https://www.electrospaces.net/2015/03/us-military-and-intelligence-computer.html Electrospaces.net March 11, 2015 US military and intelligence computer networks (Updated: April 9, 2020) From the Snowden revelations we learned not only about NSA data collection projects, but also about many software tools that are used to analyze and search those data. These programs run on secure computer networks, isolated from the public internet. Here we will provide an overview of these networks that are used by the US military and US intelligence agencies. Besides computer networks, they also use a number of dedicated telephone networks, but gradually these are transferred from traditional circuit-switched networks to Voice over IP (VoIP). This makes it possible to have only one IP packet-switched network for both computer and phone services. It seems that for example NSA's NSTS phone system is now fully IP-based. [nsa-nsoc2006] An old NSTS telephone and a KVM-switch which enables switching between physically separated networks, in this case two Unclassified (green labels), one Secret (red label) and one Top Secret/SCI (orange and yellow label) network (National Security Operations Center, 2006 - Click to enlarge) US national networks The main US military and intelligence computer networks are (of course) only accessible for authorized personnel from the United States. Special security measures are in place to prevent interception by foreign intelligence agencies. Most of the tools and programs used by NSA run on JWICS and NSANet, but here we only mention them when this is confirmed by documents. DNI-U (Director National Intelligence-Unclassified) - Until 2006: Open Source Information System (OSIS) - Classification level: Sensitive But Unclassified (SBU, color code: green) - Access: US intelligence users - Controlled by: DNI-CIO Intelligence Community Enterprise Services office (ICES) - Purpose: Providing open source information; consists of a group of secure intranets used by the US Intelligence Community (IC) - Computer applications: Intelink-U, Intellipedia, EViTAP, etc. [Intellipedia2008] Page of the Unclassified version of Intellipedia This one from the CIA's AIN network (Click to enlarge) NIPRNet (Non-secure Internet Protocol Router Network) - Classification level: Sensitive But Unclassified (SBU, color code: green) - Secured by: Network traffic monitored by the TUTELAGE program and QUANTUM-DNS at the 18 gateways to the public internet * - Address format: http://subdomains.domain.mil - E-mail format: john.doe@mail.mil - Access: US military users, via Common Access Card smart card * - Number of users: ca. 4,000,000 - Purpose: Combat support applications for the US Department of Defense (DoD), Joint Chiefs of Staff (JCS), Military Departments (MILDEPS), Combatant Commands (COCOM), and senior leadership; composed of the unclassified networks of the DoD; provides protected access to the public internet. - Computer applications: E-mail, file transfer and web services like the Joint Deployable Intelligence Support System (JDISS) - Video Teleconferencing (VTC) [afcybercom2007] Cyber security officers in an operations center room at Barksdale Air Force Base There are screens connected to NIPRNet (green background/border) and SIPRNet (red background/border) (Photo: U.S. Air Force/Tech. Sgt. Cecilio Ricardo - Click to enlarge) More about this photo on SecurityCritics.org SIPRNet (Secret Internet Protocol Router Network) - Classification level: SECRET (color code: red) - Secured by: TACLANE (KG-175A/D) network encryptors - Address format: http://subdomains.domain.smil.mil - E-mail format: john.doe@mail.smil.mil - Access: users from multiple US intelligence agencies and government departments (and some foreign partners)*, via SIPRNet Token smart card - Number of users: ca. 500,000 * - Controlled by: JCS, NSA, DIA and DISA * - Purpose: Supporting the Global Command and Control System (GCCS), the Defense Message System (DMS), collaborative planning and numerous other classified warfighter applications, and as such DoD's largest interoperable command and control data network. - Computer applications: Intelink-S, Intellipedia, TREASUREMAP, Joint Deployable Intelligence Support System (JDISS), Defense Knowledge Online, Army Knowledge Online, InfoWorkSpace (IWS), etc. - Phone service: VoSIP (Voice over Secure IP) as