May 1982, (Ref c) directed DCA and NSA to conduct a review if the DDN Security Architecture alternatives for the integration of the various subscriber communities that comprise the DDN. Refs d and e describe the network security architectures that were evaluated. The approved DDN network security architecture contains two segments, a classified segment and an unclassified segment. The two segments are connected together via gates which allow use of the unclassified segment backbone by the classified subscribers. DDN switches in the classified segment (C2I network) are protected to the SECRET level and military encryption devices are employed on all classified segment trunk and access lines. All subscribers on the classified segment are connected to the DDN via the Internet Private Line Interface (IPLI), or equivalent end-to-end encryption (E3) devices. The unclassified segment (MILNET) has switches in restricted locations and uses DES trunk encryption in CONUS, and has switches in SECRET-cleared facilities and uses military encryption devices on OCONUS trunk lines and on OCONUS-CONUS connections. The software in the packet switches and monitoring centers will not be reimplemented, but will be examined for security flaws and brought under strict configuration control. This architecture is referred to in the review as Option 2.2 -- WITH (with IPLIs on all classified hosts and without reimplementation of network software.) Near-term security for the DDN system will be provided through link encryption of the circuits and segregation of different subscriber communities. Provision of DES link encryption on the MILNET shall proceed as expeditiously as possible, but implementation of systems shall not be delayed solely because such encryption is not in place. Every effort must be made to expedite the development of end-to-end data encryption technology via the Internet Private Line Interface (IPLI) and BLACKER Programs. The focus of these efforts should be to provide host-to-host encryption protection. The BLACKER effort should provide remote key distribution and a trusted (multilevel secure) E3 device suitable for use on the DDN by programs such as the Inter-Service/Agency AMPE, World-Wide Military Command Control Systems (WWMCCS) Information Systems, and SACDIN. The Director, DCA and all prospective users of the DDN should be fully aware of the requirements of the Privacy Act of 1974, should monitor all follow-on guidance deriving from this Act and related legislation, and should plan for all appropriate changes to the design or operation of their respective systems. The DDN already has design features which provide for "command privacy" and which will assist in minimizing problems from the perspective of "personal privacy." All DoD data communications systems are required to implement the DoD Standard Host-to-Host Transmission Control and Internet Protocols (TCP/IP) by Ref f. There are ongoing concerted efforts within the government and industry to develop additional standardized data communication protocols. These efforts must be monitored closely to ensure that they meet the functional requirements fo the DoD and whenever possible DoD protocols are in consonance with these efforts. At the present time, the network access method supported by the DDN is the 1822 interface with the Transmission Control and Internetwork Protocols (TCP/IP). Consistent with our policy of using commercial interface standards wherever possible, DCA is conducting an extensive review in coordination with the National Bureau of Standards of the various options in the X25 network access specifications. This review and subsequent testing should result in a specification of the X25 options which will be supported by the DDN. Essential characteristics of this specification will be efficient with TCP/IP, with existing 1822/TCP/IP implementations and with the DDN end-to-end encryption capabilities. The wide diversity of incompatible X25 implementations presently available or contemplated in the commercial market could lead to serious operational problems for the DDN and its users. Until the DDN X25 specification has been approved by the DoD Protocol Standards Steering Group, no implementations of X25 will be authorized for use on the DDN. IV. Guidance for DoD Data Networks A. Use of the DDN All DoD ADP systems and data networks requiring data communications services will be provided long-haul and area communications, interconnectivity, and the capability for interoperability by the DDN. Existing systems, systems being expanded and upgraded, and new ADP systems or data networks will become DDN subscribers. All such systems must be registered in the DDN User Requirements Data Base (URDB). Once registered in the URDB, requests by a Service/Agency for an exception to this policy shall be made to DUSD (C3I). Requests for exceptions for joint interest systems shall be routed to DUSD (C3I) through the JCS. Authorization for such special networks may be granted by DUSC (C3I) on the basis of special economic or operational considerations such as: 1. The nature of the data communications services required cannot be satisfied by DDN or a reasonable modification thereto, or 2. Critical operational requirements necessitate immediate implementation actions to provide a data communications service earlier than can be available within the DDN implementation schedule, or 3. The ADP system has time-phased requirements for communications support which can be satisfied and justified, on economic grounds, by an interim network with subsequent transition to DDN when economically feasible. The DDN Program Manager will, based on the latest information contained in the URDB, prepare projections at several time intervals (e.g., 6 months, one year, two years) of the future topology and data flow characteristics for the networks that comprise the DDN. These projections will be distributed for comment to the OJCS, Services and Agencies. Every attempt will be made in these topology projections to provide equivalent or better service to all current DDN subscribers. Services/Agencies should carefully review these projections and resolve any problems with the DDN program Manager. Only in case of irresolvable problems should the matter be brought to the attention of the DDN Coordinating Committee. The DDN Program Manager will provide for informal electronic mail capabilities of the MILNET similar to those presently on the ARPA network. Provisions for funding these services through the Communications Services Industrial Fund (CSIF) should be made available as soon as possible. Users are encouraged to connect general purpose ADP resources to the DDN for the purpose of sharing computational resources with others of the network. This provision includes the connection of commercially available resources where appropriate. B. Specific Network Guidance 1. ARPA Network Those Service/Agency ADP systems that are currently connected to the ARPA network or for which ARPA network connection is planned will form the baseline for the unclassified portion of DDN which has been designated the MILNET. The