The Global Certification Team is proud to collaborate with our colleagues across the globe. Today we have a guest post by Mark Jackson <email@example.com>, Technical Solutions Architect, Cisco UK. Mark will be sharing about the recent PEPAS certification of the Cisco ISR G2 and ASR1000.
The Public Services Network (PSN) is at the heart of the UK Government ICT Strategy and aims to deliver significant cost savings against the current £16.5bn annual ICT spend whilst at the same time providing the foundation to enable the government to transform the way in which it delivers services to the citizen. Maintaining security within the PSN is critical to its success and as such, CESG and the Cabinet Office have laid down a range of technical and information assurance standards against which vendors must comply.
In the UK Government, classified information is protectively marked based on the resulting impact to business should the information be compromised. Often shortened to IL (Impact Level), there are seven levels ranging from IL0 to IL6 where IL6 has the highest impact. The discipline of information assurance (IA) is used to provide confidence that systems systems handling protectively marked information do so in a robust fashion. Effective IA is widely seen as providing an important role in reducing the Nation’s vulnerabilities to cyber attack (Nation Cyber Security Strategy) and takes on a wide range of forms across the domains of technology, people and process. In the technology domain, the use of assured products is a key element in providing confidence that classified information will remain protected in accordance with its IL marking.
Within the context of the PSN, the baseline infrastructure will be assured to protect IL2 information passing in the clear; IL2 is used by many government departments and local authorities. The PSN will also be used extensively to transport IL3 information, more often seen in central government departments and law enforcement. In the PSN, protecting IL3 information requires the use of CESG assured cryptography and historically this has meant CAPS Baseline assured devices. CAPS devices are often criticised for their high cost and complexity of management, requiring customers to deploy two physical devices per site; a situation that is clearly not ideal when the primary goal of the PSN is to reduce cost. The CESG PEPAS assurance scheme was developed specifically to address the information assurance requirements of for using commercial-grade cryptography to deliver large-scale secure network overlay solutions for IL3 information within the PSN.
Cisco are pleased to announce that their ISR G2 and ASR 1000 Series routers have successfully completed and passed CESG PEPAS evaluation and can be used to support the secure transportation of IL3 information in the PSN. This announcement provides our customers and partners with the confidence to deploy Cisco IPsec VPN technology to protect IL3 information, whilst at the same time taking advantage of the wide range of capabilities offered by the ISR G2 and ASR 1000 series platforms. The Cisco ISR G2 and ASR 1000 series deliver an all-in-one solution combining WAN and IPsec VPN termination, whilst at the same time being able to deliver non-encrypted IL2 transport and additional services such as firewalling, application optimisation and voice.
Achieving PEPAS also means that our customers can take advantage of Cisco’s Dynamic Multipoint VPN (DMVPN) technology which uniquely addresses many of the inherent scaling challenges present in traditional IPsec implementations. Specifically, DMVPN delivers dynamic, on-demand IPsec tunnel creation between branch locations providing efficient protection for IL3 peer-to-peer applications. Customers taking advantage of DMVPN for their PSN IL3 deployments can accelerate their adoption of secure IP voice and video services, keeping complexity to a minimum, and optimising overall network bandwidth. Cisco DMVPN is widely deployed with the largest implementations exceeding 20,000 locations so our customers can be assured that the technology is both well understood and well proven.
Since being engaged with the technical and security workstreams within the PSN program, and from working closely with customers and service provider partners, Cisco has built up a significant body of experience in understanding how to overcome the practical challenges faced when deploying secure network overlays within the PSN. This knowledge and experience will enable our customers to accelerate their adoption of PSN and support the needs of their secure stakeholders with minimal operational risk.