an adjunct to the DRSN for users that do not require the full command and control and conferencing capabilities. - Secure Video Teleconferencing (VTC) [wh-sitroom-screensaver] Computers in the White House Situation Room, with a yellow screensaver, indicating they are connected to a TOP SECRET/SCI computer network (Screenshot from a White House video) JWICS (Joint Worldwide Intelligence Communications System) - Classification level: TOP SECRET/SCI (color code: yellow) - Secured by: TACLANE (KG-175A/D) network encryptors * - Address format: http://subdomains.domain.ic.gov - E-mail format: john.doe@agency.ic.gov - Access: users from multiple US intelligence agencies and government departments - Controlled by: DIA, with management delegated to AFISR - Purpose: Collaboration and sharing of intelligence data within the US Intelligence Community (IC) - Computer applications: ICE-mail, Intelink-TS, Intellipedia, GHOSTMACHINE, ROYALNET, TREASUREMAP, ICREACH, Joint Deployable Intelligence Support System (JDISS), etc. - Phone Service: DoD Intelligence Information System (DoDIIS) VoIP telephone system - Secure Video Teleconferencing (VTC) [jwics-royalnet-address] Web-browser with a JWICS address for the ROYALNET tool These various military and intelligence networks run on a world-wide physical infrastructure that is called the Defense Information Systems Network (DISN), which is maintained by the Defense Information Systems Agency (DISA) and consists of landline, mobile, radio and satellite communication links. Most of these communication links are not connected to the public internet, but because radio and satellite transmissions can easily be intercepted by foreign countries, the security of these networks is assured by encryption. This encryption can also be used to run higher classified traffic over communication links with a lower classification level through Virtual Private Network (VPN) tunnels. Classified communications have to be protected by Suite A Cryptography, which contains very strong and classified encryption algorithms. On most networks this is implemented by using Type 1 certified TACLANE (KG-175A/D) in-line network encryptors made by General Dynamics: [taclane_interop_2011] (Diagram: General Dynamics) As long there's the appropriate strong link encryption, only the end points with the computer terminals (where data are processed before they are encrypted) need strict physical and digital security requirements in order to prevent any kind of eavesdropping or interception by foreign adversaries. Most American military bases are connected to the SIPRNET backbone, but for tactical users in the field, the SIPRNet and JWICS networks can extend to mobile sites through Satellite Communications (SATCOM) links, like for example TROJAN SPIRIT and TROJAN SPIRIT LITE, which consist of a satellite terminal that can be on a pallet, in a shelter, on a trailer or even connected to a transit case. Other US goverment departments and intelligence agencies also have their own computer networks at different classification levels: White House - TNet (the main platform for White House aides to do their jobs; Top Secret; connected to JWICS) - NICE (NSC Intelligence Collaboration Environment, a subdomain of TNet, managed by the Directorate for Intelligence Programs of the National Security Council; Top Secret/SCI) FBI - LEO (Law Enforcement Online; Unclassified, for law enforcement communications) - FBINet (Federal Bureau of Investigation Network; Secret) - SCION (Sensitive Compartmented Information Operational Network; Top Secret/SCI) DHS - HSIN (Homeland Security Information Network; Unclassified) - HSDN (Homeland Secure Data Network; Secret) State Department - OpenNet (Unclassified) - ClassNet (Secret; address format: http:// subdomain.state.sgov.gov) - INRISS (INR Intelligence Support System; Top Secret/SCI) Department of Energy - DOENet (DOE Corporate Network; Unclassified) - ECN/U (Emergency Communications Network/Unclassified) - ECN/C (Emergency Communications Network/Classified) CIA - AIN (Agency InterNet; Unclassified) - ADN (Agency Data Network?; Top Secret/SCI) - RDINet (Rendition, Detention, and Interrogation Network; for sharing classified information with SSCI staffers, est. 2009) * NRO - GWAN (Government Wide Area Network, also known as NRO Management Information System (NMIS); Top Secret) - CWAN (Contractor Wide Area Network; Top Secret) NGA - NGANet (National Geospational intelligence Agency Network; Top Secret/SCI) Finally, there's the Capitol Network (CapNet, formerly known as Intelink-P), which provides Congressional intelligence consumers with connectivity to Intelink-TS and CIASource, the latter being the CIA's primary dissemination vehicle for both finished and unfinished intelligence reports. [homeland-security-networks] Overview of major Homeland Security computer networks From a briefing for Congress, July 2004 US multinational networks Besides the aforementioned networks that are only accessible for authorized military and intelligence personnel from the United States, there are also computer networks set up by the US for multinational coalitions, and which therefore can also be used by officials from partner countries. The group of countries that have access to such coalition networks is often denoted by a number of "Eyes" corresponding with the number of countries that participate. > See also: Five Eyes, 9-Eyes and many more NSANet (National Security Agency Network) - Classification level: TOP SECRET/SCI (color code: yellow) - Secured by: TACLANE network encryptors * - Address format: http://subdomain.domain.nsa - E-mail format: john.doe@nsa - Access: US, UK, CAN, AUS, NZL signals intelligence users - Controlled by: NSA, with management delegated to CSS Texas - Purpose: Sharing intelligence data among the 5 Eyes partners - Computer applications: InfoWorkSpace (IWS), SIDToday (newsletter), TREASUREMAP, MAILORDER, MARINA, TURBINE, PRESSUREWAVE, INTERQUAKE, CATAPULT, Cellular Information Service (WCIS), GATC Opportunity Volume Analytic, etc. - Phone service: NSTS (National Secure Telephone System) [nsanet-f6-address] Web-browser with NSANet address for the INTERQUAKE tool, used by NSA's Special Collection Service (SCS, organizational code: F6) units (Click for the full presentation) Besides NSANet as its general purpose intranet, NSA also operates several other computer networks, for example for hacking operations conducted by the TAO-division. We can see some of these networks in the following diagram, which shows how data go (counter-clockwise) from a bot in a victim's computer on the internet, through a network codenamed WAITAUTO to TAONet and from there through a TAONet/NSANet DeMilitarized Zone (DMZ) to data repositories and analysing tools on NSANet: [nsa-tao-botnets-2] Diagram showing the data flow for TAO botnet hacking operations (Source: NSA presentation - Click to enlarge) PEGASUS - Until 2010: GRIFFIN (Globally Reaching Interconnected Fully Functional Information Network) - Classification level: SECRET//REL FVEY - Access: US, UK, CAN, AUS, NZL military users - Controlled by: DIA(?) - Purpose: Information sharing and supporting command and control systems - Applications: Secure e-mail, chat and VoSIP communications STONEGHOST (also: Quad-Link or Q-Lat) - Classification level: TOP SECRET//SCI - Access: US, UK, CAN, AUS, NZL(?) military intelligence users - Controlled by: DIA - Purpose: Sharing of military intelligence information - Applications: Intelink-C, etc. SIGDASYS (Signals Intelligence Data System) - Classification level: - Access: SIGINT Seniors Europe (SSEUR/14-Eyes) members and their SISECT counterterrorism Analytic Working Group (AWG) - Controlled by: SIGDASYS Committee - Purpose: Shared communications system for - Applications: Exchange of SIGINT information, including call chaining diagrams* and language files* CENTER ICE (since 2005) - Classification level: TOP SECRET/SI - Access: Afghanistan SIGINT Coalition (AFSC) members - Controlled by: - Purpose: Exchange of tactical intelligence, as well as tipping and threat information related to the war in Afghanistan * - Applications: CRUSHED ICE (since 2007) - Classification level: SECRET - Access: SIGINT Seniors Pacific (SSPAC) members - Controlled by: - Purpose: Exchange of counter-terrorism related information primarily derived from SIGINT - Applications: Voice, binary-file/email exchanges, analysis and reporting, graphics and mapping, communities of interest, collection management, and other applications as needed.