************************************************************************ 
DDN MGT Bulletin: 9403           DISA DDN Defense Communications System   
10 Mar 1994                      Published by: DDN Network Info Center
                                      (NIC@NIC.DDN.MIL)  (800) 365-3642


                        DEFENSE  DATA  NETWORK
                         MANAGEMENT  BULLETIN

  The DDN MANAGEMENT BULLETIN is distributed online by the DDN Network
  Information Center under DISA contract as a means of communicating
  official policy, procedures and other information of concern to
  management personnel at DDN facilities.  Back issues may be read
  through the TACNEWS server ("@n" command at the TAC) or may be
  obtained by FTP (or Kermit) from the NIC.DDN.MIL host [192.112.36.5]
  using login="anonymous" and password="guest".  The pathname
  for bulletins is ddn-news/ddn-mgt-bulletin-nn.txt (where "nn" is the
  bulletin number).
************************************************************************

         Subject: Policy for Crypto Re-Keying of MILNET ISTs

This bulletin supersedes DDN Management Bulletin 119, dated 1 Mar 93,
Subject: Policy for Crypto Re-Keying of MILNET ISTs.

1. This DDN Management Bulletin provides information regarding crypto
coordination procedures, and is effective upon receipt.

2. Standard NSA policy states that unclassified network circuits that
do not utilize OTAR may use monthly crypto period with no update. This
means that the traffic encryption key (TEK) may be loaded into the
crypto device monthly and no daily update is required. This is the
standard for MILNET inter-switch trunks (ISTs) that are not using OTAR.

3. Crypto coordination problems at MILNET sites remains one of the
primary causes of trunk failures on the network. Over the past
four months, there has been a steady increase in the number of
outages resulting from coordination problems. Additionally,
the time required to restore the circuits due to crypto failure is
on the increase.  The inability to accomplish crypto coordination
changes in a timely manner significantly impacts the operational
readiness of the MILNET.  As the transition from DDN to DISN continues,
the number of trunks supporting the network has been reduced as PSN
nodes are deactivated.  With the loss of this bandwidth, the MILNET is
now experiencing significant congestion that impacts the ability of DoD
customers to accomplish their mission. In extreme cases, trunk outages
resulting from crypto coordination problems caused nodes to be
'stubbed' or 'isolated' from the network. Again, this has had a
significant impact on providing quality customer support for all MILNET
users. To minimize outages of this type, we strongly request your
support to ensure procedures are in place to accomplish crypto changes
at the appropriate time, and sites coordinate with each other to ensure
all actions are complete and the trunk remains in operational status.

4. As a reminder, the following procedures relating to crypto
remain in effect:

     A. Circuit Outage Procedure: If a circuit fails, but the crypto
        equipment re-synchs automatically after restoral, the loading
        of a new TEK is not necessary. Please note that a KG-84A will
        retain key during power or circuit outages only if fresh
        fill-hold batteries are installed. If a circuit falis and the
        crypto does not automatically re-synch, the 'next up' segment
        of TEK will be loaded. In order to establish the normal period,
        the KG-84A will also be loaded on the first of the next month.

     B. Procedure for Sites not Manned 7 Days a Week: When the first of
        the month occurs on a week-end or holiday at a facility not
        manned during that time, the monthly loading of the TEK will be
        accomplished on the next duty day at a time established by the
        NCS. This action must be coordinated with the MILNET Monitoring
        Center (1-800-451-7413).

     C. In each case, it is ESSENTIAL that each site contact the
        distant end to ensure an error free coordination process.

5. The best method to reduce the number of circuit outages caused by
crypto coordination problems continues to be the use of OTAR. DISA has
an ongoing effort to assist net control stations (NCSs) to convert to
OTAR.  Please contact the MILNET OTAR POC, SFC Newell Hammond,
DISA/UTDS, DSN 222-2771 or COMM (703) 692-2771 for further information.

6. POC for this management bulletin is Maj John Lent, DISA/UTDS,
DSN 222-2757 or COMM (703) 692-2757; E-Mail lentj@cc.ims.disa.mil.