Cloud Infrastructure
All components of the COTAK system are deployed in the Amazon Web Services (AWS) GovCloud, which is designed to host sensitive data, regulated workloads, and address the most stringent U.S. government security and compliance requirements. In addition to providing high security, operating COTAK in this way reduces the risk of hardware failures, power outages, or other technical faults disrupting the system. The cloud computing system used by COTAK is maintained by State employees and vetted contractors.
AWS data centers are equipped with advanced environmental safeguards to protect data from threats like fire, power loss, and extreme weather. AWS ensures continuous service with redundancy, high availability, and capacity monitoring. In addition to these robust protections, our agency also adheres to best practices within our AWS environment, implementing our own redundancy and monitoring strategies to meet and guarantee data security and availability.
TAK Server
The core of COTAK is its military-grade TAK Server, which is deployed in a secure cloud-computing environment and provides AES-256 encrypted connections to the TAK apps over any available internet connection including cellular service. The TAK Server uses these encrypted connections to route messages containing the GPS locations of first responders, as well as other information such as shapes or chat messages shared between responders.
Data Segmentation
COTAK is designed to accommodate both sensitive law enforcement operations, as well as multi-agency search and rescue missions and mutual aid. The system does this by breaking location sharing into channels, which first responders turn on or off using their TAK apps. COTAK channels do not involve voice communications, rather when a user turns a channel on they begin seeing the locations of every other responder who is also running TAK and has the same channel turned on, and they can begin interacting with those users.
Access to channels in COTAK is controlled by each user’s username/password login, which grants access to authorized channels in the system. Each agency that uses COTAK can designate one or more people as agency administrators, and these people have the ability to create new users for their agency and create channels for their agency to use. Channels can be automatically made available to all users in an agency, or an administrator can add users by name to channels for use by smaller teams within an agency.
Security Within cotak.gov
cotak.gov is the primary user interface for accessing and managing agency configurations, user memberships, training resources, channel-building, and data sync file sharing. Serving as the trusted center for all user accounts, cotak.gov is built with secure network connectivity and operates within AWS GovCloud. Two-factor authentication is required for system administrators and can be enabled for all users to add an extra layer of protection.
Data within the COTAK environment is encrypted both at rest and in transit, ensuring secure communication across all channels. For further details, see our Data Retention Policy.
Our team monitors all services around the clock, to detect any suspicious activity or potential interruptions. Comprehensive server logging enables a swift and efficient response by our security or development team in the event of an issue.
Vendor Management
COTAK is designed to integrate with a variety of market-available products. User agencies can selected and implement vendor solutions that integrate with TAK at their agency level. Access Control and Permission Levels are enforced by COTAK service to ensure that the scope of the data they access is limited to that of the agency.
