June 1, 2016 | Author: Trangnhung Pham | Category: N/A
Download An Introductory Study to Cyber Security in NEC...
NECCS-1 Network Enabled Capability Cyber Security An Introductory Study to Cyber Security in NEC Néstor Ganuza (CCDCOE) Alberto Hernández and Daniel Benavente (ISDEFE)
June 2011
© 2011 NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) NATO Cooperative Cyber Defence Centre of Excellence (CCD COE) 12 Filtri Tee. 10132 Tallinn, ESTONIA
[email protected] www.ccdcoe.org The text and figures in this document may be reproduced free of charge in any format or medium, providing it is reproduced accurately and not used in a misleading context. The material must be acknowledged as CCDCOE copyright, and the title and authors of the document specified. The views, opinions, and/or findings and recommendations contained in this study are those of the authors and should not be construed as an official position, policy, or decision of NATO or any NATO entity.
[2]
[3]
[4]
Preface It was with great pleasure that I received the invitation from Lieutenant Colonel Néstor Ganuza (Spanish Army) to prepare the preface for this document, the “NECCS-1: An Introductory Study to Cyber Security in NEC.” I immediately thought about two reasons why this would be a gratifying experience. First, because this topic hits on the paradox that appears when we combine Network-Enabled Capabilities (NEC) and security in the same sentence. And second, because it combines my favorite two topics that I have been dealing with during the last 11 years: NATO NEC (as the NNEC Branch Head for the NATO Supreme Allied Command Transformation), and security and cyber Defence (as INFOSEC expert at NATO Headquarters and then INFOSEC senior project manager at the NATO C3 Agency). The first thought that came to my mind when I first received the manuscript was the unbelievable scope of the document. It is simply…massive! It deals with NEC in several environments (NATO, European Union, and private sector). With cyber security, including technical and human factors. With information protection. With doctrine, with interoperability and training. And the list could go on and on. Reading throughout, I realized that the text encompasses a vast amount of information in different but interrelated topics. They might be used as an introduction to a wide array of topics, but also as a departing point for further detailed analysis. All of it, perhaps for the first time, focuses on the need to bring along NEC and security in good harmony. Even if this version is not yet completely aligned with the NATO Allied Command Transformation (ACT) existing NNEC body of knowledge, the concepts and principles will allow the reader to better understand the challenges that current information security imposes on the development of NEC. The second thought was how anyone could even try to resolve the paradox that I mentioned before. While information security and cyber defence try to minimize and carefully scrutinize the interconnections between systems and the information exchanged across them (following the “need-to-know” paradigm), NEC looks to maximize information sharing and availability across the mission, as stated by the NEC slogan, “share to win.” Acknowledging that
[5]
both security and information sharing are essential for military operations, how can we overcome this apparent contradiction in today’s military operations? But then I was not surprised at all. The document has been prepared by highly qualified experts from the Cooperative Cyber Defence Centre of Excellence (CCDCOE). The CCDCOE is a major stakeholder in the development of Cyber Security in NATO and has within its ranks very well prepared professionals like the authors of this report: Lieutenant Colonel Néstor Ganuza (Spanish Army), as well as Alberto Hernández and Daniel Benavente (both from the company ISDEFE, which supports the Centre of Excellence). I have had the pleasure to know them for some time and to share some good technical and philosophical discussions in all those NATO events we organize to resolve the apparently unsolvable problems of the war fighters. But I will not take any more time from you, dear reader. Go on and submerge yourselves in the report. Read it sequentially or jump between the different sections. The organization of the document allows you to do so. I am sure that you will find many sections of interest, whatever reason brought you to take this book into your hands. Let your eyes comprehend the fundamentals that the authors have compiled for you, and let your mind develop the consequences of what you have read. You will not be disappointed.
Colonel Frederic SAKHOCHIAN French Armament Corps ACT/C4ISR&N/NNEC Branch Head Norfolk, May 2011
[6]
Table of Contents PREFACE
5
INTRODUCTION
11
NETWORK ENABLED CAPABILITY
15
NEC DIMENSIONS NEC BENEFITS CHAIN NEC MATURITY LEVELS
17 22 25
NEC IN NATO (NNEC)
27
NNEC VISION AND CONCEPT NNEC ARCHITECTURES NNEC ROADMAP
27 28 29
NEC IN THE EU
31
NEC IN PRIVATE SECTOR
33
NEC IN PUBLIC SECTOR AND DEFENCE
39
CRITICAL INFORMATION INFRASTRUCTURE PROTECTION (CIIP)
45
CYBER SECURITY
47
CYBER SECURITY IN NATO CYBER SECURITY IN EU CYBER SECURITY IN THE INTERNATIONAL CONTEXT
49 55 57
CYBER SECURITY IN NEC (NECCS)
65
NECCS. THE HUMAN FACTOR NECCS. THE INFORMATION NECCS. THE NETWORKING AND INFORMATION INFRASTRUCTURE (NII) NECCS. THE SERVICES NECCS. THE TECHNOLOGY NECCS. THE INDUSTRY NECCS. THE CULTURE NECCS. THE COSTS AND BENEFITS
67 71 80 86 88 90 91 93
[7]
NECCS CHALLENGES
95
SINGLE INFORMATION DOMAIN TRUSTED INFORMATION DOMAIN BALANCED INFORMATION DOMAIN CROSS DOMAIN COLLABORATION TECHNOLOGICAL CHALLENGES TEMPEST FORENSICS CHANGE MANAGEMENT RISK MANAGEMENT SECURITY AUDIT SECURITY WITH PARTNERS ACTIVE CYBER SECURITY
95 97 99 114 116 130 132 133 135 137 138 140
NECCS WAY AHEAD (DOTMLPFI)
141
DOCTRINE ORGANIZATION TRAINING AND EDUCATION MATERIEL LEADERSHIP PERSONNEL FACILITIES INTEROPERABILITY DOTMLPFIS
143 144 146 154 156 157 158 159 159
CONCLUDING CONSIDERATIONS
161
LIST OF ACRONYMS
163
GLOSSARY
167
BIBLIOGRAPHY
171
ABOUT NATO CCDCOE
175
ABOUT ISDEFE
176
ABOUT THE AUTHORS
177
ABOUT NECCS-2
179
[8]
Table of Figures Figure 1. NEC vision ................................................................................................................. 15 Figure 2. NEC slogan ................................................................................................................ 16 Figure 3. NECCS dimensions .................................................................................................... 19 Figure 4. NEC information map ............................................................................................... 19 Figure 5. NEC information map ............................................................................................... 19 Figure 6. New security mentality............................................................................................. 20 Figure 7. Networking and Information Infrastructure (NII)..................................................... 21 Figure 8. NEC benefits chain .................................................................................................... 22 Figure 9. NEC implementation process ................................................................................... 24 Figure 10. NEC maturity levels ................................................................................................ 26 Figure 11. The conversation prism by Brian Solis and JESS3 ................................................... 37 Figure 12. NEC national initiatives........................................................................................... 43 Figure 13. Critical infrastructure strategic sectors .................................................................. 46 Figure 14. Security jargon ........................................................................................................ 47 Figure 15. NATO CIS security regulation body ........................................................................ 49 Figure 16. NECCS concept ....................................................................................................... 66 Figure 17. NECCS implementation .......................................................................................... 67 Figure 18. NECCS education cycle ........................................................................................... 69 Figure 19. Security vicious cycle .............................................................................................. 70 Figure 20. Information efficiency requirements ..................................................................... 71 Figure 21. Need to know vs Need to share ............................................................................. 73 Figure 22. NEC Information Classification ............................................................................... 79 Figure 23. Main Aspects of Networking and Information Infrastructure................................ 81 Figure 24. Protected Core Network......................................................................................... 83 Figure 25. NEC top-down implementation.............................................................................. 88 Figure 26. NEC bottom-up implementation ............................................................................ 89 Figure 27. NECCS industry ....................................................................................................... 90 Figure 28. NECCS cultural revolution ...................................................................................... 91 Figure 29. Security reliability cycle .......................................................................................... 93 Figure 30. Trusted information domain .................................................................................. 98 Figure 31. Balanced information domain ................................................................................ 99 Figure 32. Open network vs. secure network ....................................................................... 101 Figure 33. Need to share vs. need to know ........................................................................... 103 Figure 34. Security, information superiority and decision making ....................................... 104 Figure 35. Decision making vs. Security ................................................................................ 105 Figure 36. Security, information superiority and decision making ....................................... 106 Figure 37. Operation vs. Security .......................................................................................... 107 Figure 38. Security certificate and information superiority .................................................. 109 Figure 39. State of art vs. security guaranteed ..................................................................... 110 Figure 40. Risks of privacy ..................................................................................................... 112 Figure 41. Privacy vs. Network monitoring ........................................................................... 113
[9]
Figure 42. Global cross domain collaboration ....................................................................... 115 Figure 43. Internal cross domain collaboration .................................................................... 115 Figure 44. NECCS technology challenges............................................................................... 116 Figure 45. Secure Communications Capability ...................................................................... 121 Figure 46. Multiple-certified encryption ............................................................................... 125 Figure 47. TEMPEST evolution ............................................................................................... 131 Figure 48. Forensic capability aspects ................................................................................... 132 Figure 49. Change management aspects .............................................................................. 133 Figure 50. Dynamic risk management aspects ...................................................................... 136 Figure 51. NECCS audit .......................................................................................................... 137 Figure 52. NEC Organization .................................................................................................. 139 Figure 53. NECCS planning .................................................................................................... 142 Figure 54. NECCS doctrine ..................................................................................................... 144 Figure 55. NECCS education .................................................................................................. 146 Figure 56. NECCS education principles .................................................................................. 147 Figure 57. NECCS education activities ................................................................................... 148 Figure 58. NECCS Education methods ................................................................................... 150 Figure 59. NECCS Education Cycle ......................................................................................... 153 Figure 60. NECCS materiel ..................................................................................................... 155 Figure 61. NEC decision process ............................................................................................ 156 Figure 62. NECCS personnel plan .......................................................................................... 157 Figure 63. NECCS facilities protection ................................................................................... 158
[10]
Introduction
The technological revolution that began in the late twentieth century has had a major impact on all aspects of modern society, from economic to political, social, cultural, and even in the manner that people relate to one another. This revolution has allowed the quick exchange of information, often instantly, regardless of size and physical separation between origin and destination, as never before. The enhancement of the information exchanging capacity has also stimulated the information demand, giving rise to the information age in which the information is the centerpiece of every business. The information age has contributed decisively to the globalization phenomenon, where borders between countries are limited to physical boundaries that do not pose an obstacle for the possibilities of communication and knowledge exchange among peoples and individuals. The technological revolution, the information age, and globalization bring with it a new fashion of human relationship, the emerging information society, where opportunities for success revolve around efficient use of the vast amount of information available. Information is the hub of all activity, and consequently the information society is highly dependent on information systems. Not surprisingly, the development and rule of information society in developed countries is, at the same time, both its great strength and great weakness. The risks associated with information society are numerous, among which include: a. A larger and more complex criminal activity carried out by organized groups or individuals; b. a more prolific terrorist activity making wide use of cyberspace to commit or support their operations; c. a larger and more complex espionage activity -- industrial, military or political; d. more attacks against critical national infrastructure, including information infrastructure, civil liberties, and the critical services of modern democratic societies;
[11]
e. more camouflaged attacks orchestrated by states and hidden under the guise of attacks originating from criminal gangs, political activists, etc.; and finally f.
a greater participation of private citizens in malicious actions driven by ignorance, curiosity, fun, challenge, or profit.
In short, numerous risks due to the attraction of cyber space, which offers higher returns, comprehensiveness, ease, and impunity for all such activities. However, despite the risks of a society increasingly interconnected, the digital trend is unstoppable. Hence, we have to face the future as it is and manage the associated risks. A Network Enabled Capability (NEC) offers a new cognitive and technical environment based on taking advantage of state of the art information technology, with the ultimate goal of reaching superiority in information that places the NEC owner in an advantage over his or her adversaries. Information superiority is reached when the timeliness and quality of the information in hands-on decision makers at all levels – strategic, operational, and tactical - is superior to their adversaries. However, the timeliness and quality of the information largely depend on ensuring sufficiently its availability, integrity, and confidentiality; and this is a matter of information assurance and cyber security. This paper is an unclassified, releasable, and self-contained white paper1, and it is intended to provide a conceptual and comprehensive overview to popularize, inform, and instruct about NEC Cyber Security as well as to promote awareness of specific cyber security issues that have to be considered in an NEC implementation. In particular, it is aimed at analyzing the optimal conditions for information protection in an NEC domain to achieve information superiority from a strategic perspective. The structure of the paper consists of: a. Introductory contents: Preface and Introduction. b. Context study: the aim of this part is to contribute to the self-containment of the paper by providing a brief, general explanation of the two main components of the subject (cyber security in NEC) separately. First, Network Enabled Capability (NEC) is tackled and afterwards Cyber Security (CS). It is not a detailed study, but rather just an introduction to NEC and CS concepts, with the aim to provide general information that helps the reader understand Part C, which is the core topic.
1
A white paper is an authoritative report or guide that often addresses issues and how to solve them. White papers are used to educate readers and help people make decisions. They are often used in politics, business, and technical fields.
[12]
c. Core study: the aim of this part is specifically to study the NEC Cyber Security (NECCS) issue through three tracks: NECCS components, challenges, and next steps. d. Complementary Content: the aim of this part is to provide information that may facilitate the understanding of the text, including a glossary, a list of acronyms and a bibliography.
[13]
[14]
Chapter 1
Network Enabled Capability
NEC is a concept that currently transcends its own name – Network Enabled Capability and goes beyond a simple capacity based on networks. NEC relates to a method of doing business. NEC is the need and obligation to integrate available technology and the way members of an organization communicate and relate to the goal of achieving the best possible results through the synergy of efforts. NEC entails the generalized, secure, and wise use of information technology infrastructure and information systems, integrated and coordinated with business processes and human networking. The goal of NEC is to place the organization at an advantage against its competitors
Business Processes
Information Technology
Human Networking
The way to get it depends on the ability to harness the available technology and to integrate the human factor. In any case, the solution passes through a flexible and dynamic decision-making process, together with a continued risk assessment exercise.
Competitive Advantage
Figure 1. NEC vision
NEC is a concept and a culture, not subject to a particular business or geographical area, where information is the centerpiece. The presence of NEC in the private sector is significant and ahead of government and military sector. The advantages of emerging technologies have been understood by the private sector as an enhancement of operational effectiveness. Dominant competitors have used the technology to achieve information superiority and translate it into a business competitive advantage. These competitors have accomplished this by
[15]
exploiting information technology through evolving their networking capabilities to provide their customers with more value. In the defence sector, especially in the conduct of military operations, NEC is recognized as an enabler for improving operational effectiveness and refers to an information superiority-enabled concept that increases better operational effects by interconnecting different systems (sensors, NEC is about the right information at the right arms, and command operation centers) in collaborative planning, place at the right time; evaluation, and execution levels and in a secure manner. It is thus, it is about related to the improvement of the common operational picture information integrity, and situational awareness. However, the complexity of its confidentiality, and implementation, in conjunction with problems related to availability. information security, makes minimal its establishment on today. It is important to note that in different nations or organizations the same concept is managed under different names, and thus we have Network Centric Warfare (NCW) or Network Centric Operations (NCO) in the United States; Network Enabled Capability (NEC) in the United Kingdom, Network Based Defence in Sweden, Ubiquitous Command and Control (UC2) in Australia, or NATO NetworkEnabled Capability (NNEC) in NATO. Fast, secure, and right time information access and sharing are crucial for information superiority, and they determine all the activities oriented to NEC implementation. As is usually mentioned, NEC is about the right information at the right place at the right time; thus, it is about information integrity, confidentiality, and availability.
Figure 2. NEC slogan
[16]
1.1.
NEC Dimensions
An NEC implementation is a long and complicated evolutionary process. Most NEC initiatives from different nations have defined four areas to where efforts are generally being directed. Although they are not intended to be a sequential milestone group, should be treated in parallel way. These four areas are described below. Technical area: Challenges related to technology are the first to be achieved. Network sizing, interoperability, quality of service, and security requirements are some of the technological goals to be defined first. For this objective, partnership with industry is vital. After that, current information systems should be adapted and evolved in order to satisfy all requirements although in many cases it will be necessary to develop new technologies and new systems. Information Area:”Share to win” reflects the vision of NEC, and the achievement of information sharing capability is considered main goal. Information accuracy is also a requirement. Either an uncontrolled excess of information or a loss of its integrity is equally harmful. The “need to know” principle apparently is displaced by “share to win,” but actually they should exist together. Information classification is an important issue since it contributes to the accuracy of information by protecting it against unauthorized access or modification. Also, it is necessary to learn how to use this information and gain advantage of decision making. “Share to win” is a concept oriented to ensure that policies, procedures, and systems are developed and implemented with an inherent capability to share information, together with the necessary security mechanisms to manage dynamically access rights, ensuring that only authorized users may access the information. Finally, the questions about how to obtain the information, with whom we may share it, and how to assure it make it necessary to develop and agree on security policies. People area: People should be trained on both technical and procedural features in order to gain enough knowledge for using systems to manage, obtain, share, and use information safely. It is necessary to create a new culture where sharing and trust are routine issues.
[17]
Coordination, integration, and decision making area: This area includes the remaining points that will support the NEC accomplishment. The combination of all types of information obtained in right time through NEC elements and a structured analysis that identifies the relationships among them can convert the information in knowledge, improve the decision making, and finally obtain all benefits of NEC. In summary, NEC is so big and complex issue that it needs to be decomposed into smaller parts associated with specific communities of expertise to make the problem manageable. There are different approaches for decomposing NEC, among which are the following: a. Networks, Information, and People. Decomposition invoked by the UK.2 b. Policy and Doctrine, Processes, Information and Assets. Decomposition invoked by NATO ACT.3 c. Technical, Information, People and Coordination, Integration and Decision Making areas. Decomposition described in focus areas mentioned above. The component that all decompositions have in common is “Information;” this is not strange since information is the centerpiece of NEC, and this will be reflected permanently in the study of the security in NEC. However, at the same time information is not valuable in itself, but crucial in the decision making process. In the decomposition invoked by ACT, people and networks are considered too large to embrace. Therefore, it is preferable to address them through aspects more concrete as policy and doctrine to address people and processes and assets to address networks. Nevertheless, all decompositions are based on aspects that can be grouped into three dimensions: technology, human, and knowledge dimensions; not in vain NEC entails a technological, cultural and cognitive revolution. Hence, in this introductory study of NECCS, with no intention to make more complex the NEC decomposition issue but the opposite, the three dimensions mentioned above are considered. NECCS in this initial stage will be composed of three overlapping and mutually dependent dimensions: Information, People, and Networking and Information Infrastructure (NII). They have in common the need of a set of security measures and policies focused on them and/or implemented by them.
2 3
NEC handbook (JSP 777 Edn1) ACT-NNEC-FAQ-001/01 March 2010
[18]
Finally are crucial all complementary activities to link the three dimensions: policy, doctrine, processes, services, technology, industry, culture, partners, etc. Below it is described the three NEC main dimensions -information, people and NII. Figure 3. NECCS dimensions
1.1.1.
Information
The main objective of NEC is to get better outcomes through having decision superiority over adversaries and competitors. Decision superiority is the ability of all elements of the system, mainly people, to make the optimal decisions that each situation requires. Decisions are typically based on the intellectual capacity and human values of the decision makers and on their accurate and realistic knowledge of the situation, means, and others influential elements. It is not the objective of NEC to get decision superiority by improving the personal capabilities of decision makers, but instead by providing them with as much accurate, real, timely, and reliable information as possible. A cyber security has its particular role in it. Concepts such as information superiority, information management, information exploitation, information sharing, and information assurance play important, overlapping, and mutually dependent roles in the implementation of an NEC. Indeed, everything in NEC revolves around information.
Figure 5. NEC information map
[19]
1.1.2.
People
People are involved somehow in any project; but in the case of the establishment of NEC, people play more than a routine role. NEC entails a cultural revolution that affects the daily work of every one of the users, as well as changes that have to be understood and accepted. In regard to people, NEC requires big changes in the traditional way of doing business. Specifically, NEC involves: a. The need of awareness, training, and exercising of every one of the members of the organization (all member will be users of the information systems embraced by the organization’s NEC) in the domains of information management and information assurance, with special attention to information sharing. b. More prominence and responsibilities for ordinary users in the decision-making process and in the business performance. c. Some diminution, reduction, or limitation of the power or authority, as traditionally understood, by the higher echelons of the organization. In short, there is a wider horizontal distribution of the responsibilities in the decisionmaking process. This involves major changes in roles, responsibilities, and mentality of both ordinary users and higher echelons to benefit the entire organization. In regard to the security domain, a change of mentality will be needed based on the following: a. A high level of responsibility, knowledge, and training of all users in the application of the information assurance measures and procedures. b. A flexible and dynamic information assurance policy that can be effective in an environment of a changing nature. c. Fear to change can be a determining factor in the success or failure of an implementation of an NEC. The reluctance to abandon traditional information assurance patterns, based mainly on protecting at all costs the confidentiality of the information, could be a major obstacle. For this reason, an effective change in the
New Security Mentality Users • More responsibilities • More knowledge • More education
Information Assurance Policy • More flexible • More dynamic
Change Management Plan • Technology • Policy • People
Figure 6. New security mentality
[20]
management plan is needed.
