The critical role of lawful intelligence networks in law enforcement and intelligence operations means that reliability and security are judged against the standard of flawless execution. Deployments at scale can involve thousands of network functions to support complex sets of capabilities such as mediation, location services, data fusion, and analytics. Software elements must be verified for quality and security: independently, in combination, and in the deployment environment.
The security and reliability of SS8 software benefit from SecDevOps best practices and rigorous quality testing throughout the software development lifecycle. In the implementation and deployment phase, SS8 engineers reinforce mission-critical solution standards with a field-proven, multi-layer approach that includes the measures discussed below.
Layer 1: Personnel and Access Controls
Every person involved in implementing and deploying the SS8 platform must undergo a background check, to establish a baseline level of trust assurance. In addition, team members must maintain specific security clearances to operate in most jurisdictions, which adds further levels of vetting and confirmation of trustworthiness.
Role-based security ensures that the rights and access granted to administrators and users are limited to the minimum needed to fulfill their job roles. Credentials are assigned to individual users on the basis of those roles, and generic credentials are avoided to help make network actions traceable back to individuals, both during and after deployment. While most implementations rely on a combination of credentials and tokens, multifactor authentication is beginning to become more common, even in the closed networks where lawful intelligence platforms operate.
Layer 2: Multi-Stage Testing
Quality Assurance (QA) begins well before the QA testing stage, with unit testing by development engineers to validate the behavior of individual software components. Full QA testing builds on that foundation by bringing software elements together for end-to-end testing. During the QA process itself, around 70% to 80% of testing is automated, based on test routines developed over SS8’s 20+ years of deployment history. Subjecting every iteration of the software to this battery of tests helps prevent known issues from arising in the field.
Additional testing based on manual processes allows for more comprehensive coverage, including with the use of simulated customer environments for greater fidelity to production. SS8 can also provide custom reporting based on the outcomes of QA testing routines that customers use as evidence to support audit and change management requirements.
Layer 3: Security Scanning and Event Monitoring
Lawful intelligence systems are typically deployed in “red” networks that have little or no access to the internet, and this closed environment shapes the security measures and protocols used. A so-called “sheep dip” is the first layer of protection, consisting of an array of scanners to rule out cyberthreats before files are allowed into the closed network. Scanning for malware and vulnerabilities continues within the network itself, with tools and practices tailored to individual implementations.
For example, the environment could generate an alert if a user plugs a USB drive into a system on the network. Similarly, an SMTP trap can be configured to securely send alerts outside the red network to on-call support personnel in the event of a service degradation or interruption.
Layer 4: Fault Tolerance and Disaster Recovery
High availability and fail-safe disaster recovery have become baseline expectations in lawful intelligence deployments, with customers expecting zero downtime and seamless performance. SS8 now commonly implements infrastructure using N+1 topologies to help guard against single points of failure and provide for graceful and fast recovery in the event of a node attack or failure. Many deployments also include georedundant and/or N+K redundancy solutions with replication between sites to guard against large-scale events such as fires or natural disasters.
SS8 implementation teams also configure fault tolerance in Kubernetes, to spin up an additional instance when needed such as in response to one or more containers going down. Likewise, Kubernetes provides elasticity and load balancing by spinning additional instances up and down as needed to handle fluctuating capacity and optimize resource utilization among nodes.
Layer 5: Security Patching and Updates
Patch and security management are complicated in red networks by their limited connectivity to the outside world. SS8 has the needed domain expertise and specialized procedures to maintain SS8 software components, third-party dependencies, and the underlying operating system. Engineers carry out backup and recovery testing throughout development and implementation, to make sure the system can be brought back to a point-in-time backup, even after a large-scale failure.
Drawing on these capabilities, SS8 implementation and support teams offer agreements to provide maintenance and updates for lawful intelligence systems, which helps ensure continuing mission-readiness. In addition, SS8 resolves issues raised by independent security analysts that are brought in by customers to perform vulnerability scans and penetration tests. Flexible measures to address security and other operational requirements protect the integrity of SS8 deployments and safeguards the lawful intelligence mission.
About Dr. Cemal Dikmen
As SS8’s Chief Technology & Security Officer, Cemal plays an integral role in the company’s strategic direction, development, and future growth. A renowned expert and thought leader in the legal compliance and communications analysis domain, he has been a frequent speaker at various industry conferences over the past 10 years. Cemal holds BS, MS, and PhD degrees in Electrical Engineering. You can learn more about Cemal on his LinkedIn profile by clicking here.
About SS8 Networks
As a leader in Lawful and Location Intelligence, SS8 is committed to making societies safer. Our mission is to extract, analyze, and visualize critical intelligence, providing real-time insights that help save lives. With 25 years of expertise, SS8 is a trusted partner of the world’s largest government agencies and communication providers, consistently remaining at the forefront of innovation.
Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.
LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.
Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.
To learn more, contact us at info@ss8.com.