* CFBLNet (Combined Federated Battle Laboratories Network) - Classification level: Unclassified and SECRET - Access: US, UK, CAN, AUS, NZL, and at least nine European countries Research & Development institutions - Controlled by: MultiNational Information Sharing (MNIS) Program Management Office - Purpose: Supporting research, development and testing on command, control, communication, computer, intelligence, surveillance and reconnaissance (C4ISR) systems. - Applications: Communications, analytic tools, and other applications [CFBL-overview2009] The CFBLNet countries in 2009, with three of the Five Eyes countries (yellow line), six European NATO countries and the NATO organization (black line), six NATO guest nations (dotted line) and two non-NATO countries. (source: NATO Education and Training Network (pdf), 2012) For communications among the members of multinational coalitions, the United States provides computer networks called Combined Enterprise Regional Information eXchange System (CENTRIXS). These are secure wide area network (WAN) architectures which are established according to the specific demands of a particular coalition exercise or operation. CENTRIXS enables the secure sharing of intelligence and operational information at the level of "SECRET REL TO [country/coalition designator]" and also provides selected centralized services, like Active Directory/DNS Roots, VoIP telephony, Windows Server Update Services (WSUS) and Anti-Virus Definitions. There are more than 40 CENTRIXS networks and communities of interest (COIs) in which the 28 NATO members and some 80 other countries participate. The best-known CENTRIXS networks are: CENTRIXS Four Eyes (CFE or X-Net) - Classification level: TOP SECRET//ACGU - Address format: http://subdomains.domain.xnet.mnf - Access: US, UK, CAN, AUS military users - Controlled by: DIA - Purpose: Operational coordination through sharing and exchange of intelligence products - Applications: Various services CENTRIXS-ISAF (CX-I) - Classification level: TOP SECRET//ISAF - Access: ca. 50 coalition partners - Controlled by: ? - Purpose: Sharing critical battlefield information; US component of the Afghan Mission Network (AMN). - Computer applications: Web services, instant messaging, Common Operational Picture (COP), etc. - Voice over IP CENTRIXS-M (Maritime) - Classification level: TOP SECRET ? - Purpose: Supporting multinational information exchange among the ships of coalition partners of the US Navy to provide access to critical, time-sensitive planning and support data necessary to carry out the mission - Computer applications: E-mail, Chat messaging, Webpages, etc. [afghanistan-centrixs] Report from the Afghanistan Regional Command Southwest (RC(SW)) with a SIPRNet and a CENTRIXS e-mail address and webpage (Full document in pdf format - Click to enlarge) Some other CENTRIXS networks are: CENTRIXS-GCTF - Address format: http://subdomains.domain.gctf.cmil.mil - For the ca. 80 Troop Contributing Nations of the Global Counter-Terrorism Force (GCTF) CENTRIXS-CMFC - For the Combined Maritime Forces, Central Command (CMFC) CENTRIXS-CMFP - For the Combined Maritime Forces, Pacific (CMFP) CENTRIXS-J - For the United States and Japan CENTRIXS-K - For the United States and South-Korea Links and Sources - Sofrep.com: Computers with Access to Classified Material Stolen from Capitol (2021) - US National Intelligence: A Consumer's Guide (pdf) (2009) - Paper about How to Use FASTLANEs to Protect IP Networks (pdf) (2006) Geplaatst door P/K op 23:36 # Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest Labels: Main Pages, NSA, NSA Partnerships, US 10 comments: [bla] Anonymous said... PK: Wow! Thanks for this. This is new information for me. It provides information review on how some corporations can use multiple encryption units. Best regards. Joe Tag --- end --- March 12, 2015 at 3:44 PM [icon_delet] [bla] Anonymous said... Oh those bring back memories! 