National Security-Grade Network Severance and Isolation
Defence networks carry the most sensitive information a nation possesses. The threat landscape includes the most capable adversaries on earth, operating with state-level resources and persistence.
Defence
Defence information requires defence-grade protection. Logical separation managed by software is not sufficient when the adversary has the resources and patience to find and exploit every configuration error.
100%
Classification boundary enforcement
Zero
Cross-domain network reachability
SC/DV
Cleared personnel at every facility
Full
JSP 440 and NATO security compliance
Defence networks face state-level adversaries.
Nation-State Persistence
State-sponsored actors maintain persistent access campaigns against defence networks, investing years of effort to compromise a single classified system.
Cross-Domain Risks
Information sharing between classification levels creates network paths that, if compromised, could allow classified data to traverse to lower classification domains.
Legacy Military Systems
Decades-old military systems were designed for physical isolation but are increasingly connected to modern networks for interoperability.
The Scenario
Scenario: Cross-Domain Boundary Compromise
A state-sponsored group identifies a misconfiguration in a cross-domain solution connecting SECRET and OFFICIAL networks. The misconfiguration allows carefully crafted data packets to bypass content inspection, creating a covert channel for exfiltrating classified material. The channel operates for months at low bandwidth, evading detection systems tuned for bulk data movement. With Firevault Control, cross-domain boundaries are physically enforced. Data movement between classification levels requires multi-party authorisation with full content verification. The covert channel cannot exist because the physical path between domains does not exist outside authorised transfer windows.
"Our cross-domain solution had been certified and accredited. It passed every penetration test. But the misconfiguration that enabled the covert channel was in a feature that had been added after certification. The accreditation process had not caught up."
Where each Control module is deployed across admin, mission and classified domains.
Defence estates separate admin networks from mission systems and classified enclaves. Control puts a boundary between each domain so the right things stay reachable and the wrong things do not. Sovereign data lives behind its own firebreak.
Grounded in MOD Secure by Design, NCSC for defence, NIST SP 800-171 and JSP guidance available in the public domain.
Internet / Cloud
External
External traffic stops at the admin perimeter.
Admin network
Admin
Day-to-day business systems.
Day-to-day business systems.
Admin cannot reach mission directly.
Cross-domain DMZ
DMZ · trust boundary
One-way and brokered exchange between domains.
One-way and brokered exchange between domains.
Cross-domain movement is checked and routed.
Mission planning
Mission
Mission actions approved before they move.
Mission execution
Mission
Operational tempo, not office hours.
Operational tempo, not office hours.
Classified access is named with the right clearance.
Classified enclave
Mission
Sovereign and sensitive systems.
Sovereign and sensitive systems.
Crown jewels
Off-network
Detail callout · A
Offline Secure Storage
Sovereign records, sensitive data, evidence and the recovery sets needed to survive a worst day.
Offline by design · secure by defaultModules & symbols
Where each module is deployed, and what it does there.
One row per module. Placement on the network, then plain-English purpose at that point.
-
Isolate
On the D1 to DMZ link and the D3 to D4 link
Admin, mission and classified each sit on their own physical fabrics. A compromise in admin cannot walk into mission or classified.
-
Firebreak
On the D0 to D1 link and the D1 to DMZ link
Real hardware off switches on the public and admin boundaries, cutting the live path into mission and classified estates.
-
Validate
On the D0 to D1 link and inside the cross-domain DMZ
Requests crossing into trusted estates are checked for origin, integrity and authority before they reach an operational system.
-
Transfer
Inside the cross-domain DMZ
Movement between domains is brokered, often one-way. Transfer governs the route and the landing point.
-
Execute
On the D2 to D3 link
Mission actions hold until the right approval is in place.
-
Lock
On the D3 to D4 link
Classified access ties to named individuals with the right clearance, device and authority.
