Military Embedded Systems

Bringing secure mesh wireless to mobile command posts


May 15, 2023

Dominic Perez


Stock image/Pixabay

Military wireless networks in the military can be secured through the proven use of NSA-approved Commercial Solutions for Classified (CSfC) encryption. CSfC is a set of approved architectures using two layers of commercial encryption (as opposed to Type 1 military-only encryption) for access to classified networks. The layers, software and/or hardware, must be developed independently and validated to international Common Criteria standards. Today, it’s possible to rapidly set up a mobile, extendable wireless network qualified to Technology Readiness Level (TRL) 9 [denoting that a technology has been “flight proven” during a successful mission]; using Wi-Fi 6, multi-­hundreds of megabits of throughput can be rapidly deployed in the field.

One advantage of wireless networking – beyond the speed of deployment – is that it can deliver true network resiliency. It supports mesh topologies, which can eliminate the threat of a single point of failure in the network, so the loss of a single node or access point won’t bring down the entire network.

A mesh network, which can exist in many different topologies and come in a variety of formats, can route across the network with direct-hop, single-hop, or multiple-hop data distribution to connect any two nodes on the network. For wireless meshing, many in the military think of MANET [mobile ad hoc network] radios. While MANET radios support various meshing topologies, modern implementations of good old 802.11 Wi-Fi do as well. A major advantage of Wi-Fi is its low hardware cost: Even in rugged and outdoor applications Wi-Fi benefits from true commodity pricing. MANET requires each operator to have their own MANET-compatible radio, which is fine for handheld communications. It’s less than ideal, though, for data-based comms that require the user to plug into a laptop or tablet already equipped with Wi-Fi hardware.

Even though commercial Wi-Fi solutions typically feature support for mesh network topologies, not all commercial equipment supports NSA [National Security Agency] requirements for CSfC encryption of data-in-transit and frequently they do not support all military software applications, many of which were designed years before wireless battlefield networks became possible. Commercial Wi-Fi can provide a short cut for setting up a CUI [controlled unclassified information] network, but it’s not going to get you to a secret or higher network.

Secure wireless mesh networks (SecMesh) advances battlefield distribution of data connections, since users can set up a wireless network to connect vehicles, plus a “bubble” to broadcast to end users. SecMesh enables vehicle-to-vehicle communications plus tunnel-in-tunnel CSfC encryption.

Curtiss-Wright deploys CSfC-based Secure Wireless Command Posts (SWCP) with the Army and other groups. Typically, a secure wireless command post system is installed on each vehicle. This setup enables each vehicle to operate independently, but results in duplication of equipment and sub-optimal size, weight, power, and cost (SWaP-C). Also, with each system operating independently, operators and devices can’t roam between systems without being preregistered.

The next step in SecMesh technology evolution will mesh vehicles together, establishing multiple east/west bound network connections, along with multiple backhauls in case a vehicle is lost. Users registered with one wireless system will be able to roam between all of the wireless systems on the connected battlefield. The next step: true vehicle secure network connectivity vehicle-to-vehicle while on the move. This capability has been demonstrated in the field and development continues.

One example of a SecMesh network in the battlefield today: The PacStar Secure Meshing Command Post (SMCP). (Figure 1.) Typically, setting up a mesh network topology can be complicated because many legacy applications have built-in assumptions about the network on which they will operate. These assumptions place the burden on the network designer and network maintainer to hide the true nature of the underlying network. Manual setup could take hours, undermining the military’s goal to reduce network setup in the field to as little as five minutes. Network management software, such as PacStar IQ Core software, can eliminate the need for the system manager to manually set each individual node on the network.

[Figure 1 | PacStar Secure Wireless Command Post Wi-Fi (SWCP) is a small, modular communications system enabling wireless mobility for smartphones, tablets, and laptops connected to classified and unclassified networks in deployed, expeditionary, and tactical environments.]

Ideally, the SecMesh approach is modular with users able to select the hardware form factor that is appropriate for the mission, whether for a communications vehicle with an enclosure for tactical networking hardware or a more combat-focused vehicle – land or amphibious – that requires fully sealed electronics made possible by a Sensor Open Systems Architecture (SOSA) Technical Standard aligned design based on VPX hardware.

Dominic Perez is the CTO at Curtiss-Wright Defense Solutions and a Curtiss-Wright Technical Fellow.

Curtiss-Wright Defense Solutions

Featured Companies


20130 Lakeview Center Plaza
Ashburn, Virginia 20147