The Owl Cross Domain Solution (OCDS) product line supports the needs of the United States military, intelligence agencies, and other government entities that require the specific capabilities of a cross domain solution (CDS).
At a high level, CDSs transfer data one-way, across the boundaries of networks operating at different security classifications (i.e. unclassified to Secret) without the possibility of data “leaking” out of the target network. For example, unclassified weather data (satellite images, temperatures, precipitation rates, forecasts, streaming video, etc.) generated by 100’s of NOAA facilities could be transferred by a CDS to a higher security level network (i.e. SIPRNET) for Air Force mission planners. At the same time, the CDS prevents data from leaking out of SIPRNET to any other network.
Owl CDS products are comprised of patented hardware and software components that include data verification methods (filters, checksums, etc.) and have been tailored to meet specific mission requirements. At the heart of each solution is our proprietary data diode design which provides a hardware based, deterministic one-way only transfer of data. All Owl CDS products have been accredited and validated for operational use, with a number of products appearing on the UCDSMO baseline.
Over 1,000 deployments globally use Owl CDS solutions, including Communication Card kits, which operate in enterprise class servers, and our all-in-one, 19” 1U rack-mount solutions which meet low SWaP (size, weight and power) requirements. Our products are the fastest in the market, supporting bandwidth requirements from 10 Mbps all the way up to 10 Gbps.
For over 17 years, Owl has been providing cybersecurity solutions for US government agencies, the military, and the intelligence community. We have both the technology and expertise necessary to help you select the ideal solution to meet your mission specific requirements and quickly get it approved for deployment.
Streaming Transfer Solutions
Owl Cross Domain Solution (OCDS-ST06)
*UCDSMO BASELINE SOLUTION*
The OCDS-ST06, an all-in-one Cross-Domain Solution, is UCDSMO baseline-listed and received its ATO (Authorization to Operate) in February, 2015. Designed to stream UDP traffic Unclassified networks to Secret network domains, OCDS-ST06 transfers UDP packets containing MPEG-TS video. Installed at a ground station, OCDS-ST06 receives multiple inbound UDP video streams from UAVs supporting ISR activities, and transfers them across network boundaries to the Secret network.
Remotely collected Unclassified video and the corresponding meta data is first filtered by OCDS-ST06. The Owl MPEG data filters explicitly check MPEG-TS packet framing, MPEG-TS protocol, and KLV metadata conformance to MISB standards. The incoming full-motion video UPD streams are then multiplexed into one stream for transfer across the domain boundaries to the Secret enclave.
Available in an all-in-one 1U (1.75 inches high) rack-mountable chassis, OCDS-ST06 delivers total network isolation and discrete domain separation at bandwidth rates from 26 Mbps to 155 Mbps. Providing an ideal CDS solution when smaller size, weight and power (SWaP) is necessary.
Owl Cross Domain Solution (OCDS-ST07)
The OCDS-ST07 all-in-one Cross-Domain Solution, is accredited and received its ATO (Authorization to Operate) in February, 2012. Designed to stream UDP traffic, OCDS-ST07 transfers UDP unicast packets containing radar data, from Unclassified networks to Secret network domains. Installed at strategic locations across the U.S., radar data is streamed back to secure enclaves for analysis.
The OCDS-ST07 is deployed in the Owl 1U rackmount enclosure. This enclosure includes two independent servers separated by our proprietary, data diode based DualDiode Technology to provide deterministic one-way only data transfers. The 1U hardware architecture satisfies requirements for small size, low weight, and low power consumption (SWaP). While the software architecture includes a hardened Certifiable Linux Integration Platform (CLIP) STIG-compliant operating system based on open-source Linux kernel (CentOS). This defense-in-depth solution includes security features mapped to the UCDSMO ICD-503 (which includes NIST SP 800-53) and to Risk Decision Authority Criteria (RDAC).
The OCDS-ST07 implements UDP data transfer software only and eliminates all file transfer and file filter capabilities. It presents a limited, configurable number of UDP inlet sockets to the source network and data filters are excluded by default.
Owl Cross Domain Solution (OCDS-ST08)
The OCDS-ST08 all-in-one Cross-Domain Solution, is certified and accredited, receiving its’ ATO (Authorization to Operate) in October, 2012. Designed to stream UDP traffic, OCDS-ST08 transfers full motion video comprised of UDP multicast packets, from Unclassified networks to Top Secret network domains. OCDS-ST08 is deployed and serving missions within the USAF.