1.1.3.
Networking and Information Infrastructure (NII)
Networking
and
Infrastructure
(NII)
Information embraces
all
technological assets that make possible the intellectual interconnection of the users and the management. include
the
distribution,
exploitation, and
These
Assets • Hardware • Software • Information Systems • Computer Networks • Ancillary • Facilities
that
protection
presentation,
allow
the
storage,
• Interoperability • Standardization • Integration • Legacy • Quality of Services • Federation of Systems
sharing, of
the
information by providing technological tools
Aspects
Networking and Information Infrastructure (NII)
creation, processing,
transport, and disposal of information. Security
At a minimum the NII includes computer hardware
and
software,
information
systems, computer networks, ancillary,
• Availability • Resilience • Survival
Computer Network Operations • Computer Network Defense • Computer Network Attack • Computer Network Expoitation
and facilities Moreover, in the military environment it also includes sensors, arms systems, and command and control operation centers.
Figure 7. Networking and Information Infrastructure (NII)
The efficient managements of concepts like interoperability, standardization, integration (systems, infrastructures), legacy, quality of service (QoS), federation of systems (FoS), and computer network operations (CNO) will have a big influence on the success of the implementation of an NEC.
[21]
1.2.
NEC Benefits Chain
The overall goal of an NEC is to provide the organization with the best and most profitable results from its performance with its available basic components: Information, People and NII. The benefits chain is composed of all the main factors in a row that link the components with the best effects, namely: Basic Components (Information, People, and NII) > Information Sharing > Shared Understanding > Decisions > Actions > Results.
Better
Better
Better
> Results
> Decisions
> Effects
> Actions
Shared Understanding Better Information Sharing Better > Information > People > NII
Figure 8. NEC benefits chain
Each preceding link in the chain acts as enhancer of the following one. Therefore each preceding link has to meet some quality standards, based on measurable NEC compliance requirements that make it efficient enough to contribute to the improvement of the following link. Specifically, the goal is better and more profitable results by expending only the resources needed, controlling unwanted side effects, and avoiding premature or late effects. Let's review the chain in reverse to identify mutual relationships:
[22]
To obtain better results it is necessary to obtain previously better actions, that is, faster actions (the information age requires making decisions and taking actions very fast while avoiding procrastination); agile actions (providing the organization with the ability to change the course of the ongoing actions in a timely manner when the situation requires it); consistent actions (avoiding actions with contradictory results); and coordinated actions (since the number of mutually dependent simultaneous actions is usually huge, coordination is crucial). To obtain better actions it is necessary to obtain previously better decisions, that is, getting decision superiority by having intellectual superiority (enhancing the intellectual capacities of decision makers through continuous training); reaching information superiority (improving information exploitation, information sharing, and information assurance); and enhancing the decision-making process. To obtain better decisions it is necessary to obtain previously better shared common understanding by enhancing coordination, interoperability, standardization, integration of networks, information systems, policies, regulations, and vital information as common operational picture, situation awareness, etc. To obtain better shared common understanding it is necessary to obtain previously better information sharing by enhancing trust and confidence among people and organizations, developing information assurance policy more aligned with information sharing objective and providing tools, procedures, and processes that facilitate the access to accurate, reliable, consistent, and relevant information timely to the appropriate user. To obtain better information sharing it is necessary to obtain previously: Better information by enhancing its quality as well as its reliability, enhancing tools that provide integrity of contents, authenticity of source, non-repudiation of origin and receptor, timeliness and availability, and confidentiality when necessary. Better people, better skilled and trained in information management, making decision process and information assurance, and more aligned with NEC objectives accepting their new roles and responsibilities. Better NII, more expanded by extending the networks to the user and not the user to the networks; more secure against cyber threats; more flexible by enhancing its capability to modify its structure and topology in a timely manner; more robust against natural disasters and extreme weather conditions, and more resilient. Following is a table depicting a summary of the NEC implementation process:
[23]
Better People Information Mangement
Information Assurance
Decision Making Process
NEC Alignment
Better NII Ubiquitous
Secure
Robust
Resilient
Better Information Visible
Accesible
Manageable
Reliable
Useful
Better Information Sharing Human Trust
Information Assurance Policy
Better Shared Common Understanding Coordination
Interoperability
Standardization
Integration
Better Decisions Intellectual Superiority
Information Management
Information Assurance
Decision Making Process
Better Results More Profitable
More Controlled
More Appropriate
Figure 9. NEC implementation process
[24]
More Timely
1.3.
NEC Maturity Levels
It is widely recognized and accepted that the implementation of an NEC is too complex to be affordable in just one stage. Therefore, it is necessary to have a gradual and systematic process that helps implementers to achieve the objectives. Different models are accepted, the most common being: a. 3 levels model: Initial, Transitional, and Mature. Advocated by UK.4 b. 4 levels model: Definition, Initial, Transitional, and Mature. Stated in this study due to the necessity of considering NECCS from the NEC inception in the definition phase. c. 5 levels model (Capability Mature Model or CMM): Initial, Repeatable, Defined, Managed, and Optimizing. Advocated by the Software Engineering Institute. All the models provide an evolutionary path of increasingly organized and systematically more mature processes and are focused on optimizing the process of developing, acquiring, and maintaining an NEC. At the same time, these models provide milestones that test the efficiency and consistency of the capabilities created so far with the objectives and requirements of NEC. Following is a summary of the four NEC maturity level models. In all of them NECCS compliance must be a definitive requirement to jump to the next level.
1.3.1.
NEC ML-0. Definition
At this stage, mission and vision, strategic objectives, timeline, organization, resources, and requirements must be defined. This is the most important phase; future services and possibilities of NEC are dependent on the primary vision as a result of the planning. It has to address, with no exception, the human factor, the technology, and knowledge management. And at the same time it has to take into account important areas, often forgotten in this stage, such as interoperability and information assurance.
4
Op. Cit. 2
[25]
1.3.2.
NEC ML-1. Initial
This is probably the most difficult stage. If the ML-0 was developed accurately, it will greatly facilitate this stage, which is characterized by performing a set of separate activities not well among themselves. They are focused on the NEC main components -information, people, and NII. These activities will become cohesive in subsequent stages according to the ML-0. However, this first stage is focused on: training and user awareness in information management; information assurance and decision making; establishment of a new culture and mentality; implementation of a changed management plan; and network interconnection and legacy systems adaptation.
1.3.3.
NEC ML-2. Transitional
In this stage, basic NII and organization are established, and main information systems are interconnected. Information sharing is consolidated, and information assurance is aligned with NEC objectives. Furthermore, users are being trained in information management and assurance and are accepting their new roles and responsibilities.
1.3.4.
NEC ML-3. Mature
NEC is full operative, both technically and functionally. Information is exchanged, distributed, and managed efficiently. Users are skilled in information management, information assurance, and decision making process, and NII is fully established and reliable. When the mature stage is reached, a new cycle regarding parts of the existing NEC can start from ML-0, with new vision, new requirements, etc.
Figure 10. NEC maturity levels
[26]
NEC in NATO (NNEC)
Chapter 2
In 2004, the NATO Strategic Commanders identified three transformation goals and seven Transformation Objectives Areas (TOAs). “Information Superiority” and “NATO Network Enabled Capability” were considered key enablers for operational effectiveness in all TOAs. From that time, NATO has carried out different initiatives to get an NNEC. First of all, in 2005 the Military committee tasked ACT (Allied Command Transformation) to produce an NNEC Strategic Framework describing NNEC developmental activities. This framework was composed of an NNEC Vision and Concept, a Business Case analyzing the benefits and risks of adopting NNEC principles, NNEC Architectures, a Roadmap for NNEC and a Detailed Plan. The following is a summary of the NNEC strategic framework.
2.1.
NNEC Vision and Concept
In the NNEC Strategic Framework is stated the official definition of NNEC: “The Alliance’s cognitive and technical ability to federate the various components of the operational environment, from the strategic level (including NATO HQ) down to the tactical levels, through a Networking and Information Infrastructure (NII).” This definition embraces the three aspects that characterize NNEC. Federation: This refers to join network systems and core information systems of NATO and NATO nations. Each system is self-managed by the nations and connected to the others, enhancing the capabilities of the federation. Thus, NII is the collection of NATO and national information and communications infrastructure capabilities. Cognitive and technical ability: Federating capabilities should be implemented basing on a Service Oriented Architecture (SOA). This identifies the need to share not only the infrastructure (obviously necessary), but also information from multiple sources, and it
[27]
should be the right information, shared with the right recipient at the right time. Technical capabilities should be also aligned with cultural and human factors. Strategic to tactical level: The concept of NNEC is very broad and the action fields include from responsibility of the Alliance that could be extended until the strategic domain, to the tactical domain responsibility of nations.
2.2.
NNEC Architectures
The definition of a set of different types of architectures has been considered necessary to develop aspects related to Consultation, Command, and Control within NNEC. Service oriented capability and federation of systems are essential to achieve operational objectives within joint and combined collaborative environment. Three types of architectures have been selected to support NEC: Overarching architecture: Its objective is to “develop and maintain a coherent view of objectives affecting systems supporting the development of NEC.” It is comparable to general architecture, which defines a primary scope with vision and strategy, user mission, and operation requirements. Reference architecture: Its objective is to “develop and maintain a coherent view of what network solutions need to be developed and implemented to match developing mission requirements.” This architecture should be developed in coordinated and evolutionary manner. It is composed o two different parts: a. NII Reference Architectures, made up of a Communication Reference Architecture and Information and Integration Reference Architecture, both with integrated views covering Information Assurance and Systems Management and Control. b. COI Reference Architectures, which address the needs of dynamic and ad hoc communities of interest. Target architecture: Its objective is to “develop and maintain a coherent view of how system solutions will be implemented from an Applications and Technical Infrastructure aspect.”
[28]
The detail level of these architectures is higher and can support cost estimates and NNEC related requirements that are necessary to support the project.
2.3.
NNEC Roadmap
With the challenge of defining and implementing an NNEC, all involved elements have been grouped in four focus areas that are addressed separately despite their mutual dependency. The four areas are: Policy and Doctrine: Information management is one of the keys for NNEC because it is the precursor of information sharing. The human factor has been identified as one of the most important challenges of NEC, so policy for information treatment is the base for incorporating this dimension. Processes: These are the key to implementing policy and consequently correct information sharing. Also they facilitate the synchronization of activities across multiple human groups of different nations or levels. Information: This is the core objective of NEC. Information sharing from different sources at the right time with situation variables gives great advantages on decision making and enhances operation capabilities. Delivering information is difficult for three reasons: the information shared is multidisciplinary in nature; information systems and data management in many cases are inconsistent and noninteroperable; and information assurance is restrictive. Sharing information is as important as assuring it. Assets: It is the technology infrastructure and equipment that supports the systems. Besides functionality (obviously necessary), security should be present as a fundamental objective by implementing all necessary safeguards. The primary objective of NNEC Roadmap is to enumerate and describe a group of activities to be planned and develop over time. A group of related operational objectives will be achieved through these activities. Moreover, these objectives are grouped into milestones, which are considered achieved when all their objectives are met. In order to realize this, they are grouped in focus areas. All activities are time dependent. Three milestones have been defined in NATO: Milestone 1: Generalized ability to share information. Milestone 2: Generalized federation processes. Milestone 3: Development of (federated) decision support tools.
[29]
The Roadmap can also be defined as a tool for NNEC governance since it allows identifying gaps, overlaps, and additional actions to enhance operational capability. The roadmap analysis process is based on a specific programmatic issue to identify required actions and enablers, critical development paths, scheduling options, risks, gap analysis, and resourcing issues. After this analysis, recommendations focused on areas that can be improved will be given. The Roadmap should be updated, modified with new inputs and changes on strategy, and published on a semi-annual basis. NNEC development and implementation is a slow, but structured and organized process. It moves forward in many directions at the same time: concept definition, security, operational requirements, coordination of nations. All these dimensions are involved in the development and implementation of necessary systems as well as the adaptation to existing systems. One of the critical applications of NNEC lies in current operations. Knowledge is power, and sharing information and data in correct time about operations can bring high benefits and decision making superiority. However, classified military information is usually managed according to availability, confidentiality, and integrity. The most important identified problems are related to high availability of the systems, confidentiality of communications, insecure physical environments, uncontrolled electromagnetic environments, fast reaction necessity, high risk on equipment loss, and delegating responsibility. All of these are security related issues.
[30]
Chapter 3
NEC in the EU
The European Union considers NEC an issue of high importance and consequently defines it as one of the twelve priority actions of the EU Capability Development Plan. NEC in the EU is focused on supporting the EU’s comprehensive approach and the CivilMilitary Coordination for Crisis Management Operations (CMOs) and missions. In 2009, the Political and Security Committee of the EU noted the EU concept for NEC and agreed to the document “Developing Network Enabled Capabilities (NEC) in Support of ESDP,” which defines NEC as a priority for European Security and Defence Policy (ESDP) and emphasizes civil-military interoperability. In addition, that year the development of an NEC Implementation Study was initiated to obtain an NEC Vision, identify needs, or depict a roadmap, milestones, and different time frames. In addition, an NEC Roadmap Tracking Tool is being developed to allow the management of the NEC Roadmap. The EU focuses NEC on CMOs and considers NEC as the main tool to obtain better knowledge and faster decisions as well as to improve situational awareness. The analysis and assessment of the crisis management are analyzed through different phases: prevention, preparation, response, mitigation, and recovery. In the NEC concept in support ESDP, the EU requires that NEC demonstrates: “The ability to shape a cohesive environment for a comprehensive approach and for unified effort of civilian and military entities and actors at all levels in EU led Crisis Management Operations, through informed and timely decision making and coherent execution based on the seamless and efficient sharing and exploitation of information by competent personnel, properly tailored processes and developed networks.” The EU NEC concept is in line with other NEC definitions, with the principle of information management and correct exploitation to enhance decision making. However, in this case the orientation is tied to crisis management. The EU NEC vision is to gain various benefits related to information sharing, decision making, awareness, and effective and adequate actions for de-escalating and/or mitigating crisis conditions. Furthermore, the EU identified other related benefits as the reduction of the dependency on space and location, increase in the ability to work in parallel, and improvement of knowledge and expertise dissemination. According to EDA:
[31]
The EU NEC vision is a progressive transition for achieving incremental change. It includes an overarching plan for developing new capabilities in liaison with local plans for changing existing capabilities. The CMO NEC vision is a federation of multiple national and trans-national EU public and private enterprises in which people, information, and technology operate together seamlessly to achieve a global CMO mission for EU. It is based on a collaboration of governmental, military, and civilian EU CMO enterprises that carry out joint actions and even collaborate with non-EU enterprises. The Civil and Military Coordination (CMCO) is at the same time a concept developed by EU and an objective to achieve. NEC can help by enabling general enhancement of EU, MS, and other actors, with better coordination during routine phases, consolidation and coordination of planning activities of a civil/military cell, training and exercises, and resource and capability management. The EU defines the NEC dimensions in similar terms, taking into consideration people, information, and technology. 5
5
More information in “EDA annual report 2009”( http://www.eda.europa.eu/)
[32]
Chapter 4
NEC in Private Sector
The NEC concept has spread worldwide, but with different names or nuances. In fact, some analogies with technological and functional solutions implemented in private companies, enterprises, and organizations can be found. The central objective of NEC is sharing information securely both inside and between organizations at right time and with an appropriate Quality of Service (QoS). Many nonmilitary organizations have this need since, as mentioned before, many private companies have worked around this concept to reach information superiority and have translated it into a competitive The benefits of utilizing social advantage in the business sector.
media are incredible provided an organization is able to: standardize the use of same applications; keep the control of the management; add security to the transactions; and direct them to the same goals.
The difference between NEC in the private and public sectors usually is a matter of terminology rather than concept, vision, technology, or functionality. In this sense similar NEC can be found where information assurance and cyber security are embedded in the concepts of “Quality of Service” or “Service Level Agreement” (SLA). Moreover, concepts like information sharing or information superiority are implicitly present.
NECs or pseudo-NECs are some integrated solutions on telecommunication systems for sharing information in real time. For example, some video conference programs include archives sharing options and real time visualization as support for a dissertation, with direct communication and real time interaction possibilities. Large companies like Microsoft or Google have developed their own solutions for sharing information among their users. They have created the possibility of sharing many types of files, such as documents, images, or videos, implementing new infrastructures for this objective that give to the person who shares these files the power to grant appropriate permissions to other users to watch, download, or even modify the contents. Along this line, another step is the creation of organized structures that allow users to create their own working groups. With these structures in place, only the users identified and supported as members are provided with access permissions to the
[33]
group information, which can then be uploaded and shared by these users. Thus, closed networks are created that have the objective of information sharing and direct communication between members. Other kinds of NEC are the social media applications, nowadays one of the greatest sources for sharing information. Each user is linked with a personal profile that serves as a unit of information management, and information can be published and shared according to rules under the user’s control. Communities of interest, working groups, or collaborative environments can be established and ruled by the access control system. Personal and professional data, opinions, real time location, promotion, marketing, etc. are some of the shared aspects that flow through this type of network. However, all these applications in the private sector usually lack the necessary security measures to establish a reliable professional working environment. News about security failures of this type of network have been published, and organizations like ENISA6 are aware of the dangers of social media in some publications. In Chapter 1 it was written that “NEC entails the generalized, wide, secure and wise use of Information Technology Infrastructure and Information Systems integrated and coordinated with Business Processes and Human Networking with the goal to place the Organization in a vantage against its competitors.” Is not that precisely what is done continuously in large private companies? The use of Information Technology and Human Networking is widespread within the private sector, taking advantage of social media techniques extensively for communication, collaboration, multimedia, review and opinion, brand monitoring, etc. For example, For communication purposes there is a remarkably extensive use of blogs, 7 microblogging,8 location-based social networks,9 global social networking,10 on-line events,11 information aggregators,12 and online advocacy and fundraising,13 For collaboration and authority building purposes there are wikis, 14 social bookmarking,15 social news,16 social navigation,17 content management systems,18 and documents managing and editing tools.19
6
ENISA: European Network and Information Security Agency, http://www.enisa.europa.eu/ Blogger, Expression Engine, LiveJournal, Open Diary, TypePad, Vox, WordPress, Xanga, Blog. 8 FMyLife, Foursquare, Jaiku, Plurk, Posterous, Tumblr, Twitter, My2i, Qaiku, Yammer, Google Buzz, Identi. 9 Foursquare, Geoloqi, Gowalla, Facebook places, The Hotlist. 10 Facebook, Twitter, MySpace, Hi5, LinkedIn, Odnoklassniki, ASmallWorld, Cyworld, Orkut, Tagged, XING, Hyves, My2i, Plaxo, Ning. 11 Eventful, The Hotlist, Meetup.com, Upcoming. 12 Netvibes, Twine . 13 Causes, Kickstarter. 14 PBworks, Wetpaint, Wikia, Wikimedia, Wikispaces, Jottit, Wikidot. 15 CiteULike, Delicious, Diigo, Google Reader, StumbleUpon, folkd. 7
[34]
For multimedia purposes there are video sharing,20 music and audio sharing, 21 photography and art sharing,22 presentations sharing,23 and live casting.24 For review and opinions purposes product reviews, 25 business reviews, 26 and community Q&A27 are widely used. For brand monitoring purposes social media measurement28 is often utilized. All of these applications are based on information management, information distribution, information sharing, trust among users, and ubiquity. Furthermore, all of them are pivotal concepts for NEC. For more detailed information, figure 10 presents a schematic diagram of the main online social networking capabilities that are available in cyber space. However, from an NEC perspective, what are the shortfalls of all these social media applications? a. Lack of reliable tools or measures to ensure the confidentiality, integrity, and availability of the information. From the start these application were not designed for secure information transactions. Enhancing these applications with a security complement leads automatically to increasing the business potential. b. Lack of standards, interoperability, policies, and rules of management. Specifically, the existence and proliferation of numerous tools, as well as the incompatibility among them, decrease their efficiency since the users are scattered among different applications and are unable to communicate among them. c. Lack of control of the networks management. Hence, the benefits of utilizing social media are huge provided an organization is able to: standardize and generalize to all its members the use of same applications and policies; keep the control of the management; add security to the transactions; and direct them to the same goals. 16
Digg, Mixx, NowPublic, Reddit, My2i, Newsvine, MyWeboo. Trapster, Waze. 18 Wordpress. 19 Google Docs, Syncplicity, Docs.com, Dropbox. 20 Sevenload, Viddler, Vimeo, YouTube, Dailymotion, Metacafe, Nico Nico Douga, Openfilm, TubeMogul 21 ccMixter,Pandora Radio, Last.fm, MySpace Music, ReverbNation.com, ShareTheMusic,T he Hype Machine, Groove Shark. 22 DeviantArt, Flickr, Photobucket, Picasa, SmugMug, Zooomr, BetweenCreation. 23 Scribd, SlideShare. 24 Justin.tv, Livestream, OpenCU, Skype, Stickam, Ustream, Blip. 25 Epinions, MouthShut. 26 Customer Lobby, Yelp, Inc. 27 Askville, EHow, Stack Exchange, WikiAnswers, Yahoo! Answers, Fluther. 28 Attensity, Statsit, Sysomos, Vocus. 17
[35]
For that reason, dominant internet enterprises started to offer social media applications and infrastructure oriented to private businesses. These applications are based on information management, information distribution, information sharing, human networking, and a specific quality of service and security functionalities that guarantee a specific level of confidentiality, integrity, and availability of the data and information. Additionally, they can provide time stamping, digital signature, and non-repudiation services. The remaining control of management becomes the customer’s responsibility. Examples are the services provided under the concept of cloud computing,29 where providers include the dominant internet multinationals such as Amazon, Rackspace Cloud, Salesforce, Skutap, Oracle, Microsoft, and Google. These types of services are very flexible and offer the possibility of different contracts, including information services – information management, distribution, and sharing as well as information infrastructure within a close community. This ensures confidentiality, integrity, availability, identity management, management control, resilience, and ubiquity. This is NEC.