ARPA network will be partition into the MINET and an Experimental Network as quickly as possible. Electronic mail forwarding capabilities will be provided between the two networks. Positive network access control measures will be implemented on the MILNET and, once fully employed, will allow authorized MILNET users full internet access to the Experimental Network but prohibit full internet access to MILNET for the Experimental Network. The CONUS switches in the MILNET will be located on restricted access locations and use the DES encryption techniques on all trunks. OCONUS switches will be located in SECRET cleared facilities and military encryption devices will be used on all OCONUS trunks and all OCONUS-CONUS connections. The Experimental Network (which will retain the name ARPANET network) will be utilized for computer network research and to test concepts to be employed in the DDN. The Experimental Network will be managed and operated by the DDN Program Office. Policies governing its operation will be established by a Steering Committee composed of the DDN Program Manager and sponsors of systems using the Network. The Chairman of this Steering Committee will be appointed by the Director of the Defense Advanced Research Projects Agency. 2. WWMCCS Intercomputer Network The communications subsystem of the WIN is the basis for the classified portion of the DDN. The DDN will provide service to the WWMCCS ADP community under the direction of the JCS and in accordance with a WIN-DDN Transition Plan to be developed by the DDN Program Manager and the JCS. Department of Defense Intelligence Information Systems and other classified subscriber communities will be added to the WIN communications subsystem to form the C2I network as soon as end-to-end encryption measures are available. 3. Movements Information Network The USEUCOM Movements Information Network (MINET) will initially be managed as a separate testbed network to determine if urgent transportation requirements of the United States Military in Europe can be satisfied by electronic means. As soon as the MILNET is physically partition from the experimental network, the MINET communications subnetwork will become an integral part of the MILNET. Additional users in Europe not covered in the original MINET planning documents will be integrated into the MILNET communications subnetwork by the DDN Program Manager in a manner not to degrade service to the MINET testbed. V. Tasking in Support of the Defense Data Network Program A. Tasking for the Chairman, Joint Chiefs of Staff 1. Revision of various MOPs as required to comply with the guidance contained herein, and publication of a new MOP addressing the DDN. 2. Validate joint-interest user system requirements and forward to DCA. B. Tasking for the Director, Joint Staff 1. The Joint Staff should monitor the general progress of the tasks identified in this enclosure and assist the DCA, Military Departments, and other Defense Agencies as appropriate. 2. The Joint Staff should continue consideration of the potential requirements of the Unified and Specified Commands which might logically relate to the DDN program. This would include the appropriate potential requirements for NATO interfaces, deployment of switches, interfaces to tactical data systems, changes in the level of survivability needed, and other longer range data communication planning issues. C. Tasking for the Directory, DCA 1. The Directory, DCA should accomplish the following tasks and report to DUSD (C3I) as necessary. (a) Develop, operate and manage the DDN on a subscriber-to-subscriber basis. (b) Confirm user system requirements in order to establish and maintain a data base of data communications requirements for system planning and sizing. This action should include both updated projections based on the tasking included in other parts of this enclosure and identification of the specific timeframes when candidate user systems can be connected to the DDN. (c) Develop and refine a reporting format which will allow the Military Departments and Defense Agencies to provide the user requirements data, tasked elsewhere in this enclosure, in a consistent manner. (d) Revies the technical concept of operation for each candidate ADP system to ensure that the DDN can adequately support these ADP system requirements. (e) Coordinate with the appropriate agencies to ensure that the DDN specification properly identify and fully address network security and privacy requirements. (f) Provide technical review and validation of the protocols, interfaces, precedence, and security features of the DDN and the impacts on user systems. This validation should be accomplished through experimentation, consultation and coordination with the user communities, and evaluation by recognized experts from government and industry. (g) Develop a network reporting system that provides clear management visibility on network operations of the DDN. (h) Develop effective cost recovery alternatives for the DDN through the Communications Services Industrial Fund (CSIF) based on equitable rates reflecting actual system usage to the maximum extent feasible. (i) Establish appropriate management thresholds which will ensure early identification of major changes or problems in the program costs of schedules. (j) Investigate the potential use of network interfacing devices which will minimize subscriber conversion and operational impacts. (k) Assist the Military Departments and Defense Agencies in accomplishing their designated tasks. D. Tasking for the Military Departments and Defense Agencies 1. Develop and forward in a timely manner the required information on all currently operational and planned ADP systems and ata networks that require long-haul and area data communications support. This information should be revised as necessary to keep the User Requirements Data Base as accurate as possible. 2. Plan and program to assist the Director, DCA in the implementation on the DDN and user systems. 3. Reassess current concepts of operations and reporting instructions in light of the features and capabilities available through the use of the DDN, and plan for possible improvements. 4. Carefully assess the security features of the DDN and determine how to maximize their security protection. Although these security features may be helpful for ADP system operations, they do not solve the multilevel security problems of the ADP systems. 5. MILDEPs and Agencies are responsible for interfacing their data communications systems to the DDN in accordance with DDN interfacing specification. Where mutually agreed by MILDEPs/Agencies and DCA, DCA will coordinate and manage the development of families of network interfaces. E. Additional Tasking for the Directors, National Security Agency and Defense Intelligence Agency Assist the Director, DCA in ensuring the security integrity of the communications systems, including segregation of GENSER-SI traffic, segregation of subscriber communities, Defense Switched Network (AUTOVON) dial-up circuit protection procedures, overall network security, and other appropriate areas of security.