NATO Information Assurance 5 June 2009 AFCEA Tech

NATO Information Assurance 5 June 2009 AFCEA Tech. Net Europe 2009 A NATO view of the application of Information Assurance Techniques NATO CIS Services Agency

Outline • • NC 3 Organization NCSA NATO Information Assurance Identity Management CONNECTING NATO UNCLASSIFIED 2

NC 3 Organization NC 3 Organisation NATO C 3 Board (NC 3 Board) SACEUR NC 3 Reps NATO C 3 Agency (NC 3 A) CONNECTING NATO CIS SERVICES AGENCY (NCSA) NATO UNCLASSIFIED 3

NCSA Mission To ensure the provision of secure end-to-end information exchange services and information processing services required for NATO Consultation, Command Control, using fielded Communications and Information Systems in the most cost effective manner. CONNECTING NATO UNCLASSIFIED 4

Current NCSA Structure NCSA HQ NCISS Latina MONS Mons Sector Norfolk Sector Izmir Sector Brunssum Sector Ramstein Sector Naples Sector Madrid Sector 1 NATO Signal Bn Maastricht Deployable 2 NATO Signal Bn Naples CONNECTING NATO UNCLASSIFIED Lisbon Sector Heidelberg Sector Northwood Sector Total PE: ~ 3300 5

NCSA Areas of Responsibility IC CA NO EN LG LH US Norfolk Sector Mons Sector Brunssum Sector (includes CLD-B) Naples Sector (includes CLD-N) Northwood Sector Madrid Sector Lisbon Sector Izmir Sector UK NL. BE Lux. CZ. FR PO SP PL GE SI IT SZ HU RO BU TU GR Heidelberg Sector and Ramstein Sector without assigned AOR EUFOR CONNECTING NATO UNCLASSIFIED KFOR ISAF IRAQ 6

INFOSEC -> IA • • NATO definition NNEC enabler Risk management Strong authentication CONNECTING NATO UNCLASSIFIED 7

SMI Services • • • Identity management Credential management Attribute management Privilege management Digital policy mangement CONNECTING NATO UNCLASSIFIED 8

SMI Services • • IA configuration management Crypto key management IA metadata management IA audit managment CONNECTING NATO UNCLASSIFIED 9

NATO Identity Management • EAPC(AC/322 -SC/5 -WG/5)WP(2009)0001 NATO Identity Management (NId. M) • AC/322 -D(2005)0044 INFOSEC Technical And Implementation Guidance On Identification and Authentication • AC/322 -D(2004)0024 REV 2 NATO Public Key Infrastructure (NPKI) Certificate Policy (Cert. P) Rev 2 CONNECTING NATO UNCLASSIFIED 10

NATO Identity Management • Passwords • Tokens • Biometrics CONNECTING NATO UNCLASSIFIED 11

NPKI • • Information sharing Effects-based approach Improved decision making Physical access control CONNECTING NATO UNCLASSIFIED 12

NPKI Today • Office Communication Suite (OCS) • NATO Restricted (NR) network • NEKMS CONNECTING NATO UNCLASSIFIED 13

NATO Information Assurance • • • Email Content Checking Mail guards OS/applications security settings Forensic capability Security event management • IDS • Firewalls • Anti-virus software CONNECTING NATO UNCLASSIFIED 14

IA Threats • • Spam Malware Web defacements User indiscretions Targeted attacks Classified information leakage Vulnerabilities exposed by poor maintenance • System privilege abuse CONNECTING NATO UNCLASSIFIED 15

IA Future • • • Increased capacity Smarter tools Centralized management Consolidated IA picture Faster reaction CONNECTING NATO UNCLASSIFIED 16

Conclusion • • Speed up Cooperate closely Do not forget the human factor Flexibility and mobility CONNECTING NATO UNCLASSIFIED 17

Questions? CONNECTING NATO UNCLASSIFIED 18