10 years in the Intel world and I used most of those, minus some of the NSA networks. There are times I miss it, others not so much lol. March 13, 2015 at 12:05 AM [icon_delet] [bla] Anonymous said... Where does the secure Bullrun community of interest fit into this? April 14, 2015 at 1:28 PM [icon_delet] [bla] [web] P/K said... Such a Community of Interest (CoI) is a segregated part or an enclave on a given network, in this case probably on NSANet or TAONet. April 15, 2015 at 5:03 AM [icon_delet] [bla] Anonymous said... I miss looking at secret information. The NSA put a virus into my eyes. October 11, 2015 at 3:24 AM [icon_delet] [bla] [] elio dominglos said... some i.p. that military uses.. http://dangerousip.blogspot.com/ April 28, 2016 at 5:29 AM [icon_delet] [blo] Nidhi Dhamija said... 192.168.1.254 Router is a default access point that is factory set on some of the popular router models. Mainstream router manufacturers like Linksys, D-link, Belkin etc use 192.168.1.254 as their default router admin pages. For that matter, the whole 192.168.1.x series is IANA reserved for logging in home networks. February 7, 2019 at 7:05 AM [icon_delet] [blo] Unknown said... This is an amazing article. Thanks for sharing this information. I find this article very interesting. Regards Brian Bissonnette March 9, 2019 at 12:01 PM [icon_delet] [bla] Cameron said... Have you seen this? The NYTimes did an article where they mentioned TNet and NICE. "N.S.C. Intelligence Collaboration Environment" https://www.nytimes.com/2019/10/01/us/politics/ white-house-classified-computer-system.html June 10, 2020 at 9:30 AM [icon_delet] [bla] [web] P/K said... Thanks, that's interesting, I will add them to the listing! June 10, 2020 at 1:15 PM [icon_delet] Post a Comment Newer Post Older Post Home Subscribe to: Post Comments (Atom) Some older articles on this weblog that are of current interest: - Leaked documents that were not attributed to Snowden - Collection of domestic phone records under the USA FREEDOM Act # Welcome to Electrospaces.net! Here you can read about: - Signals Intelligence, - Communications Security, - Top Level Telecommunications, which means the equipment, from past and present, that makes that civilian and military leaders can safely communicate. > INDEX of all posts on this blog The main focus will be on the United States and its National Security Agency (NSA), but attention will also be paid to other countries, like Germany and the Netherlands. Any comments, additions, corrections, questions or suggestions will be very appreciated! There's no login or registration required for commenting. [t] twitter.com/electrospaces [m] info (at) electrospaces.net # Recent Posts The report of a Swiss investigation into the case of Crypto AG The NSA tried to spy on Danish and other European targets via cable tapping in Denmark Danish military intelligence uses XKEYSCORE to tap cables in cooperation with NSA About the legality and constitutionality of the Section 215 metadata program Head of Danish military intelligence suspended after misleading the oversight board A unique note from the BND about European SIGINT alliances # "years of the most fascinating overviews of government security practices, and even-handed reviews of Snowden docs." -- SwiftonSecurity # Pages * Home * INDEX * Abbreviations and Acronyms * NSA Nicknames and Codewords * NSA's TAO Division Codewords * NSA's organizational designations * NSA's Legal Authorities * NSA Glossary * The US classification system * SIGINT Activity Designators (SIGADs) * CIA Codewords and Abbreviations * GCHQ Codewords and Abbreviations * CSE Codewords and Abbreviations * BND Codewords and Abbreviations * Telephony Abbreviations * Internet abbreviations * Links * Books * About # Total Pageviews # Popular Posts * How Obama's BlackBerry got secured * New phones aboard Air Force One * The US Classification System * Danish military intelligence uses XKEYSCORE to tap cables in cooperation with the NSA * INCENSER, or how NSA and GCHQ are tapping internet cables * Trump's "beautiful" Oval Office phones and what was changed on them * Dutch-Russian cyber crime case reveals how the police taps the internet # "It's actually straight up interesting but also weird how weirdly, wonderfully detailed this blog about hyper secure communications is." -- Gizmodo.com # Labels Air Force One (1) Austria (2) BlackBerry (1) BND-Selectors (2) Boeing (1) BoundlessInformant (9) Brazil (1) Britain (1) Canada (1) Classification (12) Club de Berne (1) Cryptography (2) CSEC (2) Cyber (1) Denmark (3) Eikonal (4) ELINT (1) FBI (2) France (3) GCHQ (6) General Dynamics (1) Germany (20) Gold Phone (1) GSM (2) Hotline (8) ISAF (1) Israel (2) IST (4) Kremlin (1) Main Pages (4) Metadata (6) Netherlands (10) New Zealand (1) Non-Snowden-leaks (5) North Korea (2) NSA (46) NSA Partnerships (23) Obama (4) POTUS (15) PRISM (9) Red Phone (5) Russia (3) SatCom (2) Section 215 (4) Sectra (1) Secure voice (6) Situation