The OCDS-ST08 is deployed in the Owl 1U rackmount enclosure which provides an absolute channel capacity up to 155 Mb/sec and supports up to ten concurrent data transfer channels, each with an independent static route from source to destination. The enclosure includes two independent servers separated by our proprietary, data diode based DualDiode Technology to provide deterministic one-way only data transfers.
The 1U hardware architecture satisfies requirements for small size, low weight, and low power consumption (SWaP). While the software architecture includes a STIG-compliant Certifiable Linux Integration Platform (CLIP) operating system based on CentOS/RHEL 5. This defense-in-depth solution includes security features mapped to the UCDSMO ICD-503 (which includes NIST SP 800-53) and to DCID 6/3.
File Transfer Solutions
Enterprise Cross Domain Solution (ECDS-FT01)
*UCDSMO BASELINE SOLUTION*
The Owl ECDS-FT01 is an enterprise-scale Cross Domain Solution that is on the Validated Products (Baseline) List of the Unified Cross Domain Services Management Office (UCDSMO). It was primarily designed to transfer a variety of file types from low-to-higher security network enclaves, and to meet Secret-and-Below Interoperability (SABI) Process requirements. A primary application is bulk file transfer, with the deployed version rated at a transfer rate of 50,000 files per hour.
ECDS-FT01 is a two-server, enterprise solution, using a dedicated send-only server and a dedicated receive only server. Both servers run policy-hardened Linux operating systems following the Security Technical Implementation Guides (STIGS) generated by the Defense Information Systems Agency (DISA). Files that are transfer candidates are moved from the source network to the send server. Candidate files are vetted with ClamAV and ASCII filters before transfer. After transfer, the flexible architecture of the ECDS-FT01 allows additional data security policies/checks to be performed on the receive server if the mission warrants it.
Owl Cross Domain Solution (OCDS-FT01)
*UCDSMO BASELINE SOLUTION*
The Owl OCDS-FT01 is a server based Cross Domain Solution that is on the Validated Products (Baseline) List of the Unified Cross Domain Services Management Office (UCDSMO). It was primarily designed to transfer a variety of file types from low-to-higher security network enclaves. With a configurable architecture, OCDS-FT01 provides a certifiable one-way solution with a base set of capabilities that can be enabled or disabled, as dictated by changing mission and security requirements; leading to re-use among programs that require similar capabilities.
To offer the most flexibility, the OCDS-FT01 offers a base set of security features that are certifiable, modular, and configurable. Based on proprietary Owl DualDiode® Technology – OCDS-FT01 uses Owl 155 Communication Cards to enforce an unconditional one-way data transfer security policy. By default, antivirus scanning software and a file type checking methods, designed to block the transfer of malware and executable code can be applied to authenticated files as they are transferred from the source network to the destination network. However, since data type and data filter requirements are largely determined by program and site requirements, a modular application programming interface (API) is also available to accommodate third party data filter software applications.
Owl Cross Domain Solution (OCDS-FT15)
The Owl OCDS-FT15 is a certified and accredited Cross Domain Solution as a Tailored Variant of OCDS-FT01 (a UCDSMO Validated Product); it is operational and serving DoD missions. It was designed as a one-way data transfer solution moving files from Unclassified domains to Top Secret networks. Unlike FT01 which is deployed on two separate enterprise servers, FT15 is packaged in the Owl 1U rackmount enclosure. The 1U enclosure includes two independent servers separated by our data diode based, proprietary DualDiode Technology.
The OCDS-FT15 presents a modular design that facilitates further tailoring to satisfy changing mission requirements and expedited delta-certification (regression testing) processes. The 1U hardware architecture features two internal servers that satisfy requirements for small size, low weight, and low power consumption (SWaP). While the software architecture includes a STIG-compliant, Certifiable Linux Integration Platform (CLIP) operating system based on CentOS/RHEL 5. This defense-in-depth solution includes security features mapped to the UCDSMOICD-503 (which includes NIST SP 800-53) and to DCID 6/3 (legacy).
OCDS-FT15 supports absolute channel capacity of up to 155 Mbps and is authorized for file types that include .txt, .xml, .csv and .sql. Content for all files is restricted to 7-bit printable ASCII characters, and it is equipped with additional data filters.
