b996b8be895e7a8b3901858151f17cc5.ppt
- Количество слайдов: 45
NATO Consultation, Command & Control Board Information Assurance Sub-committee NATO HQ 3 C Staff Security and Protection of Information “Moving to Information Assurance” Brno (CZE) 2 - 4 May 07 Colonel Enrico Bologna UNCLASSIFIED NHQC 3 S – Infosec Branch Chief 1
Introduction NATO HQ 3 C Staff Aim: n To present the consolidated NATO processes in protecting information, but also the ongoing initiatives and the challenges in implementing a coherent and interoperable multinational and NATO Networking and Information Infrastructure (NII)… Outline: n Where INFOSEC / IA occurs in NATO … and some preliminary info n Transformational Summit at Riga (Latvia) Nov 06 n Information Assurance … Complex mission n IA Subcommittee (SC/4) n NATO Public Key Infrastructure n Cyber Defence Programme n Others Areas of Interest n Summary UNCLASSIFIED 2
NATO HQ NATO INFOSEC / IA Authorities C Staff 3 Where INFOSEC / Information Assurance occurs in NATO … and some preliminary information about NATO organizational structures UNCLASSIFIED 3
NATO HQ NATO INFOSEC / IA Authorities C Staff 3 NAC NATO Security Committee WG/1 CIS Security (1) NATO C 3(1) Board Military Committee SC/4 - IA Subcommittee Consultation Command Control UNCLASSIFIED 4
Preliminary info UNCLASSIFIED NATO HQ 3 C Staff 5
Preliminary info NATO HQ (Cont’d) 3 C Staff NATO Headquarters C 3 Staff UNCLASSIFIED 6
Preliminary info NATO HQ (Cont’d) 3 C Staff INFOSEC Branch Support to: Ø NATO C 3 Board - Information Assurance Sub-committee (IA SC) - NATO PKI Management Authority (NPMA) - NATO PKI Advisory Cell (PAC) - NATO Computer Incident Response Capability (NCIRC) Ø Military Committee - Cryptographic products security approval process - Capability Packages development - Advice on cryptographic aspects/solutions UNCLASSIFIED 7
Senior Level Attention NATO HQ 3 C Staff NATO Transformation Summit at Riga, Latvia Nov 06 UNCLASSIFIED 8
Transformational Summit Riga (Latvia) Nov 06 n n n NATO HQ 3 C Staff CIS will make a major contribution in meeting the new challenges; Nations were invited to commit themselves to NNEC based capabilities implementation; Security or Information Assurance (IA) will serve as an enabler for NNEC (pacing technology); Avoid diverging national developments when dealing with EU capability implementations and to keep in close contact with the NHQC 3 S; NC 3 B role in Governance on NNEC and in the Defence Against Terrorism (DAT) which includes Cyber Defence (CD) aspects. UNCLASSIFIED 9
And Now NATO HQ 3 C Staff Information Assurance Complex Mission Agreed Description IA Sub-committee UNCLASSIFIED 10
Complexity of … NATO HQ NS C A ittee I m om 4 b-c C/ Su S Protecting Information = IA UNCLASSIFIED 3 C Staff Multipl e Bodies 11
IA Description NATO HQ 3 C Staff Is it a kind of Insurance like a full “casco/helmet”? WHAT IS IA ? INFOSEC: Transmitted and/or Stored information? Risk Management Information Management Aspects: Labelling & Marking … but also Handling of Information UNCLASSIFIED 12
IA description n NATO HQ 3 C Staff Information shall be protected by applying the principle of Information Assurance (IA), which is described as the set of measures to achieve a given level of confidence in the protection of communication, information and other electronic systems, non-electronic systems, and the information that is stored, processed or transmitted in these systems with respect to confidentiality, integrity, availability, nonrepudiation and authentication UNCLASSIFIED 13
