Viasat’s network encryption business: security from the cloud to the edge

As the U.S. government moves applications to the cloud, security is of critical importance.


With the explosion of connected devices, cloud-centric networks and today’s rapidly evolving cyber-threats, network encryption is absolutely essential to protecting the integrity of sensitive information.

Viasat is a company with a proven track record of first-to-market products in the information assurance and network encryption market. For example, Viasat was the first to offer a 100-gigabit-per-second (Gbps) Type 1 network encryption device, known to the U.S. Government as the KG-142.

“The KG-142 offers the same encryption power of 10 separate 10 Gbps encryptors in a single unit, combining both security and high-speed processing power,” says Ken Peterman, president of Viasat’s Government Systems business. “This can save customers millions in capital requirements for networking equipment, plus reduced operational and maintenance costs and savings in training and logistics.”

Peterman said the KG-142 is a key product for connecting government and military organizations to cloud-based infrastructures. He noted that the KG-142 is available and shipping now. And, a software update—compliant to the new National Security Agency (NSA) Ethernet Data Encryptor Cryptographic Interoperability Specification (EDE-CIS) standard—has been submitted to the NSA for certification.

“We are the only U.S. Company that supports NSA Type 1 encryption for both Layer 2 (ESS/EDE) and Layer 3 (HAIPE),” Peterman says, referring to network protocols.

Cloud security

Just like almost all large commercial companies, the U.S. government is migrating many applications to the cloud. That means security between the company and the cloud is of critical importance.

“Instead of everything being done on your computer, the cloud enables government users to take advantage of processing-intensive new capabilities like machine learning and artificial intelligence,” explains Scott Adams, vice president of Secure Network Systems at Viasat. “To connect all these devices to the cloud, more and more bandwidth is required resulting in the need for more network encryption with advanced security features.”

Both the commercial market and the government are looking to Layer 2 encryption as a way to ensure better cloud security. While Layer 3 enables more flexible routing inherent to the encryptor, Layer 2 has significantly lower latency and leaves the routing to the rest of the networking equipment.

NSA’s previous Layer 2 encryption standard was Ethernet Security Specification (ESS). The new EDE-CIS includes advanced cryptographic features, as well as the ability to interface with NSA’s Key Management Infrastructure, which manages products such as encryption keys for devices.

“You can’t offer a Layer 2 encryption device for the government unless you are compliant with those specifications,” Adams says.

The challenge: speed plus security The challenge becomes supporting today’s sophisticated networks and their ever-increasing data rates while still ensuring top-grade encryption. To address this, Viasat’s KG-142 allows customers to operate up to 32 simultaneous peer-to-peer connections. This can happen over one to four 10-Gbps channels or a single 100-Gbps Ethernet channel. The KG-142 was the first Type 1 Media Access Control Security Ethernet encryptor capable of operating at up to 100 Gbps. Viasat is demonstrating the flexibility and extensibility of its platform through these extensive new features.

“These features will all be critical securing today’s ever evolving networks and cloud-based systems,” Adams says.

The tactical edge

Viasat’s network encryption doesn’t stop at the cloud. At the other end of the network — the tactical edge — Viasat’s KG-250XS encryptor combines HAIPE standards with a ruggedized container and low size, weight and power requirements to meet the needs of devices and networks being used on the battlefield. Viasat has also recently expanded the KG-250XS capability to handle 100 Mbps aggregate bandwidth. This supports security requirements for emerging mission needs that include everything from streaming high-definition video to transferring intelligence surveillance and reconnaissance data.

Peterman attributes Viasat’s success in meeting the dual challenges of encryption for the cloud and at the tactical edge to the company’s foresight anticipating government needs.

“Our industry-leading portfolio of network encryption products is continuing to expand to meet the needs of today’s users while preparing our government customers for the missions of tomorrow,” Peterman says.

When talking to Scott Adams, one thing is clear: Viasat is always looking to push the boundaries of what’s possible in network encryption in order to better serve government customers’ needs. Adams says the next challenge is to break the 100-Gbps barrier.

“We are working on becoming the first company to offer a 400-Gpbs device,” he says.

Viasat’s leading market position is the result of decades working with government and commercial customers on encryption products.

“There’s no doubt, Viasat is an industry leader in information assurance with one of the broadest portfolio of network encryption solutions on the market,” Peterman says. “We have a long history of first-to-market milestones, and we’re just getting started.”