High side vs low side

Last Updated on September 13, 2023 by Dave Farquhar

The other day I heard a reference to the “high side vs low side” of a computer system in a podcast, and the speaker didn’t stop to clarify. Worse yet is when you hear “on the low side” or “on the high side.” I came from the private sector into government contracting myself. I wasn’t born knowing this jargon either, so I’ll explain it.

A primer on classification

High side vs low side
The network carrying higher classified information is the high side. The network carrying lower classified information is the low side. Make sense?

It’s not uncommon for a computer system to have to process information of different classification levels. For example, long ago, I administered a system that tracked airplanes. Sometimes the location of the airplanes was unclassified and sometimes it wasn’t, so in the case of the system I ran, the “low side” was unclassified (probably, more specifically, UNCLASSIFIED//FOR OFFICIAL USE ONLY). The “high side” of the network was classified SECRET.

There could potentially be systems where the low side is classified SECRET and the high side is classified TOP SECRET. For a point of reference many people will be familiar with, the Manning leaks were SECRET information, and the Snowden leaks were mostly TOP SECRET information.

The high side is the level with the higher classification. The low side is the one with the lower classification.

On the high side / on the low side

When someone says “on the high side” or “on the low side,” they mean a system that’s running on that particular network. You can run e-mail and anything else on a classified network that you can on an unclassified network, but it’s a closed loop. A classified e-mail system normally can’t send or receive mail with an unclassified system. It certainly can’t exchange mail with a public system like Gmail.

There was a time when high-side systems had to be specially built. There was a special version of the IBM PC/AT for this purpose. Today, the same hardware can live on either the high or low side. But high-side and low-side systems require about two meters of physical separation as a precaution against information bleeding between them.

Cross domain solutions, or guards

When you have a system that crosses classification levels, you can’t just connect the two networks directly. You need a system that sits in between the two levels.  The government calls these systems guards or cross-domain solutions.

They’re specialized, NSA-blessed devices made by companies like Raytheon and Radiant Mercury. They have four jobs. First, pass data from the low side to the high side. Second, block any malware that might be present on the low side. Third, allow lower-classified data on the high side to pass back down to the low side. Fourth, block data of the higher classification level. Why would you send unclassified data from the high side? It allows the two systems to sync up. The high side may know something the low side doesn’t yet. When you’re talking high side vs low side, you may not necessarily know which one has the more up to date information.

High side vs low side

So if you’re reading a government RFP or you’re starting a job as a government contractor or civil servant and you were wondering what those terms mean, now you know.

If you found this post informative or helpful, please share it!