29
Cloud computing is defined by Gartner as "a style of computing where massively scalable ITenabled capabilities are delivered 'as a service' to external customers using Internet technologies." When we break down Gartner's definition, we find a set of mutually supportive concepts. First and foremost is the concept of delivering services (that is, results as opposed to components). Implementation does not matter as long as the results of the implementation can be defined and measured in terms of a service with associated service-level requirements. Included in this concept is payment based on usage, not on physical assets. The payment can be subsidized (for example, by advertising) or paid directly by the customer. The second concept is that of massive scalability. Economies of scale reduce the cost of the service. Implicit in the idea of scalability is flexibility and low barriers to entry for customers. Third, delivery using Internet technologies implies that specific standards that are pervasive, accessible, and visible in a global sense are used. Finally, these services are provided to multiple external customers, leveraging shared resources to increase the economies of scale. [http://www.gartner.com/technology/research/it-glossary/]
[36]
Figure 11. The conversation prism by Brian Solis and JESS3
[37]
[38]
Chapter 5
NEC in Public Sector and Defence
Many countries have initiated the establishment of NEC capabilities based on the common understanding of the benefits derived from Information Sharing, Information Superiority, and Decision Superiority. At the same time some NATO nations are working on the development of the NNEC and on their own NEC implementation programs. The following are a few examples of some remarkable national initiatives to provide a general picture of NEC awareness and level of development.
5.1.
NEC in the United States
The United States capability is called Network Centric Warfare. The U.S. was the creator and developer of the Network Centric Warfare and Network Centric Operations concept, which is the basis of NEC. 30 NCW considers information sharing as the base for enhancing mission effectiveness through collaboration among different entities and the sharing of situational awareness. US DoD took the initiative to include security on network architectures that could support NEC services. It is called the Department of Defence Architectural Framework (DoDAF).31
30
United States, Department of Defence, Network Centric Warfare. Report to Congress [Report], 2001. 31 Department of Defence Architecture Framework (DoDAF) is an architectural framework for the United States DoD that provides structure for a specific stakeholder’s concern through various viewpoints. DoDAF defines a set of views that act as mechanisms for visualizing, understanding, and assimilating the broad scope and complexities of an architecture description through tabular, structural, behavioral, ontological, pictorial, temporal or graphical means. It is especially suited to large systems with complex integration and interoperability challenges and is apparently unique in its use of "operational views" detailing the external customer's operating domain in which the developing system will operate.
[39]
DoDAF is a new architectural model composed of the following aspects: capability, operations, services, systems, standards, data, and information. Security, considered a critical issue, refers to different types of measures that can be applied as COMSEC (physical, procedural, and communication security), TEMPEST, INFOSEC (information security), and Risk Assessment.32
5.2.
NEC in the United Kingdom
The UK is developing its own Network Enabled Capability. Several studies have been presented, and some initiatives have been taken. One important initiative is the assurance of the NEC implementation in a coherent and coordinated fashion across Defence with the Joint Communications and NEC Program Office that supports the Deputy Chief of Defence Staff Capability.33 As in the United States, the UK has developed its own architectural model that can support NEC services and security: Ministry of Defence Architectural Framework (MODAF).34 MODAF is a new architectural model composed of the following characteristics: strategy, operations, service oriented view, systems, acquisition, and technology. The basics of MODAF are similar to the DoDAF ones, but include strategy and acquisition perspectives.35
32 33
http://cio-nii.defence.gov/sites/dodaf20/. United Kingdom, Ministry of Defence, Network Enabled Capability JSP 777 [Report]. 2005.
34
The British Ministry of Defence Architecture Framework (MODAF), n architectural framework that defines a standard way of conducting Enterprise Architecture, was originally developed by the UK Ministry of Defence. Initially, the purpose of MODAF was to provide rigor and structure to support the definition and integration of MOD equipment capability, particularly in support of NEC. More recently, MOD has also been using MODAF to underpin the use of the Enterprise Architecture approach to capture information about business and identify the processes and resources required to deliver the vision expressed in the strategy. [http://en.wikipedia.org/wiki/MODAF] 35
United Kingdom Ministry of Defence MODAF [Online] // http://www.mod.uk/DefenceInternet/AboutDefence/WhatWeDo/InformationManagement/MODAF/ ModafDetailedGuidance.htm.
[40]
5.3.
NEC in France
The French Army is involved in the development of NEC capability, and for that reason it has organized two exercises, Phoenix 2007 and Phoenix 2008, to test their battlefield capabilities. Their principal objective is the coordination of the progressive development of the French Army NEC capabilities. During 2010, the exercise Phoenix 2 was performed. Different organizations took part, and tests were executed to evaluate particular technologies and solutions. Some of the tests were addressed to evaluate the operational capability of technologies for position communication and information sharing with allies, secure communications, data-link voice, and data exchange communications. Other related projects are under development, such as “Système d’Information Régimentaire” (a new regimental information system), mounted and dismounted soldier systems, and “Système de Commandement et de Conduite des Opérations Aériennes, SC-COA” (a fully networked air defence system).36
5.4.
NEC in Germany
Germany is involved in the enhancement of an incremental NEC development through real operational trials. One of their most important projects is “Infanterist der Zukunft (IdZ,), a program for developing the future soldier system. The program is based on principles of survival, assertiveness, mobility, sustainability, and leadership. In addition to advances in soldier equipment, weapons, and security, the electronic soldier equipment will be improved with a system that can show the position of soldiers at anytime. This information will be accessible by the group leader. The program includes both the enhancement of the operation and the speed of the communication and information exchange among both team members and military units.37
36 37
soldiermod.com [Online] // http://www.soldiermod.com/volume-2/pheonix.html. Germany http://www.danmil.de/10184.html [Online].
[41]
5.5.
NEC in Spain
Spanish Chief of Defence’s NEC Concept was approved in 2008. After that, an NEC Office and an NEC Commission were created for studying, managing, and monitoring the development of an NEC in the Armed Forces. Cyber Security is considered a critical issue in Spain.38
5.6.
NEC in Italy
Italy is carrying out a program named “Forza NEC,” which concentrates all initiatives addressed to the development of a military NEC capability. Forza NEC is based on network-centric armed forces able to exchange information, inform about own and allied forces position, and identify threats. Forza NEC defines three domains: physical, cognitive, and information domain. The core idea is to improve the Command and Control capabilities by including a cognitive domain, enhancing its different dimensions and integrating it with the other Forza NEC domains (physical and informational). The goal is to evolve from the current Forza to digital network-enabled Forza. The program also is intended to evolve towards a digitalization of the maneuver space.39 The above mentioned list of initiatives is just a brief summary to confirm that NEC is an ongoing issue both for NATO and for individual nations. Other initiatives addressing the development of a national NEC capability are been carrying out in several other countries: in Sweden with a program called “Network Based Defence;” in Israel with the development of thematic exercises; in China with a program led by People’s Liberation Army (PLA) aimed at obtaining advanced C2 systems, satellite shot-down, and cyber warfare capabilities; and in Russia, which is in the process of obtaining similar capabilities.
38
Spain: Estado Mayor Conjunto, Convergencia de redes y sistemas en NEC [Report]. Estado mayor de la Defensa, Concepto de Información en Red (NEC) del JEMAD [Report]. - 2007. 39 Italy: http://www.esercito.difesa.it/root/chisiamo/docs_rivmil/Rivmil07_02_FNEC.pdf [Online]. Ministerio della Difesa Forza NEC [Online] // http://www.difesa.it/approfondimenti/festarepubblica/2giugno07/rivista-militare/sfilamento-reparti/mezzi_tecnologici_forza_nec_ei.htm. Italy Stato Maggiore della Difesa La Transformazione NET-Centrica [Report].
[42]
Figure 12. NEC national initiatives
[43]
[44]
Chapter 6
Critical Information Infrastructure Protection (CIIP)
Critical infrastructure (CI) refers to national assets that are essential for the security, survival, welfare, and functioning of a nation and its interests, organizations, and citizens. All governments of developed countries are taking initiatives to identify, catalogue, and adequately protect their own critical infrastructure. Critical Infrastructure Protection (CIP) refers to preparedness and response to threats against critical infrastructures from attacks, negligence, and natural disasters. The classifications of national critical infrastructures are based on a hierarchical taxonomy composed at the first level by strategic sectors. Although these classifications differ slightly from nation to nation, in one way or another all nations consider the following critical infrastructures as strategic:
Two strategic sectors are basic to the functioning of all critical infrastructures – Energy and Information Infrastructure
a. Finance, banking, insurance, and taxation systems. b. Transportation and communication means and systems. c. Public administration, national, enforcement, and justice system.
federal,
and municipal
services,
law
d. Food supply, agriculture, water supply, and waste management. e. Health, emergency, security, and rescue services. f.
Research, development establishments.
and
innovation
systems,
institutions,
g. Nuclear, bacteriological and chemical material, industry, and power. h. Military and defence systems and civil protection. i.
Space.
j.
National monuments and icons.
[45]
and
k. Energy supply, including electricity, oil, gas, and others sources. l.
Information infrastructure, including information systems and computer networks.
The classification is not perfect, however, and there is some overlapping and mutual dependency between sectors. Considering the dependency factor, two strategic sectors are basic to the functioning of all critical infrastructures -- Energy and Information Infrastructure. Consequently, they should be considered as super-strategic sectors that must be protected with high priority since the security and survival of all critical infrastructures depends on them. The threats, vulnerabilities, and risks inherent to the Critical Information Infrastructure (CII) of a nation are almost the same that those in the Networking and Information Infrastructure (NII) of an NEC. The difference lies in the context - CII is a national issue, and NII serves a particular organization. Accordingly, in general measures and policies to protect both the NII (NECCS) and the CII (CIIP) are interchangeable. However, it is important to stress that the goal of NECCS is to help achieve information superiority, while the goal of CIIP is to protect the information infrastructure. Therefore, it stands to reason that policies will evolve in different and non-convergent ways. Nevertheless the NII of an NEC should be considered part of the national critical information infrastructure and consequently should be issued within the national CIIP program.
Figure 13. Critical infrastructure strategic sectors
[46]
Chapter 7
Cyber Security
In the field of security there is no international common understanding of definitions and taxonomy related to information, computer networks, and information systems. As a result, in both specialized and generic literature there is abundance of different terms that define the protection of information and networks. These terms are very close in meaning and taxonomy, and all of them are usually used indiscriminately and unsystematically. Concepts such as “information assurance,” “information security,” “information system security,” “INFOSEC,” “information technology security,” “computer security,” “computer networks security,” “computer networks defence,” and “critical information infrastructure protection,” are sometimes used interchangeably, but in other cases are used distinctly. As a result, this lack of uniformity in terminology helps to sow the seeds of confusion in the field of information security.
Figure 14. Security jargon
Cyber security requires its own place in this confusing and disorganized environment. It assumes responsibility for the protection of the information within cyber space,40 and the protection of cyber space itself. It does not refer to the protection of the information when it is outside of cyber space. In this sense cyber security could be included in the wider concept of “information assurance,” which is aimed at protecting information regardless of location.
40
Cyber space: the inter-dependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer system, and embedded processors and controllers in critical industries (US Deputy Secretary of Defence, 2008).
[47]
According with the NIST IR 7298,41 Information Assurance consists of “measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality, and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection, and reaction capabilities.” Cyber Security refers to the protection of information and information technology infrastructure in a dynamic environment.
Technologies are evolving, and the power of networks is growing exponentially. The concept of a cyber society is gaining more prominence and being embraced by the general public, who make massive use of - and depend upon - computers, computers networks, and information systems. However, due to the complexity and dependence of information technology, multiple new forms of attack emerge, threatening the cyber society, i.e., social networking, with serious damages.
Within this context emerge such concepts as cyber security, cyber defence, active cyber defence, and computer network defence, all of which refer to the protection of networks against cyber attacks. They pay special attention to the availability, resilience, and integrity of networks and their components. Terminology and concepts referring to cyber security have evolved quickly during last decade. Firstly, the term INFOSEC was the security reference for many years. This term refers to the protection of confidentiality, integrity, and availability of the information as well as to the integrity and availability of the Communication and Information System (CIS) that manages it. However, the current technological environment requires a dynamic approach that permits the protection of information the nature of which is constantly changing. Some authors claim Information Assurance (IA) is an evolution of INFOSEC that is more focused on a dynamic environment. IA is defined as “the protection and defence of information and communication and information systems (CIS) through the totality of measures to ensure their availability, integrity, authentication, confidentiality, and non-repudiation.” Actually, the only difference between both definitions is the addition of the authentication and non-repudiation concepts. However, the incorporation of these two aspects does not drive the concept towards a dynamic environment. Hence, it could be considered that cyber security is the only concept that refers to the protection of information and information technology infrastructure in a changing environment.
41
NIST IR 7298, Glossary of key information security terms of National Institute of Standards and Technology (NIST), Technology Administration, US Department of Commerce.
[48]
7.1.
Cyber Security in NATO
It responsibility of the Alliance to protect NATO systems and national extensions of NATO systems as well as to coordinate the protection of national systems that manage NATO classified information. Currently in force is a comprehensive security regulation body, which includes NATO security policy, supporting directives, documents, and guidance for communication and information systems. The CIS security regulation body is composed of documents addressing CIS life-cycle, INFOSEC activities, CIS scenarios, NATO security documents, NATO and national security authorities, and security agreements with other partners. The part related to NATO security documents is a comprehensive two level body composed of a policy level and supporting directives level. The policy level is composed of the NATO information management policy, the management of non-classified information, the NATO security policy, and the NATO public disclosure policy. The supporting directives level is composed of directives addressing the following topics: general security issues, personnel security, physical security, security of information, INFOSEC, industrial security, and Force protection.
Figure 15. NATO CIS security regulation body
[49]
During the last decade, NATO has made a significant effort to enhance its Cyber Security Capability. In 1999, during the NATO Summit in Washington D.C., two decisions of Defence Capabilities Initiatives related to security objectives for Communication and Information Systems and vulnerability analysis were approved. In 2002, during the Prague Summit, information security was the centerpiece of the discussions. In 2004, the NATO Computer Incident Response Capability (NCIRC) was established, aimed at giving technical and legislative support services to respond to computer security incidents within NATO. In 2005 the Critical Infrastructures Protection in Defence Against Terrorism (DAT) program was includes. It was presented in 2006 during the Riga Summit Declaration concerning security challenges and comprehensive political guidance. NATO, after supporting Estonia in the response to the April-May 2007 cyber attacks, created an Executive Working Group to develop the Cyber Defence Policy, put forth recommendations to improve Cyber Defence, and gave support to Cyber Defence concept. The NATO Policy on Cyber Defence was approved in 2008, and the NATO Cyber Defence Concept was agreed upon at that time. Finally, the NATO Cyber Defence Management Authority (NCDMA) and Cooperative Cyber Defence Centre of Excellence (CCD COE) were created in 2008. At the Lisbon Summer on 20 November 2010, the revision of cyber defence NATO policy was deemed essential. Therefore, NATO identified the need to consider the cyber space dimension and to improve its capabilities against cyber attacks.
7.1.1
NATO Cyber Defence Organization
NATO has a complex amalgam of different entities related to cyber security. The coordination and management of all of them, finding a synergy, is the key point in developing an efficient cyber security capability. Some of the NATO entities involved in the Cyber Defence issue are: NATO Cyber Defence Management Authority (NCDMA), whose mission is to review and coordinate NATO’s Cyber Defence capabilities. It is the authority that manages Cyber Defence in all NATO information and communication systems and guides the other Cyber Defence entities and units on their activities. It is composed of the NATO Cyber Defence Management Board, Cyber Defence Coordination and
[50]
Support Centre, and the NCIRC Technical Centre, which supports rapid reaction capabilities. NATO Cyber Defence Management Board (NCDMB) is the delegated authority whose responsibility is to carry out actions in case of significant cyber attacks or threats to NATO and its nations. It is principally responsible for implementing NATO’s Cyber Defence Policy. NATO Cyber Defence Coordination and Support Centre coordinates the cyber defence activities within NATO and between NATO and other entities and partners. It is responsible for commanding and managing the NCIRC Coordination Centre, the Cyber Threat Assessment Cell, the NATO Office of Security (NOS), and the Information Assurance Branch (NHQC3S). It provides the human support to NCDMA. NCIRC Technical Centre provides information assurance as well as operational, technical, and scientific support. The NCIRC TC maintains contact with other relevant CERTs (Computer Emergency Response Teams), manages databases related to security incidents, and leads computer security training and awareness programs. It has several deployable rapid reaction teams with detection, response, recovery, and reporting capabilities. NATO Cooperative Cyber Defence Centre of Excellence (CCD COE), whose mission is to enhance the capability, cooperation, and information sharing among NATO, NATO nations, and partners in cyber defence by developing doctrines and concepts, education, research and development, analysis, and consultation. The CCDCOE is an international military organization composed of NATO nations, which develop in a collaborative way projects related to cyber security technology, science, operation, function, knowledge, and doctrine. In 2011, the member nations were Estonia (host nation), Latvia, Lithuania, Germany, Hungary, Italy, the Slovak Republic, and Spain. Moreover, Turkey, the United States, and Poland were in process of joining. Emerging Security Challenges Division (ESCD) is a recently created NATO unit and is part of NATO’s response to the evolving international environment, which has became increasingly diverse, rapidly evolving, and unpredictable. ESCD is composed of seven sections that cover different dimensions: Counter-Terrorism Section, Cyber Defence Section, Energy Security Section, Nuclear Policy Directorate, Science for Peace and Security, Strategic Analysis Capability, and WMD Non-proliferation Center.
[51]
7.1.2
NATO Cyber Defence related Initiatives
There are several other remarkable initiatives related to the enhancement of the NATO cyber defence capability. Defence Against Terrorism and Critical Infrastructure Protection NATO works jointly with other organizations in defence against terrorism on political, operational, conceptual, military, and technological initiatives. The Defence Against Terrorism (DAT) program was developed to fight efficiently against terrorism with the adequate technology to protect civil and military objectives. It is based on eleven areas of work. One of the most relevant of these areas is related to Critical Infrastructure Protection (CIP), whose objective is protecting NATO’s infrastructure, personnel, and citizens. CIP is related to other DAT areas as well. Some notable initiatives related to critical infrastructure protection and defence against terrorism are: In 2008 a report was published on “NATO’s Role in Energy Security.” It analyzes five areas of work: exchange and fusion of information and intelligence, stability projection, advances on regional and international cooperation, support on consequences management, and critical infrastructures protection. In October 2009 the exercise BELCOAST included several initiatives related to DAT program in a multidimensional threat environment. This exercise contributed to the promotion of development of technologies related to critical infrastructure protection.