NATO HQ NATO INFOSEC / IA Authorities C Staff 3 NAC NATO Security Committee WG/1 CIS Security (1) NATO C 3(1) Board Military Committee SC/4 - IA Subcommittee Consultation Command Control UNCLASSIFIED 14
NATO HQ NC 3 B Sub-Structure 3 C Staff NAC NATO SECURITY COMMITTEE NATO MILITARY COMMITTEE NATO HQ NC 3 B WG/1 3 CStaff NC 3 REPS NATO PKI Management Authority PKI Advisory Cell CICG SC/1 C 3 CC SC SC/3 SM FMSC Civ/Mil SC/5 IIS IS SC SC/6 CNS SC SC/7 IDENT SC SC/8 NAV SC SC/4 IA SC Open to Partners ¹ Sub-Committees Meets with Partners ¹ No meetings currently planned with Partners Provides INFOSEC Technical and Implementation Directives and Guidance UNCLASSIFIED SC/1 = C 3 Capabilities Coherence SC/3 = Frequency Management SC/4 = Information Assurance SC/5 = Information Services SC/6 = Communication and Network Services SC/7 = Identification SC/8 = Navigation 15
Mission of IA SC (SC/4) NATO HQ 3 C Staff Support NC 3 B in achieving protection of NATO information stored, processed or transmitted in communication, information and other electronic systems against loss of Confidentiality, Integrity and Availability and to prevent loss of integrity or availability of the systems themselves. The INFORMATION ASSURANCE SC also supports the MC and the NATO Security Committee (NSC) by responding to urgent matters of, respectively, an operational or a security policy nature. UNCLASSIFIED 16
SC/4 Composition 1. 3 C Staff National representatives Ø 2. NATO HQ BEL, BGR, CAN, CZE, DNK, EST, FRA, DEU, GRC, HUN, ISL, ITA, LVA, LTU, LUX, NLD, NOR, POL, PRT, ROU, SVK, SVN, ESP, TUR, GBR, USA; Other representatives: a. b. c. d. Strategic Commands (SCs); NATO Office of Security (NOS); Defence Investment (Infrastructure Committee); NATO Agencies (e. g. NC 3 A, NCSA, NACMA, SECAN, DACAN, EUSEC, EUDAC); UNCLASSIFIED 17
NATO HQ 3 C Staff UNCLASSIFIED 18
NATO HQ Relationships 3 C Staff s t en m ire qu e NATO C 3 BOARD r. R e th Military Committee O NC 3 A SC/4 IA SHAPE / ACO Requirements NCSA ACT SECAN DACAN EUSEC NACMA EUDAC Provides technical support, as needed UNCLASSIFIED 19
Role of SC/4 n n n n NATO HQ 3 C Staff Develop Technical and Implementation Directives and Guidance in support of NATO Security Policy: C-M(2002)49 Assist in Identification and Formulation of INFOSEC/IA Requirements Promote Interoperability Between NATO and NATO Nations, Non-NATO Nations and International Organizations Advise the NATO Security Committee on Implications for NATO Security Policy Contribute to the Identification of Vulnerabilities Provide a Forum for Exchange of Information and Ideas Maintain Technological Awareness of Developments That May Affect Security Monitor and Assess the INFOSEC Projects Within the NC 3 A UNCLASSIFIED 20
IA Sub-Committee Sub. Structure Staff co-Chairman Col. Enrico BOLOGNA SCIP AHWG (AHWG/6) IA SC AC/322 (SC/4) NATO/NON-NATO CO-OPERATION AHWG (AHWG/11) CSPTF TF NATO HQ 3 C Staff National Co-chairman Mr. Stew Graf CRYPTOGRAPHIC DOCUMENTATION AHWG (AHWG/14) IPSec TF UNCLASSIFIED TECHNICAL INFOSEC DOCUMENTATION AHWG (AHWG/15) TC Syndicates IPSec TF 21
New IA Sub-Committee Sub-Structure NATO HQ 3 C Staff IA SC AC/322 (SC/4) AHWG/1 Cross domain Issues AHWG/3 Security Management Infrastructure AHWG/2 Technical IA Services AHWG/4 Cryptographic Services AHWG/5 Reserved UNCLASSIFIED 22
And Then NATO HQ 3 C Staff Information Assurance NATO Public Key Infrastructure NPMA & PAC MILESTONES One example of ongoing initiatives and challenging implementation UNCLASSIFIED 23
