April 7, 2021

The communications systems at the US Central Command headquarters

(Updated: April 11, 2021)

Previously, this weblog provided a close look at the phones used by US president Biden. This time we turn to another end of the line and look at the communications equipment which is used at the headquarters of the US Central Command in Tampa, Florida.

A recent 60 Minutes television report provides an unprecedented look inside the Central Command's operations center, where we see the general military communications equipment, followed by some more special devices used by the commander, who also has access to the virtual Desktop Environment for the US intelligence agencies.

Large operations center in the Central Command headquarters, January 2021
(still from 60 Minutes - click to enlarge)

The 60 Minutes television report shows never-before-seen video footage of the Iranian ballistic missile attack from January 7, 2020 on the Al Asad Airbase in Iraq, where 2000 US troops were stationed. The attack was a retaliation for the American drone strike from January 3, which killed the Iranian general Qasem Soleimani, commander of the Quds Force.

The report also includes an interview with general Frank McKenzie, combatant commander of the US Central Command, who leads the US armed forces in the Middle East. McKenzie followed the Iranian missile attack on the Al Asad Airbas at his headquarters, from where he had ordered the killing of general Soleimani six days earlier.

The Central Command headquarters

The United States Central Command (USCENTCOM) was established in 1983 and is one of the eleven unified combatant commands of the US Armed Forces. Its Area of Responsibility (AOR) includes the Middle East, Egypt, Central Asia and parts of South Asia.

CENTCOM's main headquarters is not in its area of operations, but at MacDill Air Force Base in Tampa, Florida, where a new 282,200-square-foot headquarters building was completed in 2012.

The new building includes specialized mission critical spaces like the Command Joint Operations Center, Joint Planning Cell and Operational Planning Element, Network Operations Center and the Command Secure Communications Operations Center.

The headquarters of the US Central Command at MacDill Air Force Base
(photo: Burns & McDonnell - click to enlarge)

The new headquarters building includes more than 109,000 square feet of Sensitive Compartmented Information Facility (SCIF) and space constructed according to sound transmission class (STC) 45 and 50 to support secured operations.

Relevant antiterrorism standards, including progressive collapse mitigation by means of tie forces, were also incorporated in the new headquarters. All concrete contains ground granulated blast furnace slag and fly ash for LEED compliance.

On the website of the construction company there's an earlier photo of the interior of the building showing standard workstations equipped with two computer screens, an Avocent SwitchView KVM switch, a smartcard reader, the ubiquitous HP keyboard, a mouse and two telephone sets: a Nortel Meridian 3903 and a Cisco 7975 IP Phone, one for secure and one for non-secure calls:

Interior of the Central Command headquarters at MacDill Air Force Base
(photo: Burns & McDonnell - click to enlarge)

Military communications equipment

The communications equipment that is currently used at the Central Command headquarters can be seen in the 60 Minutes television report, which shows shots from inside a large and a small operations room.

In the large operations room we see big video screens along the walls and several rows of workstations, each with two sets of communications equipment, one set for access to classified telephone and computer networks and another set for unclassified networks.

According to the color codes of the US classification system the telephones and the smartcard readers have the green label for Unclassified systems and the red label for Secret systems.

Large operations center in the Central Command headquarters, January 2021
(still from 60 Minutes - click to enlarge)

Computer systems

Some of the computer screens show a bright red lock screen with the text "This information system is accredited to process - SECRET - For authorized purposes only", which means that they are part of SIPRNet, the main classified secure network of the US military for tactical and operational information. The military's unclassified non-secure computer network is known as NIPRNet.

Identifying authorized users for NIPRNet is done through the Common Access Card, which is the standard identification for active US defense personnel. Access to SIPRNET requires the SIPRNet token, which is also a smartcard, but without visible identification information.

Coalition networks

Besides NIPRNet and SIPRNet, the Central Command also has separate computer networks for collaboration with foreign partners. For the members of bilateral and multinational coalitions, the United States provides a network architecture called Combined Enterprise Regional Information eXchange System (CENTRIXS), which operates at the classification level Secret/Releasable to [country identifier].

The first CENTRIXS networks were established as of late 2001 by the US Central Command in order to support coalition operations under Operation Enduring Freedom (OEF). This resulted in CENTRIXS-ISAF for operations in Afghanistan and CENTRIXS-GCTF for the Global Counter Terrorism Forces. Meanwhile, both systems have been integrated in the CENTCOM Partner Network (CPN).

