Cybersecurity Checklist for Secure Timing

Time Synchronization Network Security

Thursday, 31 October 2019

2208 Hits

0 Comments

Network cybersecurity is top of mind these days for both government agencies and commercial enterprise. As the heart of network synchronization, time and frequency systems should include a standard suite of security features that give network administrators confidence in the cybersecurity protocols of their time servers. This is our philosophy at Orolia, and the recent recognition of our SecureSync® time server as the only DISA-approved (Defense Information Systems Agency) Timing and Synchronization Device for use in US DoD networks demonstrates our stringent commitment to secure timing.

DISA approval means that a product has been listed on the US Department of Defense Information Network (DoDIN) Approved Products List (APL). The APL process provides for an increased level of confidence through Cybersecurity and Interoperability (IO) certification. The DoDIN APL is the single approving authority for all military departments and DoD agencies in the acquisition of communications equipment that is to be connected to the Defense Information Systems Network.

The APL certification process is rigorous for the purpose of securing military networks in the US and abroad, and this level of security certification could also benefit commercial and private sector businesses that support critical infrastructure, financial transactions or other operations where failure is not an option. The security functional requirements come from an extensive public document called "Unified Capabilities Requirements" as well cybersecurity best practices.

What kinds of cybersecurity features and protocols should you look for in a timing solution?

AAA protocol support - refers to Authentication, Authorization and Accounts, a family of computer security protocols including LDAP, RADIUS, and TACACS+ that mediate system access and permissions.
Multi-level authorization – permits access by users with different permissions and prevents users from obtaining access to information or making changes for which they lack authorization.
Configurable, complex passwords - uses different types of characters in unique ways to increase security. Configure the complexity requirements suitable for your organization.
Access control lists (ACLs) – permits or denies access to the system based on user defined network addresses or subnets.
HTTPS and NTP - Hyper Text Transfer Protocol Secure (HTTPS) is the secure version of HTTP, the protocol over which data is sent between a browser and website. The communication protocol is encrypted for secure communication over a computer network.
SSH, SCP, SFTP with public/private key support - There are a number of security technologies and protocols for linking servers and clients. Secure Shell (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network, typically remote sessions. Secure Copy Protocol (SCP) and Secure File Transfer Protocol (SFTP) are means of securely transferring computer files between a local host and a remote host or between two remote hosts operating over an SSH connection.
Authenticated NTP - Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency networks. NTP provides two internal security mechanisms to protect authenticity of the computer systems involved in network clock synchronization.

Orolia's SecureSync time and frequency reference solution delivers the highest level of Resilient Positioning, Navigation and Timing (PNT) cybersecurity available today, including all the critical functionality described above, as standard PNT cybersecurity features. At Orolia, we're committed to protecting military and other critical networks around the world with exceptional engineering and rigorous industry standards.

Click here to learn more. You can also view the DISA approval letter here.

Thank you to David Sohn of Orolia for the article.