NATO Public Key Infrastructure (NPKI) ü ü ü NATO HQ 3 C Staff NPMA & PAC The NATO PKI Management Authority (NPMA) serves as the executive agent for the development and operation of the NATO PKI. NPMA primary focus is to establish and maintain the desired level of trust when providing PKI services to NATO users and when defining the rules for interoperation with other PKIs. The NATO PKI Advisory Cell (PAC) provides assistance to the NPMA on legal issues, technical issues, and current NATO standard operating procedures. UNCLASSIFIED 24
NPKI Relationships NATO HQ 3 C Staff NC 3 B SC/5 NPMA SC/4 CES PAC SMI NOTES CES SMI : Tasking Authority : Co-ordination : Deliverables : Common Enterprise Services : Security Management Infrastructure UNCLASSIFIED 25
NPKI Governance & Operational NATO HQ 3 C Staff NC 3 B NPMA PAC Tier 1 Root CA (DACAN) Tier 2 Certification Authorities (NITC, NCSA and other appropriate authorities) Tier 3 SUBORDINATE CAs or RAs UNCLASSIFIED 26
NPKI Milestones ü ü ü NATO HQ 3 C Staff NPMA and PAC establishment; Certificate Policy approval; Interoperability Directive production; Root Certificate Authority (CA) deployment; First Sub-CA activation; Provision of certificate services to projects. UNCLASSIFIED 27
Ongoing initiatives & implementation - NRo. I UNCLASSIFIED NATO HQ 3 C Staff 28
NRo. I PKI Architecture Disk Encryption VPN Secure Mail UNCLASSIFIED NATO HQ 3 C Staff Secure Web 29
And More NATO HQ 3 C Staff Information Assurance Cyber Defence Programme NATO Computer Incident Response Capability NCIRC + Intrusion Detection Systems NCIRC Management NCIRC Services UNCLASSIFIED 30
Cyber Defence Programme NATO HQ 3 C Staff Phase 1: NCIRC IOC + IDS n n n NCIRC IOC: 16 DEC 2004 NCIRC + IDS IOC: 28 NOV 2006 IDS Sensors at Critical NATO Network Interfaces; 74 IDS Sensors are operational (37 on NS & 37 on NU Networks) Phase 2: IMPLEMENT CAPABILITIES TO OVERCOME THE VULNERABILITIES n Continuation of Implementing CD Projects: n Transition from NCIRC IOC to FOC (2008 -2012) n Security Training and Awareness Programme n Implementation of Public Key Infrastructure n Modernise NATO Key Management Systems Phase 3: IDENTIFY MINIMUM REQUIREMENTS AND RESOURCES IN ELIMINATING OR MITIGATING OTHER VULNERABILITIES Broaden CD view n Legal Aspects n New Technology n CIS NATO-wide Enterprise Continuity Plan UNCLASSIFIED 31
NCIRC NATO HQ 3 C Staff ü NCIRC authority delegated by Nations in decisions of NAC üCyber Defence Capability ü To respond to COMPUSEC threats and vulnerabilities; ü To Handle and Report incidents and disseminate incident-related information ü To Concentrate Incident Handling into one centralized and co-ordinated effort; ü To Mitigate effects of COMPUSEC related problems. üCo-operation of all NATO civil and military bodies, as well as final users ü NCIRC is a tool to reduce the Computer Security Risks supporting NATO by performing the services defined in NCIRC CONOPS. UNCLASSIFIED 32
NATO HQ NCIRC Organisation NATO Security Committee TIER 1 NATO C 3 Board NCIRC CO-ORDINATION CENTRE (CC) NATO CIS Security Accreditation Board (NSAB) NOS ACO Intel ACT OS NATO Office of Security (NOS) & NHQC 3 Staff INFOSEC Branch Other SABs (e. g. BICES, ACCS, BRASS) TIER 2 3 C Staff CI and Law Enforcement CERTs Forum of Incident Response & Security Teams (FIRST) NCIRC TECHNICAL CENTRE (TC) Other CERTs NCSA/NITC (With Scientific Support from NC 3 A) TIER 3 NCSA SECAN National Govt. Non-Govt. Commercial NATO Civil & Military Bodies for assigned CIS Local CIS Operating Authorities UNCLASSIFIED 33
NCIRC Services n n NATO HQ 3 C Staff Development of OS Security settings (Vista, Solaris) NCIRC Security Bulletins & Reports On site VA in conjunction with SECAN Anti-Malware Management Releasing of AV updates n Handling of AV support calls/requests n Field support visiting INFOSEC T & A Programme Mail content monitoring Web Sites protection Forensics along with NC 3 A n n n UNCLASSIFIED 34