Packet Transfer Solutions
Enterprise Cross Domain Solution (ECDS-PT01)
The Owl ECDS-PT01 is a 10Gbps, enterprise-scale Cross Domain Solution that is certified, accredited and serving DoD missions. It was specifically designed for extremely high performance data transfers of Ethernet packets from Unclassified networks to Secret network domains. Serving as a network traffic collection device, ECDS-PT01 transfers all Ethernet network traffic from the source network to an isolated destination network for real-time analysis.
ECDS-PT01 is a two-server, enterprise solution, using a dedicated send-only server and a dedicated receive only server. The servers are connected with Owl’s proprietary DualDiode Technology to create a deterministic one-way only data transfer path.
To support the maximum throughput of a 10Gbps network, the ECDS-PT01 operates two DualDiode pairs running in parallel serving a single internal data transfer channel. All Ethernet frames are ingested from the source network and relayed to the destination network unchanged. To achieve the stated objective of the mission, no filtering is done. This defense-in-depth solution includes security features mapped to the UCDSMO ICD-503 (which includes NIST SP 800-53), and to the Risk Decision Authority Criteria (RDAC), and to the DCID 6/3. Both servers run a STIG-compliant Certifiable Linux Integration Platform (CLIP) operating system based on CentOS/RHEL 5.
Miniaturized & Small Form Factor Solutions
Owl Cross Domain Solution - Small Form Factor (OCDS-SFF)
The OCDS-SFF is designed to deliver robust one-way transfer functionality in an all-in-one, small form-factor integrated package. Featuring low size, weight and power (SWaP) requirements, this 1U, single box solution is capable of transferring data between networks of varying security levels and security policies. Whether the CDS requirement is for an enterprise data center, a field-forward combat position or perhaps even in a mobile vehicle, the OCDS-SFF offers the flexibility to meet each of these needs.
The OCDS-SFF is a one-way data transfer solution, supporting multiple data types, formats and data streams concurrently across a single rack-mountable chassis. Within the 1U chassis is the proprietary Owl DualDiode® Technology. Designed to provide deterministic one-way only data transfers, the DualDiode has fully integrated Send-only and Receive-only communication cards connected via an internal fiber optic link operating at speeds of 26Mbps - 1,000Mbps(1Gbps).
Miniaturized Cross Domain Solution (MCDS)
The MCDS product line was developed to provide the robust capabilities of Owl’s Cross Domain Solutions in a miniaturized form factor. With the full capability to isolate networks, transfer data and connect Unclassified networks to Secret networks, the miniaturized solutions are designed to satisfy the requirements of highly mobile, tactical missions. Their small size, weight and power (SWaP) profile make them perfect for dismounted soldiers, embedded vehicle computers or any other environments where size and weight considerations are critical.
Due to the broad acceptance of Android devices, with their potential value in field-forward scenarios, Owl has responded with support for handhelds and tablets running various versions of the Android™ platform operating system. Tailored from Owl's accredited full-sized CDS solutions, our game-changing mobile solutions are readily deployable. Our USB-DualDiode technology permits the direct connection of mobile devices (laptops, tablets, smartphones) to highly sensitive networks. And with solutions the “size of a quarter”, the Owl MCDS is the most portable CDS on the market.
Multi-Level Data Retrieved Solution (MDRS™)
The patented Owl Multi-level Data Retrieval Service (MDRS) provides a way for analysts to quickly and seamlessly access files in other domains without having to wait for data requisitions to be completed. Analysts are able to “reach down” to files housed at different security levels and retrieve portions of very large files or access files residing in the cloud or other domains. MDRS maintains secure and isolated domains while requesting and accessing files through a transparent and secure implementation of the Network File Sharing (NFS) protocol.
MDRS modifies the traditional two way communication path used by NFS and separates it, via data diodes, into two discrete, single direction paths (request & response). Each path passes through a distinct data diode which protects the integrity of each network while allowing files to be exchanged between them.
MDRS supports both high-to-low (H2L) and low-to-high (L2H) scenarios. In a H2L "browse-down" scenario, users can manipulate elements of very large files in other domains without having to transfer the entire file into the user enclave. In a L2H example, users can "browse-up" to unclassified non-standard imagery stored in a high security environment, without affecting the integrity of its storage status in the higher security space.