Cyber Defence Policy In 2008, NATO Policy on Cyber Defence was approved. It establishes basic principles and provides guidelines for NATO military and civilian bodies as well as recommendations for NATO nations to ensure coordinated actions and response to cyber attacks. The NATO Policy on Cyber Defence it is based on principles of subsidiarity (giving support related to the defence of communication and information systems of nations to avoid possible impacts on NATO systems in case of cyber attacks to nations), nonduplication (avoiding duplication of national, regional or international efforts), and security (protection and management of information based on “need to know” principle). The cyber defence security policy is based on the following factors:
[52]
7.1.3
-
Preparation and training: preventive measures, such as development of standards and procedures or execution of exercises and training.
-
Prevention: preventive strategies with different defence mechanisms, security audits, intrusion testing, etc.
-
Detection, response and mitigation: identification of anomalous activities on networks, isolation and mitigation measures, alerts and situation awareness.
-
Recovery and feedback: restore the systems capabilities after attacks and learn about them.
NATO Secure Communications Capabilities
NATO Communication and Information Systems (CIS) should meet a set of security requirements in order to guarantee a secure communication, both in local environments such as local wired network and in long distance communications such as satellite communications. Secure Communication Capabilities involves not only confidentiality, but also availability, integrity, and interoperability between systems from different nations New communication security devices must be developed to meet all these requirements and enable a seamless connectivity between nations and NATO. In the last few years, NATO and nations are involved in the development of, among others, interoperable secure communication protocols such as SCIP and NINE and SCIP, which are aligned with NNEC philosophy. a. NINE (NATO Networked Information Infrastructure IP Network Encryption) is IP crypto equipment based on IPSec with military features such as crypto specification, counter traffic analysis measures, remote management, and the possibility of having multiple crypto suites to enable a mode for national communications and/or the NATO suite for interoperable communication among NATO. b. SCIP (Secure Communication Interoperability Protocol) is a narrow band secure voice (and data) application level security protocol that assures end to end confidentiality and integrity up to NATO SECRET, being the future of secure endto-end communications. SCIP is transparent to underlying network technologies, making it possible to establish secure voice communication over secure IP networks.
[53]
A U.S. approach is the development of “Secure Mobile Environment Portable Electronic Devices” (SME PED), which include both integrated SCIP and High Assurance Internet Protocol Encryptor (HAIPE). Secure communications between all NATO nations should be established, along with the development of new products based on NATO protocols in cooperation with all NATO nations and CIS providers. These products should guarantee interoperability among nations by means of NATO certified modules. In addition, they could also include proprietary national modules for homeland communications. In order to achieve interoperability in secure communications among NATO equipment, NATO has defined the following principles: a. Use of standards. Apart from interoperability, this also reduces the need for new and expensive developments, taking advantage of “Commercial Off The Shelf” (COTS) equipment. COTS usually have been tested more exhaustively than GOTS, and its vulnerabilities are discovered and mitigated more easily due to collaborative environments. b. Use of GOTS. In some cases the use of “Government Off The Shelf” (GOTS) security solutions is necessary to guarantee special security requirements. An “open” market of GOTS devices has been created, where defence specialized companies must compete on equal terms to lower prices while maintaining the quality and INFOSEC requirements. c. Interoperability. NATO nations are involved in defining the parameters for both national and NATO interoperable modes. d. Testing forum. It is important to have a permanent forum to test and assure the interoperability where nations, industries, and NATO bodies are involved. For example, during SCIP development, an International Interoperability Control Working Group (I-ICWG ) was set up to address all the interoperability issues, give direction to the industry on the military networks needs, and promote the testing for a SCIP certification.
[54]
7.2.
Cyber Security in EU
A number of conflicts and terrorist activities have occurred during the past few years. The proliferation of computer networks, information systems, and the use of IT by criminals and terrorists have led to the development of regulations, programs, and organizational structures to protect properly the EU and its interests. Some of the most remarkable initiatives are described below.
7.2.1
EU Cyber Security Policy
The European Union is very proactive in the implementation of legislation that facilitates the development of the information society through the establishment of directives and guidance. Some of the most relevant rules related to cyber security are: a. The Council Framework Decision 2005/222/JHA of 24 February 2005 on attacks against information systems. b. The Regulation (EC) No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency.
7.2.2
EU Cyber Security Strategy
The implementation of the cyber security policy within the EU requires the establishment of plans and programs according to a previously defined strategy. Some of the most the most relevant plans and strategies related to National Security and Cyber Defence are: a. Common Foreign and Security Policy (CFSP), established by the Maastricht Treaty and actualized by the Amsterdam treaty in 1999 b. European Security and Defence Policy (ESDP), approved in 1999.
[55]
c. Network and Information Security: Proposal for a European Policy on Security, approved in 2001. d. European Security Strategy, approved in 2003. e. European Programme for Critical Infrastructure Protection, approved in 2004. f.
Strategy for a Secure Information Society, in 2006.
One of the EU objectives is strengthening security in all of its forms. To achieve this, a set of initiatives on Critical Infrastructure Protection and Cyber Defence has been taken. A direct relationship has been identified between both. In 2004 a communication on critical infrastructure protection in the fight against terrorism was published. This provided the basis to take different actions, such as the development of European Programme for Critical Infrastructure Protection (EPCIP) and Critical Infrastructure Warning Information Network (CIWIN), which was approved in 2004. In 2007 different areas were defined: improvement of measures to protect critical infrastructure, vulnerabilities and resilience, risk mitigation and threat evaluation, contingency plans, and standards and multinational projects. In 2008 began the development of the Council Directive on the identification and designation of European Critical Infrastructure. Cyber Defence is divided in two areas, one related to Communication and Information Systems protection and the other related to fighting crime. In the first two different initiatives have been taken: a. The publication of a communication about a Strategy for a Secure Information Society, which is intended to be a dynamic strategy in Europe, based on a security culture of dialogue, partnership, and empowerment. b. Network and Information Security: Proposal for a European Policy Approach. This initiative addresses the following issues: problems in information and network security, security awareness, creation of an EU CERT, technological support, standardization, security certification, legal framework, public administration, and international cooperation. The fight against cyber crime has generated four general measures: participation in the legislative process, cooperation of security bodies within the borders of the EU, cooperation of public and private sectors, and international coordination.42 Finally, in November 2010 the First EU Cyber Security Exercise, “Cyber Europe 2010,” was held in order to strengthen Europe’s cyber defence. Twenty-two member states participated as players and eight member states participated as observers, with more than 150 experts exposed to more than 320 security incidents. 42
Cátedra ISDEFE-UPM Seguridad nacional y Ciberdefensa [Book]. - 2009.
[56]
7.2.3
EU Cyber Security Structure
A cyber security policy requires an organization able to lead, manage, support, and implement plans and programs. The most relevant EU organization for Cyber Defence matters is the European Network and Information Security Agency (ENISA). It is the primary responsible organization for cyber security issues, the “pace-setter” for information security, and the most remarkable center of information security expertise in Europe. It has been built by national and community efforts. ENISA uses its knowledge and experience to stimulate cooperation in activities carried out by both the public and private sectors. It provides advice and recommendations on information security, data analysis, training and awareness, and also improves cooperation between EU bodies and member states.
7.3.
Cyber Security in the International Context
This section will review some significant national initiatives aimed at enhancing cyber security strategy capability.
7.3.1.
Cyber Security in France
A series of white papers on National Security and Defence has been developed, focusing on cyber defence as the main issue and highlighting three functions: knowledge and forecast, prevention, and response. Knowledge and forecast: This function is focused on the systematic strengthening of intelligence resources through overall planning, which will be implemented according to four tracks: a. Human resources effort.
[57]
b. Enhancement of technical capabilities to place France at same level as other nations, strengthening cyber defence and internet investigation. c. Establishment of a National Intelligence Council. d. Development of a consistent legal framework. Prevention: The protection of people and territories is other important point of the strategy. Regarding cyber defence, the principal objective is the acquisition of an active defence computing capability, together with the defence of their own systems, the permanent monitoring of critical networks, and a fast response capability. Response capability: France has set forth a new concept, Offensive Computer Fight, which is based on the necessity of attacking for defending. For that, it is necessary to know about techniques of attack that can compromise the adversary. The white paper about National Security and Defence was presented on June 2008. It argued that the Cyber Threat has a very high probability of occurrence and that its impact on critical infrastructures and governmental systems is also considered high. In 2009 the National Authority of Information Systems Security was created with the following missions: a. Detection and reaction against cyber attacks. b. Development of trusted products and services for government and critical sectors. c. Support for security of governmental organizations and critical infrastructure operators. d. Active communication policy to give information to enterprises and citizens about threats to information security and procedures for protection Other important contributions to the national cyber security are the establishment of the “Computer in Depth Active Defence,” designed for the protection of systems, network monitoring and fast response capabilities in case of cyber attacks; the Computer Systems National Security Agency; and an informative internet site for citizens.
[58]
7.3.2.
Cyber Security in United States
Without a doubt, cyber defence in the United States is considered a strategic issue. The US organization in charge of national cyber defence is complex in nature, and the coordination of the activities in this field is difficult due to the large number of public and private units, departments and agencies involved. The Department of Homeland Security is the federal agency responsible for the coordination of all national cyber security activities. For that reason it has developed several strategies related to national security in which cyber security is main component. These plans consist of the National Strategy for Homeland Security (which includes the National Strategy to Secure Cyberspace), the National Strategy for the Physical Protection of Critical Infrastructure and Key Assets, the development of Cyber Defence Exercises (Cyber Storm series), and periodical events related to cyber security training, education, and awareness. The civil area of the Department of Homeland Security is focused on the following areas: developing an integral planning to assure critical resources and infrastructures, obtaining crisis management capability, giving technical assistance to other public or private entities, and even coordinating with other governmental agencies. 43 The National Cyber Investigative Joint Task Force of the FBI focuses on making the Internet safer by pursuing terrorists, spies, and criminals who seek to exploit US systems.44 In addition, in the US Department of Defence (DoD) there are several military units with responsibilities in cyber security. Air Force Cyber Command: Military actions in cyber space include defence against malicious activities on the Internet or electromagnetic spectrum, where national security is threatened. Joint Command Structure for Cyber Warfare: U.S. Strategic Command is the responsible entity for Computer Network Operations (CNOs) and includes in its structure the US Cyber Command (USCYBERCOM) Navy Cyber Defence Operations Command: Its mission is coordinating, monitoring, and supervising CIS security. It is responsible for its Computer Network Operations.
43
Ibid [Is this footnote correct? There is no previous citation relating to U.S. DHS.]
44
http://www.fbi.gov/about-us/investigate/cyber/ncijtf
[59]
DoD Cyber Crime Center: It establishes standards for processing digital evidences and forensic analysis. Other initiatives related to national cyber security are: National Strategy for Homeland Security: The main objective is to mobilize and organize the nation to protect itself from terrorism. The document describes strategic objectives, threats, vulnerabilities, and critical areas. National Infrastructure Protection Plan: The main objective is to identify and manage cyber threats. It includes responsibilities in Information Technologies Sector and development of a Critical Infrastructures catalogue. National Strategy for Secure Cyber Space: The five priorities are: national cyber space security response system; threats and vulnerabilities mitigation program; training and awareness of cyber space; government cyber space security; and finally national and international cooperation. National Defence Strategy: It defines its own objectives to carry out National Security Strategy, the form to achieve them, and the associated risks. DoD Cyber Defence Capabilities: This includes Cyber Defence and Cyber War on Information Operations (i.e., actions carried out during a conflict that affect the information and networks of the adversary while protecting their own information and networks). In 2008 the Comprehensive National Cyber Security Initiative was developed, proposing three objectives for securing cyber space: establishing a line of defence against current threats, defending against all kinds of threats, and strengthening the future environment of cyber security. In May 2009 the Cyber Space Policy Review was published, proposing that a national strategy must be oriented to enhance the resistance against cyber attacks and reduce the threat. 45
45
Luis Joyanes Aguilar, María José Caro Bejarano, José Luis González Cussac, Juan Salom Clotet, Nestor Ganuza Artiles, Juan Díaz del Río Durán y Javier Candau Romero. Ciberseguridad. Retos y amenazas a la seguridad nacional en el ciberespacio [Book]. - Madrid : Instituto Español de Estudios Estratégicos, 2010. United States Homeland Security Cyber Storm: Securing Cyber Space [Online] // http://www.dhs.gov/files/training/gc_1204738275985.shtm. United States Homeland Security. The National Strategy to Secure Cyberspace [Report]. - 2003. United States Office of Cyber Security (OCS) [Online] // http://www.cscic.state.ny.us/.
[60]
7.3.3.
Cyber Security in United Kingdom
For the United Kingdom, cyber defence is a priority. The UK has given an important boost to the national cyber security by creating three entities: the Office of Cyber Security and Information Assurance (OCSIA), which has the mission of coordinating the cyber activities of all government departments; the Centre of Cyber Security Operations, which has the mission of coordinating the protection of communication and information systems used by Government and private sector; and the “entre for the Protection of National Infrastructure. 46 In June 2009 the United Kingdom Cyber Security Strategy, published with the objective of ensuring their advantages in cyber space, has three principal objectives: 47 a. Reduce the risk of cyber attack on national targets by addressing the threat, the vulnerabilities, and the impact of such attacks. b. Obtain intelligence to support national policies and act against opponents. c. Improve awareness activities as well as human and technical capabilities; develop a doctrine on cyber space. Other initiatives that the UK has developed to enhance the national cyber security capability are summarized below. The National Security Strategy highlights the importance of managing the risks of cyber attacks on communication and information technologies. The National Infrastructure Protection is the responsibility of the Centre for the Protection of National Infrastructure (CNPI), which provides support and advice on security to organizations and enterprises that form the national infrastructure. The National Information Security Strategy addresses the vulnerabilities and threats to information security to achieve an efficient risk management, security standards compliance, and security information capabilities. The Technical Program of Information Security is the most important support of National Information Security Strategy. Intelligent Customer Mechanism (ICM). It is a collaborative mechanism that enables the government to manage its information in a secure way. “The future of net crime now,” a manual published by the government of the UK, recommends a group of measures to reduce cyber crime: enhance security efforts, enhance criminal risks, reduce regards of criminals, or erase the reasons to attack). 46
Op. Cit. 38 United Kingdom, Office of Cyber Security and Security Operations Centre, Cyber Security Strategy of the United Kingdom [Report]. - 2009. 47 Op. Cit. 45
[61]
7.3.4.
Cyber Security in Estonia
The reduction of vulnerabilities of cyber space with the implementation of specific national plans and the international collaboration is the principal objective of the security strategy of Estonia, which was published in May 2008. 48 Estonia has defined five strategic objectives: a. Application of a set of security measures for critical infrastructures, Internet, and SCADA systems. b. Development of technical and legal knowledge for security training, exercises, and R&D cyber security initiatives. c. Development of legislation on the secure use of information systems and protection of critical infrastructures. d. International collaboration to strengthen cyber security. e. Awareness of information security on all levels.
7.3.5.
Cyber Security in Germany
The national leader in cyber defence issues is the Federal Office for Information Security (BSI), which has an important role on critical infrastructure protection and addresses all areas related to security in cyber space. The principal missions of BSI are the protection of federal government networks, the development of encryption products, the analysis of new technologies, the security of software products, and the protection of critical infrastructures. The BSI counts, among other entities, a center of information technology situation, a center of crisis management, and an early alert system to carry out its responsibilities. Germany is making a significant effort to enhance national cyber security. Some remarkable initiatives are: a. Strategic Recognition Unit of the Bundeswehr. This unit has the mission to protect the nation against attacks on cyber space.
48
Op. Cit. 45
[62]
b. Critical information protection strategy. This strategy addresses three main issues: identification of critical infrastructures, protection strategy, and development of the National Plan for Information Infrastructure Protection. This plan is aimed at protecting critical infrastructures, responding to security incidents, and improving German capabilities for Information and communication technologies, and developing international standards. 49
7.3.6.
Cyber Security in Spain
Spain has various national agencies with official responsibilities for national cyber security, all under the National Intelligence Center (CNI), which coordinates the action. Dirección General de Infraestructuras y Material (General Directorate for Equipment and Infrastructure). It is responsible for the development of the Critical Infrastructures Protection National Plan. Grupo de Delitos Telemáticos de la Guardia Civil (Guardia Civil Cyber Crime Group). This group is responsible for cyber crime investigation and provides support to organizations and citizens in national and international environments. Brigada de Investigación Tecnológica del Cuerpo Nacional de Policía (National Police Technology Investigation Brigade). It is a police unit that assumes new challenges of different types of crime, such as child pornography, Internet scams, cyber space attacks, etc. Instituto Nacional de Tecnologías de la Comunicación, INTECO (IT National Institute). It has the national responsibility to promote initiatives related to the establishment and development of a digital society and related IT solutions. CCN-CERT: It is the national center of alert that cooperates with all public administrations to respond to security incidents in cyber space. Centro Criptológico Nacional, CCN (National Cryptographic Center). It coordinates the actions of different public organism to ensure and protect the national information and IT infrastructures. Other initiatives carried out by Spain are:
49
Op. Cit. 42,45 Germany Bundeswehr [Online] // http://www.deutschesheer.de/portal/a/heer/technik/perspek/infante.
[63]
National Security Strategy: The necessity of implementing a generic strategy for national security has been identified. One of the initiatives that have been taken is the development of the Security National Scheme. Critical Infrastructure Protection: Secretary of State for Security is the responsible of the direction, coordination and supervision of the CIP. Critical Infrastructures Protection National Center (CNPIC) is responsible for developing and managing the Critical Infrastructures Security Plan and Critical Infrastructure National Catalogue. CCN efforts on National security: The CCN perform an active role in the development of legislation, directives, guides and recommendations related to security; in training Public Administration personnel, accreditation of cryptographic capacity IT products, monitoring compliance with national security law, etc. INTECO: It is carrying out several projects related to cyber security as the establishment of an antivirus early alarm centre, an incident response center, a security information observatory and a security demonstrator center. 50
7.3.7.
Cyber Security in Norway
This nation has different public agencies that coordinate and take different actions on Cyber Defence; as the Norwegian Security National Authority, the National Coordination Council of Information Security, the Directorate for Civil Protection and Emergency Plans and the Commission for Critical Infrastructure Protection. Norway has developed the Center for Information Security, SIS (which coordinates activities related to communication and information technologies), the UNINETT CERT, and an academic network for R&D. Some of the most remarkable initiatives on Cyber Defence matters are the development of the strategy and guidance described below: National Strategy for Information Security: It purposes several initiatives to improve security based on guides for information and network security. It includes all aspects of Information and Communication Technologies and government activities for critical infrastructure security. National Guide to strengthen information security 2007-2010: It has three objectives, ensuring critical infrastructures, a solid security culture and investigation on security area. 51
50 51
Op. Cit. 45 Ibid
[64]
Chapter 8
Cyber Security in NEC (NECCS)
Without a doubt, cyber security is a vital aspect for NEC survival, operation, and efficiency; and NEC objectives can be achieved only through the implementation of an appropriate and sensible security policy. The NEC operation is based on networks and information NECCS is the set of sharing. Networks must be protected from cyber attacks, technical and procedural negligence, and natural disasters. Furthermore, information security measures focused must be protected from potential lost of confidentiality, on Information, People and NII with the goal of integrity, and availability. facilitating information
In an NEC environment it is not always easy to identify superiority in an NEC clearly the limits of different security domains, such as environment. Information Assurance, INFOSEC, Critical Infrastructure Protection, and Cyber Security. Therefore, it is necessary to establish a security concept that addresses all aspects involved in the assurance of NEC operation. This is the aim of NEC Cyber Security (NECCS). NECCS is defined as the set of technical and procedural security measures focused on Information, People and Networking, and Information Infrastructure (NII) with the goal of facilitating information superiority52 in an NEC environment. From NECCS definition it is possible to identify: The nature of the NECCS measures: not only technical measures, but procedural as well. The recipients of the NECCS measures: information, people, and NII. This refers the necessity of having a set of security measures focused on information, people, and NII. These measures should be applied by people and by automated processes embedded in the NII.
52
NATO defines information superiority as the operational advantage derived from the ability to collect, process, and disseminate an uninterrupted flow of information while exploiting or denying an adversary’s ability to do the same. In this definition the necessity of implementing security measures is stated implicitly.
[65]
The purpose of NECCS: facilitate information superiority. This point is very important, demonstrating that the goal of NECCS is not to protect the information and NII at any cost, but rather to facilitate the NEC strategic objectives through a dynamic application of security measures. The ultimate goal of the NEC is to obtain better results, but this goal is too broad and vague to guide the cyber security mission. However, information superiority is more concrete and is the major contribution that cyber security field can provide to the NEC.
Cyber Space
Information Superiority Information People Networks Technical & Procedural Measures
Figure 16. NECCS concept
The space of NECCS: the NEC environment. All security measures are connected to the cyber space, which is the natural environment of an NEC.