Featured In
'%3e%3cpath%20fill='%23E40784'%20d='M141.363%2026.6a5.905%205.905%200%200%201-5.899-5.9%205.905%205.905%200%200%201%205.899-5.895%205.901%205.901%200%200%201%205.895%205.895%205.9%205.9%200%200%201-5.895%205.9Zm0-8.347a2.448%202.448%200%200%200%200%204.895%202.449%202.449%200%200%200%202.447-2.448%202.449%202.449%200%200%200-2.447-2.447ZM141.363%200c-.821%200-1.638.052-2.447.144v3.731a16.897%2016.897%200%200%201%202.447-.177c9.373%200%2017.002%207.626%2017.002%2017.002%200%20.825-.063%201.642-.177%202.448h3.732c.095-.81.143-1.627.143-2.448%200-11.411-9.285-20.7-20.7-20.7Z'/%3e%3cpath%20fill='%23E40784'%20d='M141.363%207.268c-.825%200-1.645.077-2.447.228v3.787a9.733%209.733%200%200%201%202.447-.313c5.369%200%209.734%204.368%209.734%209.734%200%20.832-.107%201.652-.313%202.447h3.783c.151-.802.228-1.623.228-2.447.004-7.412-6.024-13.436-13.432-13.436Z'/%3e%3cpath%20fill='%23fff'%20d='M71.382%207.537h-2.84a5.82%205.82%200%200%200-5.815%205.818v9.785h4.037v-9.789a1.78%201.78%200%200%201%201.777-1.777h2.841V7.537ZM80.539%2019.1a3.787%203.787%200%200%201-3.783-3.784%203.787%203.787%200%200%201%203.783-3.783%203.787%203.787%200%200%201%203.783%203.784%203.787%203.787%200%200%201-3.783%203.783Zm0-11.6c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82%201.372%200%202.66-.357%203.78-.982v.982h4.036V15.32c.004-4.313-3.503-7.82-7.816-7.82ZM41.806%2018.71a5.512%205.512%200%200%201-4.34%202.1%205.55%205.55%200%200%201-5.541-5.541%205.55%205.55%200%200%201%205.542-5.543c1.696%200%203.279.766%204.339%202.102l.088.114%201.656-1.656-.077-.092a7.865%207.865%200%200%200-6.01-2.797c-4.339%200-7.871%203.533-7.871%207.872s3.532%207.871%207.871%207.871a7.865%207.865%200%200%200%206.01-2.797l.077-.091-1.656-1.656-.088.113ZM19.479%207.397c-4.34%200-7.872%203.53-7.872%207.872%200%204.342%203.533%207.871%207.872%207.871a7.883%207.883%200%200%200%207.205-4.71l.081-.18H24.15l-.037.058a5.543%205.543%200%200%201-10.05-1.873h13.2l.015-.11c.048-.357.073-.714.073-1.053%200-4.346-3.529-7.875-7.871-7.875Zm-5.417%206.705a5.54%205.54%200%200%201%205.417-4.376%205.54%205.54%200%200%201%205.417%204.376H14.06ZM46.192%2023.14h2.33v-8.847a4.599%204.599%200%200%201%204.593-4.592%204.599%204.599%200%200%201%204.592%204.592v8.844h2.33v-9.149h-.008a6.887%206.887%200%200%200-2.082-4.648%206.89%206.89%200%200%200-4.832-1.972%206.863%206.863%200%200%200-4.593%201.751V.545h-2.33V23.14ZM2.686%207.393H0v2.33h2.686v8.471a4.944%204.944%200%200%200%204.94%204.939h2.435v-2.33H7.625a2.613%202.613%200%200%201-2.609-2.612V9.726h3.772v-2.33H5.016V1.84h-2.33v5.553ZM101.968%208.457a7.721%207.721%200%200%200-2.547-.858c-.088-.014-.177-.03-.265-.04-.1-.011-.199-.022-.302-.03a9.993%209.993%200%200%200-.574-.029c-.022%200-.04-.004-.062-.004h-.037c-4.313%200-7.82%203.507-7.82%207.82%200%204.313%203.507%207.82%207.82%207.82h.037c.25%200%20.496-.014.743-.04l.037-.003a7.742%207.742%200%200%200%203.003-.939v.979h4.037L106.005.537h-4.037v7.92Zm0%206.863a3.788%203.788%200%200%201-3.769%203.78%203.786%203.786%200%200%201-3.76-3.78c0-2.08%201.688-3.772%203.764-3.78a3.787%203.787%200%200%201%203.765%203.78ZM119.75%2023.11h4.037V15.299c-.011-4.302-3.515-7.798-7.82-7.798-4.313%200-7.821%203.507-7.821%207.82%200%204.313%203.508%207.82%207.821%207.82%201.372%200%202.66-.357%203.783-.982v.953Zm-3.783-4.01a3.786%203.786%200%200%201-3.783-3.784%203.786%203.786%200%200%201%203.783-3.783%203.79%203.79%200%200%201%203.783%203.78v.003a3.787%203.787%200%200%201-3.783%203.784ZM132.273%207.5a5.824%205.824%200%200%200-5.818%205.818v9.822h4.037v-9.822a1.78%201.78%200%200%201%201.777-1.777h2.841V7.5h-2.837ZM173.736%