To be Effectively Involved NATO HQ 3 C Staff Others Areas of Interest Capability Package development & implementation INFOSEC Capability Package (Crypto Mod / Transformation) NATO Network Enabled Capability SCIP & IP Sec examples of ongoing initiatives and challenging implementation UNCLASSIFIED 35
Capability Life-Cycle Process Concept & Requirements Development n n n Capability Definition Capability Realisation NATO HQ 3 C Staff Capability Usage Nations / organisations have many variants of this, but the overall pattern is the same The development and provision of interoperability is an integral part of this process This is not a linear process - reiteration and evolution are needed UNCLASSIFIED 36
CP Approval Process NATO HQ 3 C Staff Submit SCs SUPPORTS DEVELOPMENT C 3 Policy/ technical NC 3 A REVIEWS NHQC 3 S NC 3 B operational IMS MC resources IS SRB NAC/DPC UNCLASSIFIED Endorse Approve 37
NATO HQ Bi-SC AIS Development Lines C Staff 3 2006 2007 CP 5 A 0050/9 B 0020: CORE Services CP 5 A 0004: MMHS Project CP 5 A 0005 : ACE ACCIS Step 5 CP 5 A 0007 OPS Functional Services ( Joint, Air, Land) CP 9 B 3013: MAR OPS CCIS 2008 2009 2010 CP 9 C 0150 Core AIS for Static Commands CP 9 C 0107 OPS Functional Services ( Joint, Air, Land Maritime) CP 0 A 0110: INTEL Functional Services CP 9 C 0103: LOG Functional Services … CP 5 A 0053/9 B 0010: PERS Functional Services n n n Assess the suitability of projects to support EBAO and TOAs Make Development Lines for individual projects Identify service specification requirements Determine maturity levels Adjust the projects UNCLASSIFIED 38
INFOSEC CP Projects UNCLASSIFIED NATO HQ 3 C Staff 39
Ongoing initiatives & implementation - SCIP n n NATO HQ 3 C Staff Secure Communications Interoperability Protocol n Derived from the US FNBDT programme n Protocols offered to NATO Allows the end-to-end secure communications: n over a range of network technology n and supports a range of security algorithms Collaboration between multiple nations, industry, an IICWG, NATO n i. e. many moving parts Interoperability testing conducted with prototypes Oct 06 UNCLASSIFIED 40
Ongoing initiatives & implementation - SCIP NATO HQ 3 C Staff NGCS/NDN Voice Gateway NGCS NDN NSP 2 K SCIP terminal GSM, PMR, PSTN. . . National Tactical (4578) NATO DCM SCIP terminal UNCLASSIFIED 41
Ongoing initiatives & implementation - IP Sec n n NATO HQ 3 C Staff The establishment of a Protected Core Network (PCN) requires interoperable secure IP services The development / identification of specifications for secure IP is being developed through an IP Security Task Force under the NATO C 3 Board - SC/4 & SC/6 NINE - NII IP Network Encryption NINE is not a device n The NINE Interface Specification should state how a NINE device interoperates with other devices/networks UNCLASSIFIED 42
Protected Core UNCLASSIFIED NATO HQ 3 C Staff 43
Summary n n NATO HQ 3 C Staff Protecting Information is Complex Policy, Directives, Guidance and Oversight Provide Common Agreed Methods for Protection Collaborative Process Between NATO Bodies and NATO Nations n Focus on key lines of development n The parallel lines of development (national and NATO) need to be closely co-ordinated (NC 3 B - NNEC governance role ? ) n Test Service and Interface Specifications in the development process and when integrated in capability Requires Constant Vigilance UNCLASSIFIED 44
NATO HQ 3 C Staff Questions? UNCLASSIFIED Colonel Enrico Bologna ITAAR 45 NHQC 3 S – INFOSEC Branch Chief
b996b8be895e7a8b3901858151f17cc5.ppt