The implementation of NECCS entails the establishment of numerous measures that can be grouped in four focus areas: Information area: the technical and procedural measures that protect the availability, integrity, and confidentiality of the information. User area: the technical and procedural measures that ensure the NEC users identity management and non-repudiation of NEC transactions. NII area: the technical and procedural measures that facilitate the integrity, availability, survival, resilience, and ubiquity of the NEC Networking and Information Infrastructure (NII). Security policies and regulations the technical and procedural measures that focus on building security, trust and confidence among users and organizations when handling53 and sharing information.
53
Information Handling: it is the activity or activities related to the use of information by creating, presenting, storing, processing, transporting, or disposing of it.
[66]
Figure 17. NECCS implementation
In this chapter, the main elements or aspects to consider in NECCS have been detailed: people, information, networking and information infrastructure, security services, technology, industry, culture, costs, and benefits. Although these elements can be studied and analyzed independently, the NECCS approach must be holistic and include studies on the aspects that provide cohesion to the whole. Below, the main aspects of NECCS are described.
8.1.
NECCS. The Human Factor
As mentioned earlier, information is the centerpiece of NEC, and information superiority is the goal of NECCS. However, even though information is the focal point, in fact people are the most critical component in the NEC establishment since NEC entails a cultural revolution where people are the main actors. This revolution means a sudden, complete, and marked change, and human nature per se is afraid of changes and resists them consciously or subconsciously. Hence, management of the human factor should be addressed with special attention in the first stage of an NEC implementation. The best or worst way to handle this matter will ultimately determine the success or failure of the NEC. Once people are aligned with NEC principles, the work in the human factor will turn routine in accordance with NEC policies. One of the significant changes is that currently decisions are made
[67]
In NECCS, information is centerpiece, information superiority is the goal and people is the most critical component
within a hierarchical structure, and important decisions are made by the highest echelons of the organization. The revolution involves a change in the structure that will be more equitable, so that all users – not only upper echelon users, will participate in the decision-making process. Thus, this will mean more responsibilities for all the users. The revolution especially affects the cyber security field in such a way that the organization has to face a cyber security revolution in which change management and education are the pillars of success.
8.1.1
NECCS. Change Management
By nature, people are reluctant to change. This fact cannot be disputed. Even in a military environment, managing change by ordering and expecting faithful compliance with orders is a tactic doomed to failure. Once a person masters or becomes accustomed to interacting with an information system in a specific way, the obligation of interacting in a different way will be considered a challenge. In numerous cases such a challenge will not be accepted willingly, even in the case in which it is understood that the change will bring future benefits to the organization and to the user himself or herself. A systematic and gradual approach to the problem is advisable, and the cyber security staff involved in the NEC implementation has to make an effort to introduce the new techniques, applications, methodology, procedures, and rules in a simple and pleasing way that facilitates the adaptation and wins enthusiasm for the change. People are not only resistant to change, but to security as well. According to the behavior facing security, two kinds of people can be distinguished: The security sceptics: people who consider security as an obstacle for their purposes and interests and even for the organization’s benefit. They consider security measures a hindrance for operation rather than a benefit for the proper functioning or survival of the organization. The security rigid people: people who do not accept any risk in security matters and like to have very concrete rules that lead them to make decisions. Both behaviors are harmful for an NEC development; the sceptics will try to avoid or bypass the security measures to get a working environment more convenient; the rigid people will try to fight against any attempt to make the rules more flexible because these will entail more responsibility and more risk. A cyber security awareness campaign has to be addressed especially, to the sceptics and rigid people to avoid behaviors non-aligned with NEC objectives.
[68]
On the other hand, acceptance of change is usually different depending on age. Older generations usually are most resistant to security model changes since they have lived most of their life in a working environment where the flow of information was highly hierarchical and compartmentalized. Consequently, the restriction to access information took precedence over everything. Ingrained habits are difficult to change. Younger generations have grown up in the Information Age and are familiar with an information environment more open, accessible, flexible, dynamic, agile, and ubiquitous, in short, more consistent with NEC. For cyber security education purposes, different approach should be considered by generations, where the problems are really opposite. In one case, it is resistance is to more flexible rules, and the other case it is resistance to accept restrictions in the information exchange.
8.1.2
NECCS. Education
AN NEC environment requires more responsibilities, qualifications, and skills in information technology and especially in security procedures. For that reason it is essential to make a comprehensive NECCS education plan that cover awareness, training, and practice in cyber security responsibilities, policy, rules, procedures, techniques, applications, and services during the complete cycle of life of the information: creation, presentation, storage, processing, transportation, and disposal.
NECCS Requirements
NECCS education plan
Evaluation
Information Protection
•Awareness •Training •Exercises
•Creation •Presentation •Storage •Process •Transport / Sharing •Disposal
Cyber security awareness, training, and practice should be flexible, dynamic, comprehensive, balanced, ubiquitous, continuous, and 54 permanent. E-learning is the best way to meet time all this
Figure 18. NECCS education cycle
54
More detailed information about cyber security awareness, training, and exercising can be found in the section 9.3. of this paper.
[69]
requirements at the same. Comprehensiveness, i.e., covering all possible risks to security, is particularly important. Careless security can be the gateway for an adversary to commit malicious actions, and as a result efforts toward other security measures can become useless. This situation can result, apart from the specific damages caused by the harmful action, in loss of reputation and credibility of the security measures implemented. This in turn can lead to a vicious cycle: a security failure could lead users to think that the whole security system is not efficient, therefore, they relax their implementation of the measures, which leads to more failures and back again.
Figure 19. Security vicious cycle
[70]
8.2.
NECCS. The Information
Information is the centerpiece of NEC; consequently, information security is also the centerpiece of NECCS. According to NEC principles, information should meet a number of standards to be efficient in the decision making process and to facilitate the achievement of the goals of the organization. These goals include obtaining the optimal results through the best decisions, shared understanding, and better information. NECCS is designed to facilitate the achievement of the objectives of the organization and therefore must focus on determining the efficiency of the information. To be efficient, the information needs to meet the following requirements: Visibility
1. Information should be visible. 2. Information should be accessible. 3. Information should be manageable.
Accesibility
4. Information should be reliable. 5. Information should be useful.
NEC managers often use the following saying, “NEC is about delivering the right information to the right recipient at the right time.” This emphasizes the importance and prevalence of the information asset.
Manageability
Information Eficiency
Reliability
NECCS is aligned with this axiom and focuses on the efficiency of the information through security measures addressed to the information itself, the NEC users, and NII. Usefulness
Below are the information requirements in more detail.
efficiency Figure 20. Information efficiency requirements
[71]
8.2.1.
Information Visibility
The information that we need in most cases is available. The problem is how to find it. An additional problem is how NEC can facilitate the visibility of a specific piece of information within the vast maze of information available in the systems. A further problem is how to make the information visible only for the right users, for people who “need to know” the information to perform their responsibilities and tasks properly. This issue is concerned with where the information is, how it can be accessed, and its relevance. In other words, this is how can get the information and who is the potential audience. This is not the issue of making the content visible. That is the second step. Information can be visible through three different policies: Information visible individually according to need to know criteria: This policy entails a maximum level risk of hiding the existence of interesting and relevant information for a significant number of interested users; on the other hand, the risk to inform the existence of this information to people with no need to know is minimal. Information visible partially to communities of interest: This policy entails a medium level risk of both -- hiding the existence of interesting and relevant information for interested users and informing the existence to people with no need to know. Information visible freely to all users: This policy entails a minimal level risk of hiding the existence of interesting and relevant information for users; on the other hand, the risk to inform the existence of this information to people with no need to know is maximal. In NECCS, where information superiority is the goal, the second or third policy is preferable. This takes into consideration that the damage caused by hiding indications of availability of relevant information to proper users is higher than the potential damage caused by the ability to inform about the existence of specific information to people with no interest in that topic, even people that need the information for malicious purposes. To be clear, this is not about making the content of the information visible, but just showing its existence.
[72]
8.2.2.
Information Accessibility
In most cases, in large organizations where operations are complex, the information must be available to predefined users according to rules based on “need to know” and confidentiality criteria. However, at the same time in an NEC environment, information must be available to unanticipated users. Defining a “need to know” map or list could be complex or impossible, and this list will never include unanticipated users. “Need to know” criterion is aimed to select people from among authorized users under criteria of responsibility or functionality. Unlike “need to know,” confidentiality is aimed at selecting authorized users from among all interested users under criteria of trust, alignment with objectives of the organization, and lack of personal vulnerabilities. Entitling users with a specific grade of clearance to guarantee compliance with confidentiality requirements is a personal and individual process. Assigning a specific “need to know” label to users to guarantee compliance with “need to know” requirements could be an individual or a collective process.
Need to share
Need to know
Figure 21. Need to know vs Need to share
In any case, NECCS should implement mechanisms that can properly manage the confidentiality and need to know, and can foresee mechanisms that enable secure access to the information to unanticipated users without putting the whole system at risk. In NECCS, in case of conflict between “need to know” and “need to share,” the “need to share” criterion should prevail. Therefore, the potential damage caused by making specific information accessible to authorized users not related to the topic is not comparable to the damage caused by making relevant information inaccessible to the right users. In a case of conflict between confidentiality and “need to share,” decisions have to be made based on the results of a strategic risk analysis. This will take into account damages resulting from the loss of confidentiality, as well as benefits that information sharing generates.
[73]
8.2.3.
Information Manageability
In general, there is more information available than a user –a potential decision maker can assimilate. Therefore, it is very important that NEC provides tools that help users to identify the relevance of the information. Relevance is the quality of being closely connected or appropriate to the matter at hand. A relevance indicator should help to identify “need to know” label. Since the quantity of available information is enormous, one person cannot assimilate it all. Therefore, the relevance indicator will help a person extract from this huge amount of information only the small part that is of most interest or relevance. This makes the process far more manageable. In other words, “need to know” can be used to avoid excess information by filtering according to users’ needs. However, this is not enough; the amount of information available exceeds the capability of users even within the restricted area limited by “need to know.” To be able to extract the most relevant portion of information for every user in any issue or operation, somehow the information system or the information management service must know what topics, areas of knowledge, or priorities are of concern to every user. It is necessary to match every user with some pieces of information or every piece of information with some users. Hence, every user and every piece of information has to be labelled with something in common to facilitate the matching. This “something in common” has to provide information about details of topic or area of knowledge and prioritization by relevance for specific business and operation. The theory seems easier than the practice. How to know what information is useful for whom in a wide, complex, multidisciplinary and dynamic environment? So far, any solution to match users with the most relevant pieces of information is far from perfect. Nevertheless, in order to be as effective as possible, the solution must provide: A reliable labelling system: links users and pieces of information. Flexibility: operations end, users change positions, roles, tasks, and responsibilities. Dynamism: in a modern operation or business, situations and circumstances change rapidly. The ability to adapt in a timely manner to new situations is critical to succeed. What is relevant now may not be relevant after a short time. Freedom: any solution to match users with the most relevant pieces of information is far from being perfect since it is necessary to know what is inside every mind in
[74]
every moment. While the human factor is a vital component of business development and decision making, the person must be provided with some portion of freedom to choose the information relevant for him. How NECCS can facilitate the manageability of the information? NECCS should provide integrity to labels and security policies that give space to the development of flexibility, dynamism, and freedom over “need to know” without compromising confidentiality.
8.2.4.
Information Reliability
Thus, the user now has identified the information he needs, he has clearance to access it, and he has filtered the amount he is able to assimilate. But doubts remain for making a decision based on this information: a. Is the information accurate? Is the originator of the information as the true originator? b. Does this information come from a reliable source? c. Is the information reflecting the situation right now? Has it been updated or is it outdated?
NEC should provide users with mechanisms to facilitate the answer to the abovementioned questions. These answers will help d determine the credibility of the information. However, when a specific piece of information can be considered reliable? 1. When it is provided by an author that has authority in the matter. 2. When the content is original, without malicious manipulations. 3. When there is a reliable indication of the link between author/source and content. 4. When a user who has published or transmitted a piece of information cannot technically later deny that he was the publisher or transmitter. 5. When a user who has extracted or received a piece of information from the system cannot technically later deny that this information wasn’t extracted or received by him.
[75]
How does NECCS contribute to the information reliability? NECCS should provide security services that ensure the integrity and authorship of the content of the information and the non-repudiation of authorship, source, sender, and receiver. All of these services can be realized by the implementation of a robust digital signature service.
8.2.5.
Information Usefulness
Now information is in the hands of the user through the process of making the information visible, accessible, and manageable. The user relies on information content and authorship, but this is not enough to make the information useful in the NEC cycle for achieving better results. Timeliness, quality, consistency, and understandability are key factors to making the information useful. Timeliness. NEC is designed to provide information management functionalities in an open and very agile environment. Information overprotection or rigid security policies can lead to an unacceptable delay in information delivery. NECCS has to deal with the harmonization or reconciliation of two requirements: 1. NECCS should facilitate timely access to information by authorized users, and at the same time, 2. NECCS should prevent adversaries from accessing the information while it remains valuable for them. NECCS has to facilitate the delivery of the information on time by avoiding heavy and unnecessary security measures that result in a slowdown in the dissemination. NECCS should contribute to the timeliness of the information by establishing security policies and executing risk analysis that lead to the application of security measures solely when necessary, and by implementing an efficient information classification and “need to know” policy and process. Information classification will be addressed further in section 8.2.7. Quality. A characteristic that indicates its fineness or grade of excellence. Quality of the information is directly linked to better outcomes and effects. NECCS should contribute to the quality of the general information by improving the quality of the information related to cyber security issues.
[76]
Consistency. A characteristic that indicates its compatibility and alignment with the organization’s mission. Consistency assures that it is not self-contradictory or contradictory with other relevant information. NECCS should contribute to the consistency of all the information by improving the consistency of the security aspect of the information. Understandability. At the end of the process, the user has information that is on time, excellent and consistent. However, he has to be able to interpret the information. Therefore, the information must be adequate to the intellectual profile of the user. Information has to be provided in the type and level of language that the user can interpret. NECCS should contribute to the understandability of the information by providing security mechanism that ensures integrity to labels providing indications on language, type and depth and making an effort to explain cyber security issues in non-technical language understandable by a wide audience non-cyber expert.
8.2.6.
Information Interoperability
NEC is designed to work in a multinational and multi-organizational environment. In such environments sharing information is one of the biggest problems. Nations and organizations are reluctant to share their own classified information due to the lack of common information security policies. They want to have the guarantee that the recipient will treat the information with at least same owner security criteria. However, the reality is that so far there is not a common set of rules for protecting and classifying the information. NECCS can serve as a reference to achieve a common understanding of information security through computer networks and thus enhance the information sharing.
8.2.7.
Information Confidentiality Classification
Information confidentiality classification, or just information classification, is the process by which a particular information content or topic is specifically identified by a mark with the potential damage that could occur in case the content becomes accessible to adversaries. Certain issues must be clarified since they are often misinterpreted:
[77]
Classification is not related to risk. In other words, it is not related to the possibility or probability that damage might occur. Classification is not related to the importance of the information. Some information is extremely valuable in the hands of the right user and useless in hands of others. In this case, it makes no sense to classify the information. Classification does not give clear and accurate determination about the value or quality of the information. Classification does not provide any information or guarantee about integrity. The confidentiality protection service safeguards against unauthorized access by making more difficult the intentional manipulation of the content of the information. However, it is not designed to protect the integrity. Classification does not provide any information or guarantee about availability. The classification of information prevents unauthorized users from access, but does not ensure access to authorized users. Criteria for classification. The graduation in classification levels is a very subjective process and consequently very difficult to standardize. It is difficult - but still possible - to have a multinational common generic list of topics to guide the process of classification. However the implementation will always require an ultimate interpretation, and subjectivism will be always present. Criteria for declassification (classification validity time). The period of time during which information remains classified is usually fixed by regulation. In NECCS the principle of security efficiency invokes the protection of the information exactly when, where, and how it is needed. Usually, the classification validity time is related to the level of classification and not to the period of time during which information remains useful for adversaries. This concept of validity time is conceptually wrong and is not consistent with the security efficiency principle. In short, information classification is a security mechanism that links a specific content or topic with a level of severity of potential damage. This is a very limited mechanism for NECCS requirements. The confidentiality protection system, based on affixing a stamp or mark on a paper or electronic document and partitioning the information systems according to a classification level, is a very rigid model. Unfortunately, it is not efficient in an NEC environment. Instead, information should be labelled with indications of confidentiality as well as integrity, authorship, availability, and relevance with the aim of achieving visibility, accessibility, manageability, reliability, and usefulness. NECCS should provide mechanisms that guarantee the integrity of the labels.
[78]
Furthermore, NECCS should provide a new method of information classification that is more in line with NEC requirements, whereby: a. Pieces of information are indexed, organized, structured, and labelled according to confidentiality, integrity, availability, authorship, relevance, date, etc.
NEC Information Classification
b. Users are aware, trained, skilled, and practiced in information management and information security matters, including information classification and declassification.
Information attributes
c. Identity management service guarantees the link between users and information attributes. d. Access to the information could be passive or active. It is passive when a set of rules are implemented to deliver information automatically to users according to predefined requirements. It is active when a user utilizes the information searching tools available for looking for information according to his needs in that moment.
•Confidentiality •Integrity •Availability •Authorship •Relevance •Date
Training •Information Management •Information Assurance • Information Classification • Information Declassification
Identity Mangement •Users/Objects •Information Attributes •Users/Objects privileges
Information Access •Active •Passive
Figure 22. NEC Information Classification
[79]
8.3.
NECCS. The Networking and Information Infrastructure (NII)
NATO defines the Networking and Information Infrastructure (NII) as “the supporting structure that enables collaboration and information sharing amongst users and reduces the decision-cycle time. This infrastructure enables the connection of existing networks in an agile and seamless manner.” This definition is more focused on describing the functionality or ability of the NII than in depicting what NII itself is. NECCS needs a more detailed definition to identify properly the security measures encompassed by NECCS. The NII is composed of two facets, on one side networking and on the other information infrastructure. Below are some definitions of the terms. Networking: a. Business networking is a socioeconomic activity by which groups of like-minded business people recognize, create, or act upon business opportunities. A business network is a type of social network whose reason for existing is business activity. There are several prominent business networking organizations that create models of networking activity that, when followed, allow the business person to build new business relationships and generate business opportunities at the same time. A professional network service is an implementation of information technology in support of business networking (Wikipedia.org). b. A social network is a social structure made up of individuals (or organizations) called "nodes," which are tied (connected) by one or more specific types of interdependency, such as friendship, kinship, common interest, financial exchange, dislike, sexual relationships, or relationships of beliefs, knowledge, or prestige (Wikipedia.org).
Information infrastructure: a. Communications networks and associated software that support interaction among people and organizations (http://www.sourcewatch.org). b. A shared, evolving, open, standardized, and heterogeneous installed base (Hanseth, 2002). c. People, processes, procedures, tools, facilities, and technology which support the creation, use, transport, storage, and destruction of information (Pironti, 2006).
[80]
d. Communications networks and associated software that support interaction among people and organizations (Roger Clarke). Considering the previous definitions together with NECCS requirements, Networking and Information Infrastructure (NII) can be defined more widely as: A supporting structure composed of computer networks, information systems, processes, procedures, tools, facilities, and technology; connecting individuals with pieces of information, according to one or more specific types of interdependency (security clearance, need to know, position, current job, tasks, responsibilities, authorship, relevance, topic, operation, availability, prestige, knowledge, common interest, etc.) and consequently enabling collaboration and information sharing and reducing the decision cycle time. a. Provide availability of computers, computer networks, information systems, processes, procedures, tools, and NII facilities in accordance with predefined requirements established in official documents such as SOPs or SLAs. b. Provide resilience to computers, computer networks, and information systems suffering cyber attacks. c. Provide capability to perform basic and critical functionalities in degrade mode. d. Provide integrity to network assets labels. e. Help the networks’ convergence by ensuring security compatibility between all types of systems and interconnections. Despite what the name “Network-enabled Capability” implies, NEC is about information sharing rather than networkcentric capability delivering information. Below are three of the main aspects that help implement an NII consistently with NEC and NECCS requirements: federation of systems (FoS), protected core network (PCN), and policy based access management.
Figure 23. Main Aspects of Networking and Information Infrastructure
[81]
8.3.1.