2020.807a5.534%205.534%200%200%201-5.527-5.527%205.534%205.534%200%200%201%205.527-5.528%205.535%205.535%200%200%201%205.528%205.528%205.535%205.535%200%200%201-5.528%205.527Zm0-13.399a7.852%207.852%200%200%200-5.527%202.274V7.393h-2.344V30h2.344v-9.127a7.836%207.836%200%200%200%205.527%202.275c4.339%200%207.872-3.533%207.872-7.872s-3.533-7.868-7.872-7.868ZM186.735%2023.14h-2.385v-9.81a5.84%205.84%200%200%201%205.833-5.834h2.848v2.385h-2.848a3.45%203.45%200%200%200-3.448%203.448v9.811ZM202.813%209.774a5.535%205.535%200%200%200-5.528%205.528%205.535%205.535%200%200%200%205.528%205.527%205.534%205.534%200%200%200%205.527-5.527%205.534%205.534%200%200%200-5.527-5.528Zm0%2013.4c-4.339%200-7.872-3.533-7.872-7.872%200-4.34%203.533-7.872%207.872-7.872s7.872%203.53%207.872%207.872c0%204.339-3.533%207.871-7.872%207.871Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h210.68v30H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
Key Capabilities
UK Sovereign Facilities
All classified data remains within NATO-approved underground facilities in the United Kingdom, managed by SC/DV-cleared personnel under MOD oversight.
Cleared Multi-Party Access
All access requires authorisation from multiple cleared individuals across different roles, preventing any single point of compromise.
JSP 440 Compliance
Automated compliance logging maps directly to JSP 440, JSP 604, and NATO security requirements with continuous evidence generation.
Independent Communications
Out-of-band management via dedicated, secured communications ensures control plane access independent of primary defence networks.
Forensic-Grade Logging
Every access, transfer, and authorisation decision is recorded in tamper-proof, classification-appropriate logs on physically separate infrastructure.
Cleared Recovery Capability
Verified control-plane baselines maintained within appropriately cleared facilities ensure classified system restoration during total compromise scenarios.
Demo to Live
Adoption Guide
Classification Boundary Assessment
Map all cross-domain connections and data flows between classification levels, identifying persistent paths and reachability gaps against JSP 440 requirements.
Sovereign Architecture Design
Design physically separated classification zones with Control modules enforcing each boundary, aligned to MOD and NATO security requirements.
Accredited Pilot
Deploy within a controlled environment with full classification boundary enforcement, multi-party authorisation, and forensic logging for accreditation evaluation.
Operational Capability
Full deployment across defence infrastructure with cleared verified baselines, continuous compliance evidence, and independent communications.
Classification Boundary Assessment
Map all cross-domain connections and data flows between classification levels, identifying persistent paths and reachability gaps against JSP 440 requirements.
Sovereign Architecture Design
Design physically separated classification zones with Control modules enforcing each boundary, aligned to MOD and NATO security requirements.
Accredited Pilot
Deploy within a controlled environment with full classification boundary enforcement, multi-party authorisation, and forensic logging for accreditation evaluation.
Operational Capability
Full deployment across defence infrastructure with cleared verified baselines, continuous compliance evidence, and independent communications.
Questions
Frequently Asked
Speak to the team to organise a PoC
Walk through your blueprint with the Firevault team and scope a proof of concept on your estate. 30 minutes, no sales pitch.