The various networks in CENTCOM's area of responsibility
(source - click to enlarge)

A CENTRIXS network consists of servers and thin clients and provides users with at least the following computer applications, giving them the same basic capabilities as users of classified US systems:
- Microsoft Office
- Command and Control Personal Computer (C2PC)
- Integrated Imagery and Intelligence (I3)

These applications allow access to the releasable Near-Real Time (NRT) order of battle from the MIDB database (to be replaced by MARS) and imagery databases and to display the data on a map background. They can also access various browser-based products, send e-mails with attachments and conduct collaboration sessions.

For US military users, these applications are part of the Global Command and Control System (GCCS), which encompasses a suite of over 200 client-server tools and applications for fusing data from multiple sensors and intelligence sources to produce a graphical representation of the battlespace.

Interface of the Command and Control Personal Computer (C2PC) application
(source - click to enlarge)

Telephone systems

In the large operations center at CENTCOM's headquarters there are also a range of Cisco IP phones, some being the older 7975, others the current 8841. The Cisco 8841 IP phones look like the ones that are commercially available, but are actually modified versions from the small telecommunications security company CIS Secure Computing Inc.

These modified phones are approved for use in SCIF and SAPF environments and offer additional on-hook security features which can be engaged for the 'hold' and 'mute' functions while in a call. Speakerphone functionality isn't disabled, but is protected with the on-hook security of the positive disconnect electronics.

Several workstations even have a third telephone set: a Cisco IP Phone 8845, which has a video camera on top for video calls. According to their display background, these phones appear to be for the video conferencing service of the Desktop Environment (DTE, see below) which runs on the Top Secret/SCI intelligence sharing network JWICS.

Operations center in the Central Command headquarters, January 2021
(still from 60 Minutes - click to enlarge)

The commander's communications equipment

The 60 Minutes television report followed general McKenzie into a small room off his main operations center in the Central Command headquarters. There we see similar equipment as in the large room, like computers connected to SIPRNet, in this case for senior staff officers, like the:
- Director of Operations (J3)
- Commander's Action Group (CAG)
- Command Senior Enlisted Leader (CSEL)
- Staff Judge Advocate (SJA)

General McKenzie entering a small operations room, January 2021
(still from 60 Minutes - click to enlarge)

In this small room, commander McKenzie has additional communications equipment that seems not available for the personnel in the large operations center. When he is being interviewed at his place at the table (see the televison still below), we see from left to right:

- A Cisco DX 70 video screen with video camera, probably for the Secure Video Teleconferencing System (SVTS) which is part of the Crisis Management System (CMS) and allows top-level video meetings.

- A Cisco IP Phone 8841 with a distinctive yellow bezel for the highly secure Executive Voice over Secure IP-network which is also part of the Crisis Management System (CMS) and connects the President, the National Security Council, Cabinet members, the Joint Chiefs of Staff, various intelligence agency watch centers, headquarters, and Continuity of Operations (COOP) sites.

- A Touchscreen Executive Phone (TXP) with two additional 50-button Touchscreen Line Expansion units (TLE), manufactured by the small telecommunications security company Telecore, Inc., which also made the Integrated Services Telephone (IST-2) that was on the Oval Office desk of presidents Bush and Obama. These devices are specifically designed for the Defense Red Switch Network (DRSN), which offers full command and control and conferencing capabilities for military commanders up to the level of Top Secret/SCI.

- A Cisco IP Phone 8865 with video camera and a Key Expansion Module. The phone has labels for Top Secret (orange) and Top Secret/SCI (yellow) and appears to be for the video conferencing service of the Desktop Environment (DTE, see below) which runs on JWICS, the main network for intelligence sharing within the US military and the US intelligence community.

- A Cisco IP Phone 8851 with a Key Expansion Module and a label for the classification level Secret (red), which means it runs on SIPRNet and is therefore Voice over Secure IP (VoSIP).

General McKenzie's communications equipment in the small operations room
(still from 60 Minutes - click to enlarge)

According to the 60 Minutes report, it was in this small room where during the missile attack on the Al Asad Airbase, commander McKenzie "could talk directly to the only two people above him in the chain of command" - the Secretary of Defense and the President. To illustrate this, the speed dial buttons on the commander's Touchscreen Executive Phone were shown.

Normally such buttons are blurred out, but here we can clearly see that McKenzie has direct lines to the White House, the Secretary of Defense (SecDef), his house (SecDef Home) and his communications center (SecDef Cables), as well as to the National Military Command Center (NMCC) and the Chairman of the Joint Chiefs of Staff (CJCS XO), among others:

The speed dial buttons on general McKenzie's Touchscreen Executive Phone
(still from 60 Minutes - click to enlarge)

The commander's computers

The same telephones as in the small room appear on McKenzie's place in the large operations room, but here he also has two computer screens connected to a Vertiv Cybex Secure MultiViewer KVM switch which allows access to networks of different classifications levels on a single screen.