Protected Core Network (PCN)
According to the IEEE, a protected core network (PCN) is used to implement a flexible transport infrastructure that supports future military operations based on network enabled capability (NEC). PCN is based on creating a loose coupling between information domains and the transport infrastructure. It focuses on the provision of high service availability, also in high-threat environments. This architectural approach highlights a number of emerging and novel concepts whereby research and development are needed to support NEC properly. NATO ACT considers PCN as a new approach to create a transport network for military application. It can handle transport for many different networks at different classification levels, while assuring high availability of the transport service. Some experts believe that current NATO military networks are expected to evolve towards PCN.55 PCN is based on a protected black network where information, both classified and unclassified, is transmitted encrypted. In the PCN, no anonymous actions exist, and data traffic that has not been previously authorized will not be forwarded. All users and devices must be authenticated before sending any data through the network. In order to use any service, the users must be previously authorized for accessing that service, or the packets will not be carried by the network core. In order to enable outsiders to use parts of the network, they have to come through a service that maps them to a special user with limited rights. PCN has the objective of assuring the availability, resilience, and security of the transport service when high functionality is required. It includes support for QoS, priority handling and security, and it is able to maintain the transport service even under directed attacks. This objective can be achieved by using different classes of network services for both performance and security, protecting all network components and having a superior knowledge, management, and control. The PCN model needs a strong investment in terms of technical security implementations. Some of the technical security solutions that PCN requires are: strong identity and access management, traffic encryption, and anti-jamming; additionally multi-topology routing and prioritized network access system can enhance the efficiency of the PCN. PCN is a good alternative when a very reliable and secure network is needed in a small and controlled environment. But it is too rigid to face NEC wide environments that require flexibility, ubiquity, dynamism, interoperability, and trust among members.
55
Thales Corporation. http://www.thales.no/pub/sites/index.php?siteID=33
[82]
Actually, it is against the principle of single information domain described in chapter 9, section 9.1.
Figure 24. Protected Core Network
8.3.2.
Federation of Systems (FoS)
Network and Information Infrastructure (NII) is based on the Federation of Systems (FoS) concept. NATO defines FoS as: “the synergistic amalgamation of a dynamic set of globally interconnected, multi-national, autonomous systems, each comprised of networking and information infrastructure components, providing information capabilities, associated processes, and personnel for collecting, processing, storing, disseminating, and managing information to authorized users on demand, on an end-to-end basis.” FoS is an integrated group of flexible, adaptable, and dynamic environments. It involves highly interconnected information and communication networking capabilities that are used to enable NEC and its capabilities to support operations that create a global communication stage.
[83]
FoS is based on the interconnection of different and independent systems, managed independently without central authority and direction. It allows the sharing of all the services to produce common results. Power and authority are decentralized in management, development, and operations, but they collaborate to achieve a common objective, with a high degree of autonomy, heterogeneity, and distribution. Thanks to FoS, nations or organizations are able to work together without the involvement of third parties, making possible a direct collaboration between all the members that share infrastructure, services, and information. The main benefit of a FoS is the synergy of capabilities. On one hand, FoS is able to enhance the capabilities of each of the entities. In addition, each entity can gain new skills that no one system can provide by itself. The final joint capability is larger than the capability resulting from the sum of each entity capacities separately. Security measures designed to protect autonomous computer networks are not sufficient to guarantee an acceptable security level supporting NEC objectives, taking into account the grade of flexibility required. It seems preferable to support an efficient and reliable federation of systems. Furthermore, apart from specific security measures designed for decentralized interconnection models, it is necessary to build trust between federations that share information, networks, and systems to smoothly enable the common use of information and services. Although different entities or nations are able to work together with the same objective, it is important to take into account the different information assurance policies that they apply on their networks, systems, information and people. In that way, every person participating in common operations will manage information and systems based on their own security policies. There are two possible solutions in order to build trust between federations: a) agree upon a common security policy that meets all the different requirements from the different federations, then raise awareness and train the users in the application of the common policy and enforce the compliance autonomously; or b) raise awareness and train all users in the application of all the security policies, and enforce the compliance with all of them. Security levels must never be underestimated with respect to those applied for each entity and for each type of information, operation or action. Furthermore, guarantees should be provided on the proper and equivalent treatment of information in a dynamic environment.
[84]
8.3.3.
Policy Based Access Management
According to ACT, NEC is a business model intended to federate capabilities through a service based model or service oriented architecture (SOA). This model requires the ability to structure policies, doctrine, and processes in an ownership decentralized environment.56 Service-oriented architecture (SOA) is a platform for building heterogeneous interoperable information services that require uniform access to data stored in distributed repositories. SOA provides common infrastructure for data access, integration, provisioning, cataloguing, and security services. Common security architecture for SOA involves extended use of policies for manageable security services. Policies are created and controlled by a designated service administrator or by an organization that owns the service or resource. Policies allow for adjustable security services and can be used for service negotiation. In grid environments, policies are typically managed by a virtual organization (VO), which provides attributes and identity management services for member organizations. A VO is created on the basis of an agreement and combines users, resources, and associated services. Due to the potentially complex structure of VO or other associations of services and resources in SOA, access control services must be designed to handle multiple policies related to both service level and resource level.57 Policy Based Access Control is a strategy for managing user access to one or more systems, where business classification of users is combined with policies to determine what access privileges a user should have. Theoretical privileges are compared to actual privileges, and differences are automatically applied to manage system.58 Hence, policy based access management regulates the access control to information, networks, systems, applications, and services in an NEC environment. Although “duty to share” is the trend, it is necessary to continue to manage the “need to know” principle. Only personnel who have the need to access the information, system, etc., can access it. Equally important as accessing the information is controlling the requirement that the person who accesses it has the right permissions. Confidentiality continues being a primary requirement in an NEC. Policy based access management must be elaborated, taking into consideration users and object (information, system or network element, application or service) attributes. Identity and security clearance are the traditional parameters used for personnel access control, but in an NEC other criteria, such as time, location, and relevance, are also required. Finally, it is important to highlight the electronic labelling as an essential aspect for identifying and categorizing each element requiring access and for applying a strong access policy. 56
Op. Cit. 2 Dr. Yuri Demchenko, advanced internet researcher group, University of Amsterdam [http://www.touchbriefings.com/pdf/1426/ACF2BA.pdf ] 58 Hitachi ID Systems, Inc. [http://hitachi-id.com/concepts/pbac.html] 57
[85]
8.4.
NECCS. The Services
NECCS services are systems, applications, or activities aimed at providing the security properties required by an NEC. These security properties include: integrity of information, integrity of labels, authorship and source guarantee, sender and receiver non-repudiation, availability of information, availability and resilience of computers, computers networks, and information systems, need to know and information confidentiality. NECCS services, at the same time, should make NEC security requirements compatible with NEC operative requirements, such as information visibility, accessibility, manageability, reliability, and usefulness. Identity Management (digital signature, strong authentication, PKI), time stamping, encryption, dynamic risk management, products security certification, standardization, security policies, and education are some of the security services that NEC must implement to provide the security properties mentioned above. These services are described below: Identity Management should provide information regarding a user’s role, rights, and privileges for accessing a particular piece of information, system, network, application, or service. In a federation context, identity management is essential for controlling the access to multiple heterogeneous systems and interconnected networks and for acting as a single logical system. Time Stamping is an important service that should be provided in an NEC. It can ensure that certain actions have been performed in a precise time, thus providing a guarantee of the information update. It can also be used to guarantee that data have existed and have not been modified since a particular moment. Thus, it meets the reliability operational requirement of NEC. Encryption continues being the essential mechanism to ensure confidentiality of information. In a federation context, multiple certified and interoperable cryptographic equipment is needed. Regarding algorithms, the evolution of suite B (public) algorithms and their implementation through software open the possibility of replacing crypto hardware with future software solutions that will allow an important cost reduction and increased interoperability. Dynamic Risk Management. In NEC, data to support risk assessment should be continually renewed in order to determine the level of actual risk. This new service is called Dynamic Risk Management. Assets (their value and impacts), threats, vulnerabilities, and even security measures are constantly reviewed and updated, and the level of risk based on these data is continuously calculated. The automation of processes for data collection, overall assessment, and risk determination is essential to bring this concept to reality.
[86]
Products Security Certification. The process of certification is needed to ensure the implementation or acquisition of IT products and applications that have been previously studied, analyzed, and tested in a controlled environment or lab by a reliable organization according to criteria defined and agreed upon by the international community (Common Criteria for Information Technology Security Evaluation or CC)). Security certifications have so far been the recognized and accepted method of confidence, indicating that a specific product or system has a certain level of security. In NECCS, products security certification should become a balance point between the need of a guarantee regarding accuracy and goodness of security products and the need to use the latest technology in a rapidly changing technological environment. In addition, there is a need for a security evaluation system. This should be internationally agreed upon, faster and more efficient, and more consistent with the current speed of the IT evolution. Standardization refers to the use of common products, processes, procedures, and policies to facilitate attainment of business objectives. 59 It is used to achieve interoperability and secure communications among NATO equipment. Furthermore, standardization also reduces the need for new and expensive developments. However, it is necessary to remember that security standards should never be relaxed in order to maintain trust between organizations. Security policies are essential for all organizations. With such policies, the general security lines to follow are defined, and all security procedures to be implemented are based on them. One significant aspect of NECCS is a set of policies and regulations addressed to build security, trust, and confidence among users and organizations when handling and sharing information. Policies in themselves are ineffective; their potential to be effective is directly proportional to the support they receive from the power structures of the organization. Education. One of the main pillars of security is people. Consequently, it is vital to define and implement a complete security awareness, training, and exercise program for all NEC users, CIS related people, NECCS related staff, and NEC authorities. Education must be considered a service to be provided by an NEC as other security service, and e-learning is the model that most precisely meets NEC requirements.
59
Institute of Electrical and Electronic Engineers (IEEE)
[87]
8.5.
NECCS. The Technology
There is a prevailing idea that technology is mature enough to respond to all challenges that NEC entails. However, the reality is not the case. Although technology could be sufficient in theory, in practical terms there is a lack of reliable physical implementations that provide an efficient way to address some critical security issues. These issues include virtualization, multilevel systems, secure wireless, event correlations, electronic generation, management and distributions of keys, multilevel systems, robust confidentiality by software, secure e-labelling, and object level protection. In the future various emerging technologies may be useful. Some of these technologies include: virtualization, whose security features are not yet mature, will provide great flexibility; secure wireless systems, for which mobility is necessary; event correlation systems; key generation, management, and distribution electronic systems; and multilevel systems that allow different levels access in the same environment. Nevertheless, so far all these technologies need a higher maturity level to be implemented in NEC. The maturity level of security technology is an important factor to determine the way to approach an NEC implementation, whether top down or bottom up.
8.5.1.
NEC Top-down Implementation
In this approach the starting point is the definition of the functional requirements according to the organization’s mission, business, and strategic objectives. Technology performs a subsequent role to give practical response to previously defined requirements. In theory, the definition of functional requirements is not influenced by considerations in terms of human and economical resources as well as available technology. It is focused just on describing the better solution for meeting the organization’s objectives. Resources and technology are dependent on the main goals of the organization. Under top-down criteria, the model reflects the better theoretical solution. The problem is that most organizations are limited in resources, and the technology is not mature enough to meet certain requirements. When the theoretical model is to be
Figure 25. NEC top-down implementation
[88]
implemented, at a given time limitations in resources and/or technology will impede or delay the implementation. On the one hand, it will get a, cleaner, more precise vision of the NEC and one more consistent with real necessities. On the other hand, there will be problems in the implementation.
8.5.2.
NEC Bottom-up Implementation
Bottom-up implementation offers other advantages and disadvantages. If targets are more concrete and defined at a lower level, and efforts are focused on achieving them in specific environments, then shortfalls and shortcomings can be detected and checked more easily, both in terms of technology and resource limitations. In bottom-up implementation, more concrete and less ambitious goals can be defined. Therefore, the process will start with more realistic objectives consistent with possibilities and technology that already exists. Moreover, once the initial low level objectives are accomplished, the process can scale gradually towards more strategic objectives, up to the organization’s ultimate level of ambition. The obvious disadvantage of this type of implementation is related to compliance with strategic objectives; the objectives would depend on the achievements of previous phases. Thus, the NEC implementation is more erratic, but also more realistic, and the NEC establishment could deviate from its original purpose. Of course, real life is not so black and white, and eventually in the most cases, the chosen approach is a hybrid of both. Therefore, NECCS must adapt its plan to the NEC implementation approach.
Figure 26. NEC bottom-up implementation
[89]
8.6.
NECCS. The Industry
The IT industrial sector is mainly responsible for providing physical implementation to meet NECCS requirements. This sector, together with academic and private sectors, is co-responsible, for the development of the technology itself. It is vital to establish an organized public-private collaborative environment to develop efficient technological solutions to meet NEC security needs. Initiatives such as NCOIC, 60occur when the most reputable IT companies join efforts to “accelerate the global implementation of NEC principles and systems and to improve information sharing among various communities of interest for the betterment of their productivity, interactivity, safety, and security.”61This kind of effort seems to be enough to meet the demands of important customers like governments, NATO, EU, etc. However, as has been stated in a previous section, there is a lack of reliable physical implementations which provide an efficient way to address some critical security issues. Furthermore, expectations are not very encouraging since today’s environment is conditioned by a global financial crisis. As a result, private companies cannot conduct self-financed research at the same level as in the past, and R&D&I activities could decline in the near future. In fact, the last report of European Commission's 2010 "EU Industrial R&D Investment Scoreboard" shows that the worldwide reduction in 2009 was 1.9%; R&D investment by top EU companies fell by 2.6%, and in the US by 5.1%. In this issue there are two main actors, industry and public sector, that traditionally have two different motivations for business. Industry is driven by financial interests and looks for economic benefits. On the other hand, the public sector - governments and public organizations - is driven by the general public interest and seeks the safety and welfare of all its members. Hence, the first step has to be taken by the public sector, which in turn encourages the private sector, especially industry. To accomplish this, the public sector has to invest money. Moreover, it
60 61
NCOIC: Network Centric Operations Industry Consortium. NCOIC mission extracted from www.ncoic.org
[90]
Figure 27. NECCS industry
will invest if public sector authorities understand clearly that NEC is the way to move forward. For that reason it is essential to conduct an awareness campaign addressed to senior public authorities.
8.7.
NECCS. The Culture
Ultimately, NEC presents a change in the way business is done. Thus, traditional pillars, such as hierarchical communication flow and decision making process conducted exclusively by top officials or executives, will be replaced by other communication and decision making models that are more dynamic and participatory. The NEC revolution entails specific changes in the way to face the security requiring not only a change in applications, techniques, procedures, and policies, but in mentality. These lead to an NECCS revolution as well. The NECCS revolution entails the following changes: a. From security policy based on protecting the information anytime and anywhere to security policy based on protecting the information where, how, and when it is needed.62 b. From security policy based on protecting the information at any cost to security policy based on protecting the information when required to achieve information superiority proportionally to the results expected. c. From security policy based on confidentiality protection to security based on balancing different security aspects like: integrity of information, integrity of labels, authorship and source guarantee, sender and receiver non-repudiation, availability of information, availability and resilience of computers, computers networks and information Figure 28. NECCS cultural revolution 62
“Just in case” principle refers to the behavior related to the indiscriminate implementation of security solutions without having a clear return of the inversion or without saving a proportion between investment and expected benefits. Principle of efficiency refers to the behavior related to the systematic and planned implementation of security solutions, considering the proportion between investment and expected benefits.
[91]
systems, need to know, and information confidentiality. d. From rigid security policy based on immovable tenets to flexible and dynamic security policy based on basic principles and dynamic guidance. e. From security decisions taken by people in the higher echelons of the organization and security community to security decisions taken in an extended, participatory, and inclusive process. f.
From security based on protecting information systems, information flows, and network perimeters to security based on protecting separate pieces of information.
g. From security based on risk avoidance to security based on permanent and continuous risk analysis. The change of mentality should start with the security community. When this community is aligned with NECCS principles, then it will be time to begin the comprehensive security training, awareness, and exercise program addressed to the whole NEC community. This will enable the revolution. There is a matter related to the issue expressed in the previous section concerning whether top down or bottom up is the way to approach an NEC implementation. The question is: according to tendencies in the global cyber domain, like it or not, will the NEC concept prevail? In the more than likely case that NEC will consolidate due to the natural evolution of the information age, the bottom-up or hybrid approach to NEC implementation has to be tackled because it will be easier and more feasible to adapt the functional requirements to the technology available than the opposite. Furthermore, the topdown approach will require enormous amounts of money from the public sector. In these times technology evolves very fast, and new applications, concepts and operations, and philosophies of action are constantly being developed. These are often better ways of doing things and bring a new set of benefits. Private sector, civilian, and non-governmental organizations utilize new forms of communication. In fact, the public sector is no stranger to these innovations since the private-public collaboration is the only way ahead. However, it is also true that new cultures focused on improving the operability could undervalue the need for implementing emerging security technology solutions. Flexibility, trust, and confidence in communications, connections, and interactions are enhanced, and the trend is the convergence of networks and systems. However, all these advantages bring with them more new risks, and vulnerabilities. In this environment, more than ever security is the key; but security must be aligned with the organization’s mission.
[92]
8.8.
NECCS. The Costs and Benefits
It is very difficult to identify and quantify the real costs associated with the implementation of security measures in an NEC; consequently, it is very difficult to achieve a reliable costs/benefits ratio. In addition, it is not easy to identify which invested resources are efficient and are the result of the application of a plan based on principle of efficiency, and which are inefficient and are the result of indiscriminate and “paranoid” implementation of security controls. Below are described some of the costs and the benefits of an NECCS implementation.
8.8.1.
The Costs of NECCS
The current situation in information security within the government sector, especially in defence, is influenced by two important factors: Overprotection: Overprotection and over-classification of information is the usual practice, largely due to the enforcement of security policies focused mainly on the confidentiality of information and not on contributing to the overall objective of the organization. When classifying or applying protection measures, users or security officers prefer overdoing it to avoid being accused of negligence in case of leakage. This is the main motivation for overprotection. Avoidance: Information protection measures must be easy to understand as well as easy and comfortable to apply. Users tend to avoid situations and activities that they do not understand or that are too cumbersome or uncomfortable. Cost-effective security investment depends largely on successfully overcoming these two factors. In an NEC environment, the costs associated with security implementation should be referenced and analyzed not only in terms of money, time, and people, but also in terms of convenience, comfort, freedom, privacy, operational efficiency, and reliability. Figure 29. Security reliability cycle
[93]
The security measures and policy implemented could lead to a worsening of working conditions, restriction of legal freedoms, and reduction of operational efficiency. This in turn can lead to avoidance, overprotection, and legal problems. Eventually, all of these circumstances will result in a loss of reliability within the whole information security system. And this will complete the circle; the lack of reliability leads to overprotection and avoidance and so on. The way out of this vicious circle is through regular, mandatory training and awareness activities. On the other hand, costs or damages for the business have to be considered in case of non-implementation of the security measures, not only in terms of money, time, and people, but also in operational efficiency and reputation.
8.8.2.
The Benefits of NECCS
The benefits of information security measures are difficult to quantify in the public and defence sectors because these benefits usually are not related to money return. Instead, they are related to more subjective matters, as national security, reputation, morale, legality, business continuity, etc. In an NEC domain, the benefits should be specified in terms of contribution to information superiority, and this is not easy. The information security department should define and implement a reliable set of indicators that can help measure the effectiveness of the security measures implemented according to NEC objectives. Current national secrets laws do not benefit much NEC strategy and objectives since information classification systems are based on criteria that are too general and vague. When a user has to decide about a level of classification, the reference is something similar to the following: Information is top secret when in the hands of an enemy it can very seriously jeopardize national security. It is secret when it can seriously jeopardize national security. It is confidential when it can jeopardize national security, and so on up to 5 levels of classifications and variants It is evident that this type of procedures leads to overprotection due to the lack of clarity. To be more effective, efficient and profitable, NECCS should be associated with more concrete and measurable benefits based on information superiority as the ultimate goal. However, getting these benefits should be compatible with a nation’s secret laws and the NEC organization’s informational security policy. .
[94]
Chapter 9
NECCS Challenges
The establishment of a secure and efficient NEC is a long and winding road, and it is important to overcome the major challenges to reach the finishing line. The next section will discuss one of the most important challenges with security as the main factor.
9.1.
Single Information Domain
A single information domain (SID) is an NEC domain where security is addressed individually to any piece of information and not generally to the whole network. In particular, a single information domain is characterized by the following features: a. A unique information context is defined by a set of attributes that characterize the information within the domain. b. Information attributes (confidentiality, authorship, integrity, topic, need to know, relevance, etc.) are implemented through labels within any piece of information. c. Confidentiality and integrity focus on protecting and restricting access to any piece of information and not protecting and restricting access to networks. d. Information is protected just when, how, and where it is needed (principle of efficiency). e. Information confidentiality protection will be terminated when information is no longer useful for adversaries. f.
The information domain will be supported by a red network 63 platform composed of the interconnection of networks, free of security restrictions.