Room (2) Snowden (6) STE (4) STU-II (1) STU-III (1) Switzerland (2) Trump (6) UMTS (2) US (2) USA (4) USSR (2) Vatican (1) VoIP (1) White House (8) Wireless (7) XKeyscore (2) # Search This Blog [ ] [Search] # Blog Archive * > 2020 (12) + > December (1) + > November (1) + > October (1) + > September (1) + > August (1) + > July (1) + > June (2) + > May (1) + > March (1) + > February (1) + > January (1) * > 2019 (10) + > December (1) + > November (2) + > October (1) + > September (2) + > June (1) + > May (1) + > April (1) + > March (1) * > 2018 (5) + > November (1) + > October (1) + > September (1) + > July (1) + > February (1) * > 2017 (12) + > December (1) + > November (1) + > October (1) + > September (1) + > August (1) + > July (1) + > June (1) + > May (1) + > April (1) + > February (1) + > January (2) * > 2016 (14) + > December (3) + > November (1) + > October (1) + > September (1) + > August (1) + > June (1) + > May (1) + > March (2) + > February (2) + > January (1) * V 2015 (20) + > December (2) + > November (2) + > September (2) + > August (1) + > July (1) + > June (2) + > May (2) + > April (2) + V March (2) o New Zealand and XKEYSCORE: not much evidence for m... o US military and intelligence computer networks + > February (2) + > January (2) * > 2014 (30) + > December (2) + > November (3) + > October (1) + > September (3) + > August (2) + > July (4) + > June (2) + > May (2) + > April (1) + > March (3) + > February (5) + > January (2) * > 2013 (33) + > December (4) + > November (3) + > October (5) + > September (3) + > August (3) + > July (3) + > June (3) + > May (1) + > April (2) + > February (3) + > January (3) * > 2012 (10) + > December (1) + > November (2) + > October (1) + > June (2) + > May (2) + > February (1) + > January (1) # "Consistently interesting (and strangely, calming/uplifting) content" -- Ryan Lackey # US Red Phones [redphones-new] Sequence of the real Red Phones, not for the Washington-Moscow Hotline, but for the US Defense Red Switch Network (DRSN). The phones shown here were in use from the early eighties up to the present day and most of them were made by Electrospace Systems Inc. They will be discussed on this weblog later. For the record, you see: - Electrospace MLP-1 - Electrospace MLP-1A (since 1983) - Electrospace MLP-2 - Raytheon IST (since 1992) - Telecore IST-2 (since 2003) # US Classification Levels Color codes for the classification levels used by the government and the armed forces of the Unites States: [classification-color] These color codes are used to mark the classification level of (digital) documents and files and also of the communication devices used for their transmission. # Subscribe to this weblog! [arrow_drop] [icon_feed1] Posts [subscribe-] [subscribe-] [icon_feed1] Atom [arrow_drop] [icon_feed1] Posts [arrow_drop] [icon_feed1] Comments [subscribe-] [subscribe-] [icon_feed1] Atom [arrow_drop] [icon_feed1] Comments # Hotlinks - Electrospaces @ Medium.com - The Dutch virtual Crypto Museum - Steven Aftergood's Secrecy News - European intelligence: About Intel - Bruce Schneier on Security - The weblog emptywheel - Weblog of Matthijs R. Koot - Leaked documents: IC Off the record - Der Spiegel's 53 & 36 documents - The Intercept: SIDtoday newsletters - The Snowden Surveillance Archive - The Canadian Citizenlab - The Cryptome > Many more links # Contact For questions, suggestions and other remarks about this weblog in general or any related issues, please use the following e-mail address: info (at) electrospaces.net For sending an encrypted e-mail message, you can use the PGP Public Key under this ID: B4515E04 (fingerprint: ECEC FF63 D036 F415 A0BF A436 661A AC96 B451 5E04) You can also communicate via Twitter: @electrospaces # The title picture of this weblog shows the watch floor of the NSA's National Security Operations Center (NSOC) in 2006. The URL of this weblog recalls Electrospace Systems Inc., the company which made most of the top level communications equipment for the US Government. All information on this weblog is obtained from unclassified or publicly available sources. QW5kIGZpbmFsbHksIHRoaXMgaXMgd2hhdCBhIHRleHQgbG9va3MgbGlrZSwgd2hlbiBpdCdzIG9ubHkgZW5jb2RlZCB3aXRoIHRoZSBzdGFuZGFyZCBCYXNlNjQgc3lzdGVtLiBHdWVzcyBob3cgY29tcGxpY2F0ZWQgaXQgbXVzdCBiZSB3aGVuIGEgcmVhbCBzdHJvbmcgYWxnb3JpdGhtIHdhcyB1c2VkLg == # Back To Top # Powered by Blogger. #