Sergej Khackimullin - Fotolia

Encrypted network tunnel boosts bandwidth securely for U.S. Army

Faced with little time and strict security needs, U.S. Army network engineers came up with an inventive way to use a network tunnel to improve communications amid the Ebola crisis.

At the time of the Ebola outbreak in 2014, Liberia, a country of 4.5 million people, reportedly only had 50 doctors working within its borders. What was left of its healthcare system, which had crumbled under years of civil war, was quickly overwhelmed by the epidemic.

The country was among the hardest hit by the Ebola crisis in Western Africa, suffering the highest fatality rate -- 43% -- and the second-highest number of cases, according to the World Health Organization. Liberia was the last country to be declared Ebola-free, cleared by the WHO this January.

At the height of the crisis in September 2014, U.S. President Barack Obama ordered the military to send nearly 3,000 troops to Liberia to help build treatment centers and support local efforts to curb the epidemic. Immediately after the order was issued, members of the 101st Airborne Division at Fort Campbell, a U.S. Army base that straddles the Kentucky-Tennessee border, were among the first to spring into action.

Within two weeks of the presidential order, the military was in Liberia.

The U.S. Army network tunnel
A soldier from the 101st Airborne Division trains on a tactical communications node at Fort Campbell in March 2014. The division implemented these nodes and other network and mission-command systems later that year to improve communications networks in West Africa during the Ebola crisis.

Providing material and engineering support to the unit was the Program Executive Office (PEO) for Command, Control and Communications-Tactical (C3T), which is responsible for building and fielding the Army's tactical communications networks. It coordinated with soldiers on the ground in West Africa to provide network connectivity during the mission. An Army signal company also provided assistance.

"The President said 'do it' and people started moving, so there wasn't a long time to order any special-needs equipment. It was, 'Do the mission with what you have at hand,'" says John Shotwell, an engineer who works for the U.S. Army's Warfighter Information Network-Tactical (WIN-T) Increment 1, which establishes and manages the voice, video and data networks used by soldiers in the field. WIN-T is a program management office within PEO C3T that provides fielding and technical assistance to missions like the Ebola relief effort.

Read more from this series: Networks in cool places

Table of contents: Four examples of networks in unexpected places

Williams Martini Racing: When reliability matters more than performance

SMM Pogo: Building a network on a mountain, underground at minus 20 degrees

Chitale Dairy: Milk production doesn’t stop, neither does network infrastructure

The sudden deployment didn't leave much time for procuring new equipment for a network. The unit wound up repurposing existing network devices and using an encrypted network tunnel to enable more robust connectivity and augment its standard tactical network for the five-month-long mission, according to Matt Iannelli, a senior systems engineer in the PEO C3T's Technical Management Division. Doing so also saved the Army the time and money, while also easing some of the burdens associated with distributing network services, a major hurdle in the Ebola operations.

"There's usually a progression of these kinds of activities. You go in and set up your quick-and-dirty communications to get your people situated and establish necessary comms right off the bat. Then, as you're there, you mature your network," Iannelli says. "If the mission is a long-term one, usually it matures toward a commercial or pseudo-commercial environment, as the Army likes to put it. But in this case, it was not a terribly long-term engagement, so the initial comms remained in place for the entire mission and were augmented."

Looking to free up bandwidth on the Army’s tactical satellite-based network -- and without enough time to go through the typical Department of Defense process to procure fiber -- the unit looked for fast and inexpensive ways to offload some of the unclassified communications. It found the answer in an unlikely place for the military: a network tunnel through the commercial Internet.

"One of the novel things that was done for this exercise that was primarily the brainchild of the unit itself -- and we helped with some of the engineering for the implementation of it -- was to leverage the Liberian telco commercial Internet and tie that back into the Army global network," Iannelli says. "WIN-T provided the capability to distribute an unmanaged Internet connection through the tactical environment."

We encrypted and tunneled through that commercial network for Army unclassified networks. We never let them touch each other.
John ShotwellWarfighter Information Network-Tactical (WIN-T) Increment 1, U.S. Army

"We encrypted and tunneled through that commercial network for Army unclassified networks," adds Shotwell. "We never let them touch each other."

In addition to the technical hurdles associated with establishing a network tunnel that would meet the Army's stringent security requirements, PEO C3T engineers also encountered logistical challenges in Liberia. When setting up line-of-sight communications links, the unit realized that there wasn't enough space in many areas to safely construct communications towers.

"In some of those locations, they just didn't have the acreage to support an implementation like that, so the unit actually had to negotiate with the government and some of the commercial entities in Liberia to leverage tower space on an existing commercial tower," Iannelli says. "[It's different from] an environment that's not just a wild, open, typical battle environment -- where you kind of have carte blanche to do what you want."

Next Steps

Tunnel vision: Choosing the best VPN for you

Potential pitfalls to encrypted VPNs

How to encrypt VoIP traffic

This was last published in February 2016

Dig Deeper on Network Security Best Practices and Products