63
Red network is a network that does not implement any measure to protect confidentiality and integrity of information that travels within it.
[95]
This type of domain will facilitate largely the networks convergence and the federation of systems since it will eliminate security restrictions in network interconnections and internal borders in the FoS. Consequently, the information exchange among nations will no longer be a technological problem, but just a matter of policies convergence and trust.
Single information domain is about „restrict access to information not to network“
This domain transfers information security responsibilities from the CIS department to INFOSEC department and users, at least in terms of confidentiality and integrity of the information. This domain is feasible only if the next two requirements are met beforehand: 1. Technology can guarantee confidentiality of information by software implemented solutions. 2. Users are aware and trained in the application of basic measures of information security. Meanwhile, the technology is evolving to provide a confidential software solution; the infrastructure will go through different stages in which the involvement of crypto hardware devices will be increasingly marginalized. So far, NATO-classified information CONFIDENTIAL or above is protected by certified crypto hardware devices. Encryption algorithms implemented in hardware is the only accepted method for protecting this level of classification. The evolution of suite B (public) algorithms and its implementation through software open the possibility of replacing crypto hardware by software solutions in the future. However, vulnerabilities associated with software may limit its use only for RESTRICTED information, maintaining different security domains. Although the NEC objective is to have a red federated network as IT supporting platform in the short and midterm, it is likely this platform will be composed of networks interconnected through hardware crypto devices. Once software vulnerabilities can be reduced or mitigated to implement crypto solutions capable of dealing with information CONFIDENTIAL or above, it will be possible to establish an information domain supported by an unclassified network without any cipher in the network layer. In short, a single information domain is a concept based on the “security efficiency principle” (information protection when, how, and where needed) and in “restrict access to information not to network.” A SID is an important enabler of NEC.
[96]
9.2.
Trusted Information Domain
A trusted information domain is a technical and political environment where information of different classification and “need to know” as well as from different nations and organizations is shared smoothly. To achieve a trusted information domain, it is necessary to build in advance a trusted technical and political environment, both internally and externally. Internal trust is the mutual trust among members of same organization or alliance for sharing and exchanging private or national sensitive or classified information. External trust is the mutual trust among members of an organization or alliance and non-member stakeholders for sharing and exchanging sensitive or classified information that belongs to respective organizations. Currently, NATO security policies and political environment are not conducive to the exchange of national classified information among nations as well as NATO classified information between NATO and partners in current operations. Regarding internal trust, every NATO nation has its own security policy. Therefore, a bilateral agreement is needed between national security agencies to exchange national classified information. It is a process outside of NATO. Regarding with external trust, it is a fact that NATO needs to exchange classified information with non-NATO partners but NATO security policy doesn’t give an effective response to this case. Problems of trust must be solved by all parties sharing an NEC, previously to the NEC establishment. To build the trust it is needed to establish a system that guarantee that the information will be handled according to owner’s requirement at all levels and during the entire life cycle of the information. The trust issue goes beyond NEECS since security measures are needed once information is out of computers, computers networks, or information systems. Trust has to be tackled comprehensively, including policies, personnel, information exchange, and technology. Next is a brief description of the abovementioned aspects that have to be tackled to build trust. Policies: To build trust for information exchange, all existing security polices of all NEC parties should be accessible to all parties; policies have to be in compliance with the requirements of other parties, and policies enforcement must be guaranteed by the parties.
[97]
In an organization like NATO, composed of 28 members, 27 agreements are needed for each member. Clearly, this does not facilitate the building of an information sharing environment. It is more effective and consistent with NEC principles that just one security policy be established considering security requirements of all parties. Personnel: NEC users, who come from different nations or parties and share an NEC and who have the capability to handle shared information, should be trustworthy. In the case of classified information, special security controls should be in place to verify that the interested users with access to specific information are trustworthy, have a need to know, and are skilled in their own security responsibilities and in the application of the security measures. This should be in accordance with the NEC owner’s security policy. A good personnel security policy is vital to avoid both security risks and information leaks. Information exchange: Information exchange methodologies implemented by all the different parties of the Federation of Systems must be interoperable, secure, evaluated, granted by a reliable third party, and in compliance with common security rules. Confidentiality, integrity, availability, non-repudiation, and traceability are characteristics of the information that should be kept and treated according to a security perspective. It should be verified that each of the entities has appropriate and equivalent methodologies to maintain them. Technology: A threat to one of the parties is a threat to the whole domain. Appropriate technical controls must be implemented by the parties considering technical interoperability with other implemented solutions and must be consistent with the level of security required by the rest of the parties. Use of technical standards must be promoted. Thus, all these areas should be analyzed through measurable criteria, for instance using metrics. In addition, a methodology should be established to ensure a minimum level of security in all the areas that facilitate confidence between all parties. Establishing international agreements between National Security Agencies is, so far, the method used for building trust.
Policies
Personnel TRUST
Information exchange
Technology
Figure 30. Trusted information domain
[98]
9.3.
Balanced Information Domain
NEC is a very complex environment where systems, applications, mechanisms, and concepts that are needed to reach the goal should exist together. However, at the same time some of them reduce or restrict the efficiency of others. Particularly, NECCS systems, applications, mechanisms, and concepts are vital for NEC survival. Nevertheless, if NECCS measures are applied beyond a point of balance, they start to affect negatively the overall effectiveness. A point of balance should be found to ensure the optimal benefits when applying concepts of an opposing nature or those whose implementation may reduce capacity to another. A dynamic risk management plan can help to find this point. In some cases NECCS measures are the toll to be paid on the NEC highway due to the existence of persistent known threats and the emergence of new ones. Below are some of the security dilemmas that must be faced when implementing an NEC.
•Open network •Information sharing •Decision making tempo •Operational efficiency •State of art •Privacy
•Secure network •Confidentiality •Security controls •Security guaranteed •Monitoring
Figure 31. Balanced information domain
[99]
9.3.1.
Open Network vs. Secure Network
NEC operates efficiently in a Federation of Systems supported by a single virtual open network. The main characteristics of a virtual open network are: a. It can be composed of different physical networks, but operates as just one logical system. b. There are no especial security restrictions for having access; the only requirement is to be a member. c. No especial security restrictions exist for interconnections with other networks. The network itself is unclassified. Connection to internet is allowed. Only risks of loss of availability can lead to the opposite. d. It can be as vast as necessary. The concept is that the network approaches the users and not that the users approach the network. This type of network is the optimal solution for facilitating the information sharing. However, at the same time information superiority requires information visibility, accessibility, manageability, reliability and usefulness that only a secure network and/or secure mechanisms can provide. A secure network is a network that implements security measures to ensure, up to a predefine level, the integrity, availability, confidentiality, and “need to know” of information. It also ensures the availability and resilience of computers, computers networks, and information systems. This kind of network is based on the security provided by crypto hardware devices and by perimeter protection devices. However, security based on hardware does not have enough flexibility enough to efficiently meet the NEC requirements. Some of the functionalities of a secure network, such as integrity of information, availability of information, availability and resilience of information systems, need to know, and information confidentiality can be implemented by mechanisms not dependent on the network. The question is whether this kind of implementation can guarantee a sufficient level of protection for NEC requirements. Availability and resilience of computers and computers networks will remain an intrinsic part of network management. The mission of NECCS should be to determine a point of balance between the characteristics of a virtual open network and the security measures designed to protect networks and information.
[100]
Open networks have exploitable advantages that are aligned with NEC principles. For instance, Internet connectivity is a great source to obtain information. They are networks designed in principle to handle non-confidential and non-sensitive information. The value of these networks lies in the availability of the services offered, rather than self-protection and protection of information. The availability of the services offered by this type of network is reflected by a Service Level Agreement (SLA). The SLA determines a minimum level of availability of the service under particular conditions and a minimum level of quality in operation and maintenance. Secure networks obviously are much more restrictive, less flexible, and more focused on confidentiality, integrity, and availability than information sharing. However, it could be possible to define an arrangement similar to an SLA, but focused on the security aspects. With the guarantee of availability of services, minimum resources and service levels are ensured. Thanks to them, the service will continue operating. An agreement or a method that ensures a certain security level should be able to create a capacity for response to incidents that corresponds to the level of availability required with the SLA, as well as protection of information. As a result, trust between the parties that share information might be more easily established, thanks to compliance with required security guarantees. However, the question is how to measure the security levels? The development of specific metrics capable of calculating an empirical value of the level of security implemented could be an acceptable principle of action to develop this new type of agreement or methodology.
Figure 32. Open network vs. secure network
[101]
9.3.2.
Information Sharing vs. Confidentiality
Information sharing is main principle in NEC, as can be deduced from the slogans “Duty to Share” or “Share to Win.” Information sharing entails making the information as visible and accessible as possible and making the restrictions on accessibility as light as possible. On the other hand, confidentiality is claimed to be vital for the protection of the national or private interests by preventing opponents to gain access to valuable information that might be used for malicious purposes. Thus, confidentiality means restrictions to accessibility. A misunderstood confidentiality or an excess in the application of confidentiality measures will lead automatically to a drastic decrease in the effectiveness of information sharing. The problem is even greater when one considers that confidentiality of official information is regulated by law in the most nations, and legislators, in any case, consider NEC requirements when developing the law. Thus, NECCS has to deal with external constraints that make it more difficult to find a solution. The mission of NECCS should be to find a point of balance between information sharing and both internal and external restrictions of confidentiality. The theoretical point of balance cannot be accepted by senior authorities who are more concerned about avoiding problems that might lead to a huge media impact (for instance, problems related to espionage or sensitive information leakage cases) than enhancing the competitive advantages of a new way of doing business based on NEC. Hence, it will be necessary to perform a NEC/NECCS awareness campaign addressed to senior authorities to achieve an effective point of balance between confidentiality and information sharing by making the external restrictions more consistent with the current international situation. This awareness campaign should deal with such topics as: a. The reality of today's world -- the information age and cyber society. b. The reality of modern operations, the fifth battle space - land, maritime, air, space, and cyberspace. c. The need for revision of legislation on official secrets to make it more consistent with the information age. d. The benefits of an NEC in the information age, cyber society, and modern operations.
[102]
e. Confidentiality and cyber threats. The need to consider more parameters to categorize the information confidentiality: validity period of the classification, potential recipients, etc. f.
Risk management to support the decision making.
It is important to find the most efficient way to attain the ultimate goals of the organization, with strategic perspective, and avoid making decisions taken in “hot” moments often have negative results in the long term.
Figure 33. Need to share vs. need to know
[103]
9.3.3.
Decision Making Tempo vs. Security Controls
Making better decisions is a consequence of being better informed and having information superiority. Information superiority is based, among other things, on the acquisition of relevant information before adversaries. In current business operations, the decision making process should be agile, precise, and flexible to adapt to new situations. One of the main benefits of NEC is to reduce the time required in the decision making process. On the other hand, for being better informed and having information superiority, it is essential to trust the information and ensure that the implementation of security controls is needed. That in turn makes the information acquisition slower and consequently increases the decision making tempo. So, it is a vicious circle again. Furthermore, security controls are essential for building trust among nations and organizations that facilitate information sharing. In summary, at the same time, the security controls: Perform a positive role in information superiority. Security controls focus on ensuring confidentiality, integrity, and availability, which are essential properties for information reliability. In turn, information reliability is essential for information superiority. Besides, information confidentiality contributes directly to the information superiority by preventing access to relevant information to adversaries. Perform a negative role in information superiority. Security controls increase the decision making tempo by slowing access to information and including additional activities and tasks to guarantee confidentiality, integrity, and availability.
Security
Security
Improve
Slow down
information reliability
decision making process
Improve
Worsen
information superiority
information superiority
Figure 34. Security, information superiority and decision making
[104]
The mission of NECCS should be to find a point of balance between security controls and rapid information sharing to reach the optimal level of information superiority.
Figure 35. Decision making vs. Security
[105]
9.3.4.
Operational Efficiency vs. Security Controls
Security measures have an impact not only on the decision making process, but also on information sharing and information management, both key pieces in the NEC functioning. Security measures somehow discourage the information sharing since people have to deal with security controls to make their information available to others. Furthermore, security measures make more difficult information visibility and accessibility with the implementation of controls that, in turn, are needed to ensure the confidentiality and integrity of information and sources. Thus, eventually, they are needed to guarantee the information reliability. Hence, security controls reduce the effectiveness of information sharing, visibility, and accessibility and at the same time increase the reliability. All of them are important factors for achieving information superiority. Again, it is a two-way road that moves toward the goal - information superiority - and away from it simultaneously. In summary, security controls: Perform a positive role in information superiority. The extra workload and extra skill that security entails for users is in turn necessary to ensure confidentiality, integrity, and availability for information reliability. Perform a negative role in the information superiority. Security involves an extra workload and extra skills for users in sharing information. They have to be skilled at using the tools to ensure that information is delivered to only to the right people, the integrity of information and sources, non-repudiation, and any aspect addressed to ensure the reliability of the information. This extra work and extra skill, in some cases, will be a discouraging element or disabler for information sharing. On the other hand, the criteria for identifying the appropriate people are far from perfect. Therefore, the security controls will prevent some of the
Security
Security
Improve
Worsen
information reliability
information sharing
Improve
Worsen
information superiority
information superiority
Figure 36. Security, information superiority and decision making
[106]
appropriate people from having access or being informed about availability.
The mission of NECCS should be to find a point of balance between security controls and NEC operational efficiency that facilitates reaching the optimal level of information superiority. NEC offers very high operational advantages due to its ability to share information at the right time and a high adaptability according to changing environments and situation awareness. This achieves information superiority, by which decision making and the development of operations are benefited. Again it might be said that security can erode the value of the benefits that NEC provides and subtract operability to all realized actions. However, if minimum security levels that each country has in place to protect its information are not required, trust will never be established between those countries that want to share information, which is a basic and inescapable NEC principle. It is also important that shared information should be controlled, and the way to carry it out allows traceability of information and services although the operational level might drop slightly. For instance, if information is intercepted, stolen, or modified by an adversary, this can directly affect the actions or current operations. Thus, although at first glance security seems to reduce operational efficiency, from a wider perspective it actually strengthens it. NECCS should search for a solution to create flexible security procedures while providing a high level of protection and subtracting as little as possible from the operational efficiency. Thus, security measures will be adapted to exist in harmony with the features of NEC in a consistent measurement, since both are necessary and central to its operation.
Figure 37. Operation vs. Security
[107]
9.3.5.
State of Art vs. Security Guaranteed
In cyberspace, the bad guys are not too concerned about using hardware or software certified by a reliable third party. They simply take the latest product in the market and test it. If it works for their malicious purposes, good; if not, they rule it out and try another one. This tactic ensures maximum efficiency. On the other side of the story are the IT security departments of companies, states, or multinationals alliances that have to protect the information, information systems, and computers networks with reliable security hardware and software. The “trial and error” method is not acceptable since testing the efficiency of security products entails putting at risk the state or alliance information and the information infrastructure. Security is a great investment. Authorities want to have some guarantees that the money invested in security ensures the protection of the information and IT up to a predefined level x. There are two ways to study the efficiency of a specific group of security mechanisms or products: Trial and error in real environment: This refers to the implementation of security products and applications in a real IT infrastructure and the subsequent observation of the damages in the case of cyber threat materialization. PROS: -
No extra money spent in security evaluation certification costs.
-
No extra time spent in security evaluation certification process. So, the latest in technology could be used immediately.
CONS: -
No guarantee of efficiency of implementation.
-
No indicator of return on investment.
-
High risk of significant impact on the IT infrastructure.
Security evaluation and certification: This refers to the implementation of security products and applications that have been previously studied, analyzed, and tested in a controlled environment or lab by a reliable organization according to criteria defined and agreed to by the international community. PROS:
[108]
-
Official guarantee of the efficiency of implemented products. The value of guarantee is relative due to the following factors: a) it is related to known threats in the moment of the evaluation; b) it is related to isolated products or systems not to whole interconnected systems; and c) Security certifications are based on common international criteria except the purely cryptographic matters, which lies within the national security agencies. Return on investment can be somehow slightly identified.
-
Low risk of significant impact in the IT infrastructure.
CONS: -
Extra money spent on security evaluation certification.
-
Extra time spent on security evaluation certification process. Thus, the latest in technology cannot be immediately used. Considering that IT technology evolves very fast, if the evaluation certification process takes too long, this will present a significant competitive disadvantage compared to competitors who used the trial and error method.
Security certifications so far have been the accepted method to indicate with confidence that a specific product or system has a certain level of security.
Security Certificate
Security Certificate
Improves
Slows down
IT reliability
the acquisition process
Improves
Prevents
information superiority
the use of "state of art"
Worsens information superiority
Figure 38. Security certificate and information superiority
[109]
First, TCSEC (Trusted Computer System Evaluation Criteria), frequently referred to as the Orange Book, was developed in 1983 by US Department of Defence to set the basic requirements for assessing the effectiveness of computer security controls built into a computer system. Later, in 1990 ITSEC (Information Technology Security Evaluation Criteria), which was developed in Europe, aimed with a wider vision than TCSEC at independently testing the security features of a product to identify logical vulnerabilities. After that, in 1993, CTCPEC, the Canadian standard that followed from the TCSEC, avoided several problems and was used jointly by the US and Canada. Finally, the Common Criteria for Information Technology Security Evaluation (CC), created from the previous three standards, has now been accepted as the international certification method for computer security. The CC provide a guarantee that the products have been developed in a secure process and that they have considered security threats. However, for selection processes it is also necessary to take into account the specific threats of the operational environment where the system will be used. In many cases certification is not enough to guarantee the adequate security level required for a specific operational theater. As a result, it is necessary to carry out a vulnerability assessment process that complements, and in some cases replaces, the certification of the product. The accreditation process will also continue to be a requirement for guaranteeing a specific level of security when a system is going to manage classified information and when systems and networks will be interconnected or federated. This is the principal mechanism to reach the necessary level of trust for interconnections. Nevertheless, so far the evaluation and certification process are too slow compared with the speed of the IT revolution. The mission of NECCS should be to find a point of balance between the need of a guarantee accuracy and appropriateness of security products and the need to use the latest technology in a rapidly changing technological environment. In addition, NECCS demonstrates the need of a security evaluation system that is agreed upon internationally, is faster and more efficient, and is more consistent with current speed of the IT evolution.
Figure 39. State of art vs. security guaranteed
[110]
9.3.6.
Privacy vs. Network Monitoring
Privacy is an ongoing worldwide discussion with many nuances that make it a very complex issue. The right to privacy is the right to maintain a domain that includes everything that is part of a person, such as body, home, thoughts, feelings, secrets, and identity. The right to privacy gives the ability to choose which parts in this domain can be accessed by others and to control the extent, manner, and timing of the use of those parts someone chooses to disclose.64 Hence, privacy is related to: Anonymity: the right of individuals to remain unnoticed or unidentified in the public realm. Personal data protection: the right of individuals to keep secret information regarding themselves. There is no international common understanding about what is considered personal data; in some cultures not only information related to an individual, but also data related to an individual’s activity, such as logs, IP addresses, etc. Individuals’ decisions: the right of individuals to make the decision about how to treat information regarding them. These aspects of the privacy can involve important security risks or weaknesses in an NEC domain. Some of them are described below: Information leakage: A user, invoking his right to privacy, could encrypt content created by him and share it with others, even outsiders, keeping it secret for the organization. If private individual encryption is permitted, the organization itself is facilitating information leakage that could be used against its own interests. Loss of information reliability: A user, invoking his right to privacy and in particular his right to anonymity, could send messages without signing them digitally. As a result, the authorship, integrity of contents, and reliability cannot be assured. Loss of non-repudiation ability: A user, invoking his right to privacy, might not accept the non-repudiation mechanisms that can be used for tracking his activity, which violates his right to remain unidentified. Furthermore, the loss of nonrepudiation ability influences in the loss of forensic capability, which is addressed below.
64
Yael Onn, et. al., Privacy in the Digital Environment , Haifa Center of Law & Technology, (2005) pp. 1-12.
[111]
Loss of forensic capability: Anonymity and personal data protection have direct influence on the loss of forensic capability because these aspects of privacy prevent analysts from accessing information that has recorded users’ activity. Without forensic capability there is no power of deterrence against cyber attacks. Loss of control: Right to privacy might suggest individual decision capability for the protection of the contents created by the individual. This would lead immediately loss of control by the organization or information systems management.
Figure 40. Risks of privacy
It is obvious that, from NECCS perspective, the right to privacy should not affect the right of organizations to protect their interests, information, information systems, and computer networks against malicious or negligent actions or activities. Organizations need to monitor the contents and activities within their networks and information systems. They must strive to deter attempts to affect negatively the following: the confidentiality, integrity, availability, and reliability of the organization’s information, information systems, and computer networks; forensic capability; and management control. They must also check the compliance with the security policy. Another problem that NECCS has to face is the lack of an international common understanding regarding right to privacy. NEC is designed to work in a multinational environment. Sensitivity regarding privacy issues differs from nation to nation. Furthermore, the concept of privacy is a more sensitive issue in Western culture, English and North American in particular.
