In mid-January, the second National Security Cutter (NSC), Waesche, was granted Authority to Operate (ATO) its Command, Control, Communications, Computers, Intelligence and Surveillance (C4ISR) systems. ATO enables the newest NSC to share communications and data with other local and federal law enforcement agencies, U.S. Coast Guard ships, air and shore stations, and the Department of Defense (DoD), including the U.S. Navy. As the Coast Guard’s Director of Acquisition Programs and Program Executive Officer Rear Adm. John H. Korn stated after Waesche’s Acceptance Trials, “In nearly all aspects, Waesche is far ahead of where Bertholf was at the same point in time.” Waesche’s ATO authorization was accomplished in just over two months after preliminary acceptance, whereas the first National Security Cutter, the CGC Bertholf, took a year to obtain ATO certification.
Before Waesche could use its fully integrated command, control and communications systems, it had to complete a standardized process based on federal and DoD policies. This process includes robust visual and instrumented inspections to address information security, operational security, personnel security and physical security. “The protection of national security information is paramount to the operational success of the Coast Guard,” said Lt. Cmdr. Patrick Thompson, the Acquisition Directorate’s C4ISR Information Assurance Manager. “This ATO was made possible through the improved synergy between industry, the Coast Guard’s Acquisition Directorate (CG-9), the Coast Guard’s C4IT Technical Authority (CG-6) and U.S. Navy’s Space and Naval Warfare Systems Command (SPAWAR). The same rigorous information assurance process required for the Bertholf became seamless integration on the Waesche as lessons learned were incorporated into the contract to resolve potential discrepancies.”
TEMPEST was a core information assurance challenge essential to successfully achieve ATO and involved two-years of inspections and testing. TEMPEST is a U.S. government term referring to the prevention and detection of compromising emanations (CE) from information technology systems. TEMPEST inspection and testing ensures systems processing classified information have been installed correctly, thereby reducing the risks of CE. The Coast Guard and industry were very proactive to ensure that all lessons learned from the TEMPEST “test-fix-test” process utilized during construction of the Bertholf were incorporated during production on Waesche. An aggressive quality assurance program and government oversight enabled a successful final Instrumented Test Survey (ITS), the last step in obtaining TEMPEST certification. Waesche completed its final ITS prior to the signing of its DD-250 at preliminary acceptance whereas Bertholf’s final ITS occurred a year after delivery.
Like Bertholf, Waesche is scheduled for future upgrades after commissioning that include installation of a Sensitive Compartmented Information Facility (SCIF) this year. Any future improvements potentially affecting the cutter’s information assurance posture, such as the SCIF installation, will require additional TEMPEST testing and recertification.
More information on the National Security Cutter can be found at: http://www.uscg.mil/acquisition/nsc/default.asp.