The Problem – Data Aggregation on the Low-Side
The UK Government collects vast amounts of data at the OFFICIAL security level. When aggregated, this data may create intelligence value that could be exploited by cyber threat actors, posing risks to national security. This challenge extends beyond the UK Government, affecting international collaborations like Five Eyes (FVEY). To mitigate these risks, appropriate security measures must be implemented.
What is the CDHA Framework?
Acubed.it has worked with the National Cyber Security Centre (NCSC) for over three years to develop the Cross Domain Hybrid Application (CDHA) framework – an advanced security solution that enables government applications to operate securely across multiple security domains while ensuring data integrity and confidentiality.
The CDHA Framework enhances data security by enabling controlled and secure data sharing between security domains. Aggregated data can be stored and protected at SECRET or higher trust domains, while maintaining efficient and controlled access at the OFFICIAL level. It provides a Secure-by-Design solution that enforces strict access controls and data validation mechanisms, ensuring sensitive information is not unintentionally exposed while maintaining operational effectiveness.
The diagram below demonstrates how the CDHA framework enables data to be collected at OFFICIAL and stored at SECRET whilst allowing seamless data retrieval and updates:
Key Security Features of CDHA
CDHA employs a multi-layered security approach to protect data across trust domains:
- Data Encryption & Signing: Row-level AES encryption with user-specific keys ensures security of data at rest and in transit.
- Endpoint Security : ECDH and ECDSA encrypt and sign data at the browser level, protecting data transmission.
- Authentication & Verification: Strict identity verification and signature validation prevent unauthorised access.
- Access Control & RBAC: Multilayered defence with Role-Based Access Control (RBAC) and Two-Factor Authentication (2FA).
- High Assurance Gateway Validation: Incoming data is decrypted and validated for integrity before processing.
- Export Control Mechanisms: Outgoing data undergoes compliance and security checks before cross-domain transfer.
Using the STRIDE model, CDHA mitigates threats to ensure data integrity, confidentiality, and availability.
CDHA Benefits
Preparing for the Quantum Era
With quantum computing poised to disrupt traditional encryption, acubed.it is preparing to integrate Post-Quantum Cryptography (PQC) into CDHA, in collaboration with Edinburgh Napier University. Key innovations include:
- ML-KEM and ML-DSA Algorithms: Strengthening encryption against quantum-based threats.
- Homomorphic Encryption: Enabling secure computations on encrypted data without decryption.
- Attribute-Based Encryption (ABE): Allowing controlled data sharing across trust domains based on user roles and security clearances.
- AI & ML-Driven Export Controls: Automating compliance and security checks for secure cross-domain transfers.
These innovations will reinforce CDHA’s long-term security and resilience, ensuring it remains ahead of emerging cyber threats.
Modernising Government Security and enhancing CNI Protection
The Cross Domain Hybrid Application (CDHA) Framework represents a significant advancement in modernising UK Government security and enhancing Critical National Infrastructure (CNI) protection. It addresses the challenges of data aggregation at the OFFICIAL security level by enabling secure, efficient, and controlled access to sensitive data across multiple security domains. This ensures that national security risks are mitigated while maintaining operational effectiveness.
By bridging security domains, reducing aggregation risks, preventing cyber threats, and enabling secure, real-time cross-domain data sharing, CDHA strengthens the resilience of both government agencies and CNI sectors. As cyber threats continue to evolve, new regulations such as the UK Cyber Security and Resilience Bill and NIS2 Directive demand stronger security measures. CDHA enables organisations to meet these regulatory requirements while ensuring that essential services remain secure, resilient, and operational under all circumstances.
Conclusion
The CDHA Framework offers a future-proof, Secure-by-Design solution that ensures compliance, resilience, and secure cross-domain collaboration for government and CNI operations. To stay ahead of emerging cyber threats and regulations, organisations must adopt CDHA now to protect critical assets and ensure trusted, secure, and compliant operations.
Contact Acubed.it today to explore how CDHA can modernise your security infrastructure, align with regulatory frameworks, and future-proof your operations.
Join us at Cyber Security 2025 on Tuesday, February 25, 2025, where Acubed.it will be exhibiting. Learn more!