Apparently the commander was logged in on one of the classified computer networks, as we can see the desktop background with several application icons - quite remarkable because usually during photo ops or television recordings only unclassified images should be visible.

At the top of the desktop background is a yellow bar which means it's JWICS, the intelligence sharing network for the US military and the US Intelligence Community at the classification level Top Secret/SCI. Unlike NIPRNet and SIPRNet, access to JWICS doesn't require a smartcard, but a software certificate: military users have to identify themselves with a DoD PKI certificate, others need an IC PKI certificate.

General McKenzie's workstation in the large operations center
(still from 60 Minutes - click to enlarge)

The IC Desktop Environment

The desktop background on the commander's computer is deep blue and has the term "DESKTOP ENVIRONMENT (DTE)" with an image of the earth covered by a stylized network. In the bottom left corner we see the seals of the Defense Intelligence Agency (DIA) and the National Geospatial-Intelligence Agency (NGA) and some text.

This "Intelligence Community Desktop Environment" (IC DTE) was conceived in 2012 as a single, identical platform for the US Intelligence Community. As such it's the heart of a huge modernization project called Intelligence Community IT Enterprise (IC ITE), under which data will be stored and processed at the Commercial Cloud Services (C2S) managed by the CIA and the IC GovCloud managed by the NSA.

The implementation of the DTE was managed by the Joint Program Management Office (JPMO) led by DIA and NGA, while the software system was built by BAE Systems under a $300 million contract for five years. This had to result in the Next Generation Desktop Environment (NGDE), which has to bring virtual desktops at different classification levels to one physical computer.

Multiple computers for networks at different classification levels, ca. 2008.
(source - click to enlarge)

With the Desktop Environment (DTE) analysts at DIA, NGA and other US intelligence agencies can go anywhere within these organizations, sit down at any Top Secret workstation, log in, authenticate, and get access to their e-mail, home directories, shared files, etc., which were previously stored on thick client computers at each workstation.

Besides a virtual desktop, the DTE also comes with a common suite of desktop applications (developed via the Ozone Widget Framework) and access to common services, including Unified Communications as a Service. Among the first applications were standard e-mail, collaboration tools and video conferencing capabilities. The NSA is responsible for an Apps Mall that incorporates apps stores of the various agencies.

The common collaboration tool for the DTE provides a single interface for secure voicemail integration with e-mail, peer-to-peer file sharing, a screen capture tool and Outlook calendar integration. When additional users transition into the common operating environment, this tool could serve as a single interface for community-wide collaboration. In 2014, there were already some 4.000 DTE users at DIA and NGA.

However, in 2018, John Sherman, chief information officer of the Intelligence Community, said they had come to the realization that it no longer made sense to deliver a standard capability to every agency and user given the differing architectures, security requirements and mission needs.

In order to reach the outcomes for which the DTE was initially created, the Collaboration Reference Architecture (CRA) was created. Agencies can now build applications which fit their own needs as long as they comply with the standards set by the CRA in order to ensure compatibility throughout the different systems.

Finally, the DTE is also a step towards an environment where security and tagging of data will be done at the data level, as opposed to the network level. Traditionally, access to information was based on which network you were on: DIA data were only accessible on the DIA's network, etc.

The idea is that there will be a common Intelligence Community network for which the Identification, Authentication and Authorization (IAA) project of the IC ITE provides access to data and information based on the different credentials of each individual user, so on who you are, what role you have and what accesses are available to you.

Links and sources

- Yahoo! News: 'Conspiracy is hard': Inside the Trump administration's secret plan to kill Qassem Soleimani (2021)
- American News: Biden Allows “60 Minutes” to Release Military Imagery Secrets that Saved US Lives (2021)
- DIA: Striking a balance between compatibility and flexibility in the intelligence community (2018)
- Joint Publication: Joint and National Intelligence Support to Military Operations (2017)
- CSIS: New Tools for Collaboration, The Experience of the U.S. Intelligence Community (2016)
- Raytheon: When Secure KVM Isn’t Enough (2015)
- Defense Systems: How cloud is changing the spy game (2014)
- Deep Dive Intelligence: Interview: Mike Mestrovich – Full Transcript (2012)
- Burns & McDonnell: Joint Intelligence Center, Central Command (2009)
- AFCEA Signal: Desktop System Streamlines Analysis Work (2004)
- MITRE Corporation: Intelligence Community Public Key Infrastructure (IC PKI) (2002)

No comments:

In Dutch: Meer over het wetsvoorstel voor de Tijdelijke wet cyberoperaties