Security is a key consideration in a Department of Defense (DoD) TT&C architecture due to the presence of multiple levels of classifed information. To reduce operations cost, it is desirable to automate as much as possible the handling and security review of classified and unclassified information. Thus, security features must be designed into the TT&C architecture, preferably right up front.
As depicted in Figure 20, several security-related subsystems can be included in a TT&C architecture. Firewalls protect controlled areas from shared networks. They limit access to the controlled area resources to certain authorized users and/or functions. This is an important technology for allowing SCN users and tracking stations to be interconnected more cost effectively by future shared WANs such as the envisioned DoD Global Grid.
A "Guard" or Reliable Release Mechanism provides automated, trusted downgrade of information; the information is checked for having come from an approved source and/or having only approved content or format. This will facilitate export of data from more highly controlled areas to more open areas, such as the release of routine health and status data or Research and Development (R&D) mission data to remote users.
A multi-level LAN can interconnect areas at different security levels within the control nodes of the SCN. This will allow different Satellite Control Systems (SCSs), which have varying security levels, to interact with resource management functions using shared communications links, as permitted by established security constraints.
The actual implementation of security features must be based upon the results of a security risk analysis and the development of a formal security policy to document both the tisks and the rules to be applied in protecting identified assets.