Cross Domain Hybrid
Application (CDHA) Framework
A reusable pattern for seamless interoperability & cross domain collaboration
The problem
Cross-domain working is a key challenge area for the National Cyber Security Centre (NCSC)
As national security threats evolve, data silos and fragmented security domains create operational inefficiencies and elevate security and compliance risks. These challenges are further compounded by two critical issues:
•Data Aggregation Risks:
Unprotected sensitive data at the OFFICIAL classification is a prime target for Hostile State Actors.
•Restricted Visibility & Access:
Isolated SECRET systems, limit operational agility and cross-domain collaboration.
To mitigate these risks, appropriate security measures must be implemented, enabling secure interoperability.
The Solution
Cross Domain Hybrid Application (CDHA) Framework - Enabling Secure Interoperability across Security Domains
With increasing regulatory pressure from NIS2, CAF, and the Cyber Resilience Bill, organisations must adopt solutions that go beyond basic data transfer – they need operational efficiency, cryptographic security and seamless cross-domain application functionality.
CDHA is a next-generation approach – a secure application framework designed to address these challenges. It enables data protection across all classification levels , mitigating data aggregation risks at OFFICIAL and enabling authorised access to SECRET environments without compromising security.
What is the CDHA Framework?
Acubed IT, in collaboration with the NCSC, has developed the Cross Domain Hybrid Application (CDHA) Framework - a unique solution designed to address the challenges of cross-domain application development.
Built on a zero-trust model and leveraging next-generation high-assurance gateway technology, the CDHA Framework offers a comprehensive suite of design patterns, a reference architecture, code libraries, and implementation guidelines.
Built to facilitate Secure by Design principles, the CDHA Framework also helps ensure customer applications align with Secure by Default standards, while incorporating an advanced cryptographic key management system to address the complex security requirements of cross-domain applications.
Future-Proof Security with Post-Quantum Innovation
As quantum computing threatens traditional encryption, Acubed IT, in collaboration with Edinburgh Napier University, is integrating Post-Quantum Cryptography (PQC) into the CDHA Framework to ensure enduring data protection.
Key innovations include:
• ML-KEM and ML-DSA Algorithms: Strengthening encryption against quantum-based threats.
• Homomorphic Encryption (HE): Enabling secure computations on encrypted data without decryption.
• Attribute-Based Encryption (ABE): Allowing controlled data sharing across domains based on user roles and security clearances.
• AI & ML-Driven Export Controls: Automating compliance and security checks for cross-domain transfers. Together, these innovations will reinforce CDHA’s long-term security and resilience against emerging cyber threats.
When do you use the CDHA Framework?
Users enter information into a form within the OFFICIAL or Low Trust domains, and the data is securely transferred to the High Trust area, leaving little to no trace behind.
If your application portal operates on a Low Trust domain and gathers data at the OFFICIAL level, that data must remain encrypted and protected at all times.
If your Low Trust application portal collects information at the OFFICIAL level and a segment of this data requires processing on a more secure network, then it's imperative to have the right protocols.
While data may reside in the higher security tier, specific portions of records or data should be securely made available to the OFFICIAL level to enhance application accessibility.
How does the CDHA Framework differ from Cross Domain Solutions (CDS)?
Data Protection at the OFFICIAL Domain - CDS primarily protects the SECRET network but does not protect the data at the OFFICIAL domain. CDHA encrypts data from the moment of creation, ensuring protection before it moves to higher domains.
Operational Efficiency - With CDS, users must manually move data to higher domains. CDHA allows secure data processing at lower classifications while keeping aggregation at higher domains - reducing duplication, manual work and inefficiencies.
Secure Access to SECRET Data from OFFICIAL Devices - In CDS environments, higher domain data is often inaccessible from OFFICIAL systems. CDHA allows secure, controlled portions of higher domain data from OFFICIAL devices, ensuring real-time decision-making without compromising security.
Future-Proof Cryptography - While CDS relies on legacy security models, CDHA integrates Post-Quantum Cryptography (PQC), Attribute-Based Encryption (ABE) and Fully Homomorphic Encryption (FHE), ensuring log-term security against evolving threats.
CDHA Benefits
Unique Cross Domain Cryptographic Key Management
Our solution is unique and has no direct competitiors
Reduces Risk of Data Breaches
Protects sensitive date even before it reaches higher classifications
Data Storage at Secret
Aggregated data stored in a secure domain
Seamless User Key Management
Our solution enables a seamless experience of key management for end users
Minimising Dependency on Secret EUD
Significantly reduces the need for Tier 2 End User Devices and Infrastructure
Improves Operational Efficiency
Eliminates security bottlenecks by enabling secure data interoperability
Enhancing CNI Protection with Advanced Cross Domain Solutions
Cross Domain Hybrid Application Framework (CDHA) is designed to secure Critical National Infrastructure (CNI) against emerging cyber threats. As Europe transitions to new regulatory frameworks like NIS2 and the UK prepares to enact its own Cyber Security and Resilience Bill, CDHA offers a proactive solution to meet and exceed compliance and security expectations for data handling.
Robust Encryption for CNI Protection: CDHA utilises well recognised and accepted cryptography schemes to safeguard sensitive CNI data, ensuring that critical information remains protected from unauthorised access, while in transit and at rest. This aligns with the anticipated requirements of the UK’s forthcoming Cyber Security and Resilience Bill, which prioritises the safeguarding of CNI data.
Secure Information Sharing Between Regulators and Operators of Essential Services (OES): Facilitate secure and efficient data sharing between different organisational entities, from operators to regulators. CDHA ensures that any shared information adheres to high-trust protocols, crucial for maintaining the integrity and confidentiality of CNI-related communications.
Compliance and Adaptability: As the Cyber Security and Resilience Bill moves from consultation to enforcement, CDHA provides a Secure Cross Domain Framework that helps organisations stay compliant with new and evolving cybersecurity laws.
Operational Efficiency and Regulatory Compliance: Beyond securing data, CDHA enhances operational efficiencies through streamlined data handling and reduced complexity in cross-domain interactions. This not only boosts performance but also simplifies the compliance process for entities governed under strict regulatory mandates.
As the Cyber Security and Resilience Bill shapes the future landscape of cybersecurity in the UK, CDHA Framework is designed to meet these challenges head-on. Protect your critical assets with a framework built for the future of CNI protection, ensuring your operations are secure, compliant, and resilient.