[112]
It is absolutely necessary that all the parties bound by an NEC reach the same understanding of privacy; otherwise, it would not possible to adopt a common security policy. The mission of NECCS should be find a point of balance between the need of network monitoring and the right to privacy that facilitates reaching the optimal level of information superiority, undermining as little as possible the individual right to privacy. If necessary, privacy may be voluntarily sacrificed in exchange for avoiding security risks. However, this is a decision that likely goes beyond the responsibility of NECCS/NEC since it affects national laws.
Figure 41. Privacy vs. Network monitoring
[113]
9.4.
Cross Domain Collaboration
NEC is designed to work in a cross domain collaboration environment. It is also designed to work in a multinational and multi-organizational environment, where the number of entities involved can change suddenly without a predefined plan. In this environment it is essential to build trust among parties to facilitate the information exchange. However, at the same time the FoS, on which NEC is based, makes the objective more complex due to the coexistence of different networks and security policies, culture, and devices as well as the existence of protected boundaries. On the other hand, all the NEC entities and users work together at different levels (strategic, operational, and tactical), with different need to know and different mentalities, roles, and ranks in the hierarchy. Hence, to build an effective cross domain collaboration environment it is necessary to address the following requirements: a. Build trust among entities and users to facilitate the information exchange. b. Establish a common security policy or a common understanding and agreement among security policies. c. Establish common standards for secure network interconnections. d. Establish a flexible joining policy that foresees a way to connect unanticipated actors, empower time-critical cooperation, and enforce security. At present, most of the network architectures are oriented to the flow of information, to transport data between different points for a specific purpose. Very few of them focus on the services. To get NEC objectives, a service-oriented architecture (SOA) is recommended. In a FoS, the different nodes that compose the NII are able to provide a range of services that can be used by all NEC entities. To reach effective cross domain collaboration the following actions are necessary: a) establish a proper level of information assurance within the cross domain addressed to all the interconnected entities and all services that the entities offer to the whole; and b) obtain a high level of adaptability to absorb the changes in a dynamic environment and communication and information systems. To achieve the sharing of both, information and services, between different security domains, the development and improvement of an Information Exchange Gateway (IEG) is necessary for different types of scenarios. The IEG must facilitate secure connections to enable the provision of services and access to information among the different entities. However, the IEG must also meet a
[114]
high level of security requirements. This is especially important because of the complexity of the context interconnection between domains with different security levels that are managed independently by different authorities. In the future, one interconnected domain could be the internet.
Different Networks
Different Security Policies
Different Security Culture
Different Security Products
Diferent Organizations
Global Cross Domain Collaboration
Different Nations
Protected Boundaries
Figure 42. Global cross domain collaboration
Tactical Level
Different "Need to Know"
Different Roles
Operational Level
Strategic Level
Different Ranks
Internal Cross Domain Collaboration
Figure 43. Internal cross domain collaboration
[115]
Different Mentalities
9.5.
Technological Challenges
As it has been said in chapter 1, NEC entails the generalized, wide, secure and wise use of Information Technology Infrastructure and Information Systems integrated and coordinated with Business Processes and Human Networking with the goal to place the Organization in a vantage against its competitors. But, unlike the widespread idea that technology is mature enough to give a response to all NEC requirements; the reality is that there are a considerable number of technological challenges to meet NECCS requirements. Some of the main challenges that technology must face to meet NECCS requirements are described below:
Figure 44. NECCS technology challenges
[116]
9.5.1.
Identity and Access Management
One of the most important security challenges to solve in systems federation is identity management. Systems and networks in a federation have to provide services that in turn provide information. It is mandatory to control the accesses to services and information, except unclassified information in some cases. So it is first necessary to define and agree to minimum standards for user attributes, and secondly to design a security mechanism to manage them in a federation context. Identity management is highly related to access management. It should provide information regarding a user’s role, rights, and privileges for accessing information or services. Identity management systems should have four principal functions: 1. Guarantee the identity of users to provide access to their systems or resources. Identity guarantee service collects essentially all procedures that are responsible for authenticating and authorizing a user in a system, providing a group of permissions for accessing to different resources (information) and services. 2. Manage user identities into one or more systems. These systems should offer the capability of using an identity for accessing information or services. For this it is necessary to use two types of technologies-- identity attributes access technologies and identity management technologies. 3. Manage the privacy of information provided by users. This objective is achieved by generating and implementing privacy policies on personal information that users should have access to certain services. 4. Manage the trust between the different systems users who should authenticate when they want to access information or services. The most difficult problems relating to identity management for different environments are duplication of identification service provision, user saturation for multiple credentials, credential incompatibility between systems, syntactic and semantic credentials incompatibility, and authenticated user lists incompatibility. Technologies should mature and be able to offer secure identity management that can solve compatibility and trust problems between organizations and entities that share an NEC. NATO is aware of this issue and is working in two related programs: Identity and Access Management strategy (AIDAM) and Risk Adaptive Access Control (RADAC).
[117]
9.5.2.
Public Key Infrastructure (PKI)
A digital certification is basically an electronic document that binds a public key with an identity. The certificate is used to verify and guarantee that a particular public key belongs to an individual. Public Key Infrastructure (PKI) is an organization composed of people, policies, software, and hardware aimed at managing digital certificates during the complete life cycle (creation, distribution, use, storage, and revocation). The PKI is based on the reliable authority of a third party (certificate authority, CA) that establishes the unique and unforgeable identity-public key link through a registration and issuance process. The use of a CA is essential to establish trust. The CA is a reliable intermediary entity that creates the private-public key pairs and manages the certificates guaranteeing the association between a public key and an identity. These certificates should contain different data that are checked by the CA, as identity of the user and its public key, identity of the emitter of the certificate, serial number, validity period, and digital sign of information stored. This technology is widely used in both the public and private sectors to provide security services such as: Integrity: Information is protected from unauthorized modifications or destruction. Confidentiality: Data are encrypted, and only authorized people can access it. Authentication: With PKI the identity of a person, a user, a service, an application, or other entity can be verified. Non-repudiation: The sender of a message cannot deny that he is really the author of the transmission, and the recipient cannot deny that the message has been received by him. Key management: Secure generation, distribution, authentication, and storage of cryptographic keys. Time stamping: It can be demonstrated that data have existed and have not been modified from a certain moment in time. Digital Signature: PKI can be used to sign messages, giving authentication, integrity, and non-repudiation.
[118]
Cross-certification facilitates the federation of systems and networks, providing mechanisms of trust between different domains. However, previously the establishment of PKI interoperability policies was required. PKI can also play an important role in other technological challenges, such as “object level protection” for identifying and validating elements in the network federation. On the other hand, PKI introduces several challenges, most of them related to its implementation and interoperability in a federation context. Some remarkable challenges are: a) Although PKI solutions should comply with recognized standards (ITUT X.509v3 y IETF PKIX), interoperability problems among different commercial products can be found. b) PKI solutions should be modular and scalable in order to guarantee the operation in high load and changing contexts. c) Hierarchy definition and cross certification should be taken into account for interoperability purposes. d) Online certificates validation (OCSP, Online Certificate Status Protocol) against CRL (Certificate Revocation List) verification should be balanced for best operating results. In their article, “Ten Risks of PKI: What You’re not Being Told about Public Key Infrastructure,” the world-renowned cryptographic experts Carl Ellison and Bruce Schneier identify ten potential risks inherent in the PKI technology and implementation.65 However, despite the implementation challenges and risks, NEC enabler since it provides a robust 66 mechanism management and other essential security services. standardization of networked applications, enabling secure security environment, and key and certificate management.
65
PKI remains an important that facilitates identity These services include communications, scalable
“Ten Risks of PKI: What You’re Not Being Told About Public Key Infrastructure” by Carl Ellison and Bruce Schneier [Computer Security Journal • Volume XVI, Number 1, 2000]. http://www.schneier.com/paper-pki.pdf 66 The term “robust” in a PKI and digital signature context refers to mechanisms that facilitate digital transactions legally valid and equivalent to the corresponding human action. For instance, digital signature legally equivalent to physical signature, digital time stamping legally equivalent to physical time stamping, etc.
[119]
9.5.3.
Secure Communications Capability
Secure and interoperable communications are essential to the implementation of a secure and reliable NEC. NATO Communication and Information Systems must meet strong security requirements to enable secure communication between systems both in local environments, such as local wired network, and in long distance communication systems, such as satellite networks. Secure Communication Capabilities provide confidentiality, availability, and integrity of information systems, but the communication devices used should be able to interconnect securely with systems of other nations. Hence, interoperability has also become a very important requirement in communication systems. New communication security solutions are being developed to meet security and interoperability requirements, enabling seamless connectivity between nations and NATO. Two of the most remarkable initiatives are: a. NINE (Networking and Information Infrastructure IP Network Encryption): it is IP crypto equipment based on IPSec, but with military features such as the use of national cipher algorithms, the use of custom certificates, and counter traffic analysis measures. b. SCIP (Secure Communication Interoperability Protocol): it is a narrow band secure voice (and data) application level protocol making transparent for the protocol the entire underlying communication infrastructure. SCIP products enable end-to-end secure communication, irrespective of network protocol, and enhance the interoperability of the communications and NEC. NATO nations have promoted the creation of ad-hoc working groups, as International Interoperability Control Working Group (I-ICWG) aimed to establish a common secure communications capability. In this working group nations and CIS providers address national concerns and requirements, working together in the development of CIS based on NATO protocols. These CIS are designed to host multiple security modes. Besides the NATO module ensuring interoperability, nations can define their own module for homeland CIS systems with their own algorithms and security modules.
[120]
For NEC consecution, it will be essential to have COTS67 communication products that guarantee secure and interoperability communications at a reasonable price and in a reasonable time frame. GOTS 68 are not excluded, but prices and time frame usually do not fit the NEC requirements or NEC owner resources well. Furthermore, the exclusive and limited use of GOTS makes it more difficult to check its efficiency and identify and mitigate vulnerabilities. COTS, in principle, are cheaper, easier, and faster to acquire and offer the guarantee in terms of security and efficiency derived from the widespread and proven use in a multinational collaborative environment.
Figure 45. Secure Communications Capability
67
A COTS (commercial off-the-shelf) product is one that is used "as-is." COTS products are designed to be easily installed and to interoperate with existing system components. Almost all software bought by the average computer user fits into the COTS category: operating systems, office product suites, word processing, and e-mail programs are among the myriad examples. One of the major advantages of COTS software, which is mass-produced, is its relatively low cost. Definition by search enterprise linux [http://searchenterpriselinux.techtarget.com/definition/COTS-MOTS-GOTS-and-NOTS] 68
A GOTS (government off-the-shelf) product is typically developed by the technical staff of the government agency for which it is created. It is sometimes developed by an external entity, but with funding and specification from the agency. Because agencies can directly control all aspects of GOTS products, these are generally preferred for government purposes. Definition by search enterprise linux [http://searchenterpriselinux.techtarget.com/definition/COTS-MOTS-GOTS-and-NOTS]
[121]
9.5.4.
Object Level Protection
Every individual object in an NEC (a document, system or network element, application, user, etc.) can be categorized based on its attributes, such as classification level, owner, type, access, policy to apply, etc. The attributes and objects are linked by metadata 69 information, which can be used for establishing the protection measures to apply to the object. This is the strategy, known as Object Level Protection (OLP), which is one of the key technological challenges in NEC. OLP refers to the way of handling information automatically through security labels embedded in the data containers. Communication and information systems will know at any time what kind of information is inside an object and will act accordingly. Users must be trained to interpret the metadata and act consistently. OLP is achieved by gathering information, both from the object and from security requirements profiles defined in an Information Assurance (IA) centralized repository, to facilitate the Choice and application of the proper security measure. By the use of OLP, objects will not only inform the system and control the security measures in the system, but also apply the security level in trusted cross domain information transfer situation. Security in trusted cross domain information transfer is vital because of the ability of systems to meet security requirements of individual objects when and where needed. This technology enables a particular security level to be maintained in special cases, such as when different security requirements are required or in case of automated information.OLP is particularly useful to transfer information from large governmental systems to small trusted corporate systems while protecting internal information. The main technology to represent the metadata chosen by NATO is Extended Markup Language (XML), a technology proven to be the “lingua franca” for most future information exchange and interoperability requirements. It is a component of the military communications and information systems currently on the agenda of many NATO nations and NATO organizations in the context of Service Oriented Architectures. Some work within NATO is already ongoing in the NATO Research Task Group on XML in Cross Domain Security solutions (IST-068/RTG-031) to improve the possibility of sharing information in military environments and using XML. Also, XML enables the use of both loose and strong binding with the XML Signature Standards (XMLDSIG) to create the bindings. Some projects were presented in NATO CWID 2009 to demonstrate binding and labelling in cross domain sharing experiments by using XML labels and XMLDSIG to 69
Metadata: data included in a particular data container that provides information about aspects of the content, such as: level of classification, need to know, topic, urgency, reliability, means of creation, purpose, time and date of creation, author, source, storage place, protocols or standards used, etc.
[122]
create a strong bindings mechanism. The demonstrations led to more experiments between NC3A and members nations. Major threats to the OLP approach to security are related to the difficult task of achieving trust between security domains. Also, some commercial standards should be reviewed to fit military security requirements (related to cryptographic security and certificate structure)
9.5.5.
Cross Domain Security
Networks and systems federation requires implementing secure interconnections between different security domains (systems and networks). These interconnections have to protect one side against threats from the others and control the right information flow. For these interconnections secure communication and information exchange gateways must be developed to enable secure information flow at different OSI levels.70 The exchange gateways should include boundary protection devices (BPD) to protect one side from the other and converters to adapt formats and protocols (interoperability) of both sides. Information exchange between SECRET and PUBLIC (Internet) domains is already a requirement in NEC philosophy although so far there are no agreed technological solutions and policies for that purpose. Hence, it is necessary to continue working and promoting R&D projects to obtain security solutions that enable interconnections between each of the domains. Finally, the BPDs should have the corresponding CC certification or equivalent, and according to the characteristics of the operations theater, a vulnerability assessment process should be performed.
70
The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization. It is a way of subdividing a communications system into smaller parts called layers. Similar communication functions are grouped into logical layers. A layer provides services to its upper layer while receiving services from the layer below. On each layer, an instance provides service to the instances at the layer above and requests service from the layer below [http://en.wikipedia.org/wiki/OSI_model].
[123]
9.5.6.
Multilevel Security
Multilevel security (MLS) is an important technology for NEC consecution. It refers to information systems capable of processing information with different confidentiality classification levels, permitting simultaneous access by users with different security clearance and “need to know,” and preventing users from accessing information for which they do not have authorization. The major advantage of this technology is that it is not necessary to implement separate networks with different servers to achieve different security domains associated with different security clearances. MLS can ensure the highest security level in the infrastructure where data are consolidated, and they can be accessed only by authorized users. MLS systems must meet some requirements when implemented. An MLS system must manage all accesses through a Mandatory Access Control. Therefore, access is restricted based on information classification and user’s authorization level. In addition, the MLS system must be complemented with a Discretionary Access Control, which uses access control containing the users that can access data. Identification and authentication of each user accessing the system are required, and permissions and privileges are identified and mapped with user profiles. For example, it is especially important that the system prevent a user with a lower security clearance than the data classification from declassifying Data. All data stored in the system must be labelled with security information regarding confidentiality and relevance. Hence, the access to specific information can be restricted based on confidentiality and “need to know.” Although MLS was identified years ago as important technology for defence systems, it has not yet reached a widespread deployment. The main reason could be that MLS technology requires a highly trustworthy information processing system (often built on an MLS operating system), which is very expensive. Moreover, there is a lack of prospects for implementation in the private sector, where types of security functions have been defined differently. However, currently it is possible to find some COTS solutions that comply with MLS, and consequently they will be probably considered in an NEC development.
[124]
9.5.7.
Multiple-Certified Encryption
During the last decades, national encryption policies have focused on protecting national information with nationally owned algorithms and ciphers. This has lead in some cases to the separation of systems and networks in different isolated domains (contrary to NEC philosophy) and in other cases to the implementation of different national cryptographic devices in cascade. Federation implies interoperability and information sharing, what require an evolutionary position in terms of encryption algorithms and cryptographic products. The development of multiple-certified encryption devices, which are certified for simultaneously transmitting different classified information from various nations and organizations (nation, NATO, EU, etc.), and the major employment of Suite B 71 algorithms may be the future. In addition, Multiple-Certified Encryption Devices (MCED) has other advantages in terms of costs and acquisition. The cost of developing one MCED is lower than the total cost of several national devices that can manage information only from a single nation. Besides this, other great advantage lies in the management. Obviously, the effort to manage one device (although it could be a little more complicated) is lower than the effort to manage two or more devices. For all this, MultipleCertified Encryption will be another technology that probably will be used in NEC, since it is a technology that ensures confidentiality from different sources and at the same time interoperability, lower costs, and easier management.
Figure 46. Multiple-certified encryption
71
Suite B: A type of cryptographic algorithm that has been approved by NATO Nations and NCSA and is not kept secret.
[125]
9.5.8.
Virtualization
Virtualization is one of the most important emerging technologies that facilitate NEC implementation. The main advantages of this technology are: IT cost reduction (saving from hardware), increased efficiency, rapid deployment, and easier disaster recovery. However, it has some disadvantages too that in many cases have prevented the employment in classified domains. Virtualization is based in two techniques, systems virtualization and software virtualization. Systems Virtualization allows computing code execution in resources that are emulated by software in a host system. A virtualized system uses all the available resources (CPU, RAM memory, HD, LAN, etc.) in a dedicated hardware, but all these resources are only a subset of a system that run virtualized for the guest system. The host system can control all the aspects of the emulated hardware, thus controlling the features of the guest system. Some actions can be realized, such as pausing, stopping, taking snapshots saving current state of the system, and reverting the machine to this saved state at any time. Software Virtualization differs from systems virtualization. The main idea is hosting individual applications in an environment separated from the underlying Operating System (OS). When an application is virtualized, an executable file is made with all the modules needed to work properly and virtual access to the needed resources to avoid needing anything from the underlying OS. Virtualization has several important benefits. A major benefit is that it can be used for fast resources reallocation by creating virtual systems for each of the key processes in a system and dynamically assigning the resources according to the computing needs. Also, virtualization offers another security layer to any system by allowing separation of any risky or hazardous operation into a virtualized system (for example, opening a pdf file from a distrustful source or browsing the net). When a security breach occurs, malicious code would take control of the guest OS, but will only take advantage of virtual resources (virtual RAM memory, virtual HD, internal virtual processes). However, the host system will be isolated from the attack. Some approaches of multilevel systems rely on virtualization to offer a security barrier between systems by using a virtualized OS to connect to the different security domains and all the guests’ virtual operating systems controlled by a hardened OS whose task is to avoid the information leaks between systems.
[126]
The most common use for virtualized applications is the possibility of executing applications in systems with the “principle of least privilege”72 and avoiding installing modules and libraries that could introduce vulnerabilities into the system. A main security concern is related to vulnerabilities in software virtualization that can cause the system to allow the access to host resources, thus infecting the host system. Only virtualized applications can easily be executed in several systems by using portable devices such as USB pen drives. Therefore, if an application is infected, the corrupted application will infect the OS where it is running. Another important security issue when working with virtualized applications is the transparency of execution of the virtualized application in the OS, leaving no traces of the application behavior. However, the improvement of this technology and its security during the last years and the increasing use in private sector have led to the belief that virtualization will be key technology in NEC implementation.
9.5.9.
Wireless Networks
Wireless technology has been growing fast for the last decade and will continue to because of the potential of mobile communications. In fact, in the private sector many telecommunication companies are turning their business model to mobile/wireless networks and connectivity, relegating wired networks to a secondary role. Fast deployment, fast integration, and cost-effective solutions based on COTS (thanks to standardization) are the main reasons for wireless success. The most accepted standards are 802.11 (or WI-FI, the standard for carrying out wireless local area network computer communications) and 802.16 (or WIMAX, a telecommunication protocol that provides fixed and fully mobile Internet access aimed at providing 4G mobile connectivity allowing a high speed data transfer rate, mobility, and reduction of cost in the “last mile” internet access). Wireless networks can provide a huge advantage in achieving NEC fast deployment, fast integration, and cost-effective solutions for communication and information systems implementations based on COTS products, which are widely used in private domains. Although the advantages of this technology -- facilitating the mobility and integration of NEC are undeniable, security is so far an unsolved problem for massive employment in military capabilities. 72
“Principle of least privilege” states that all users or processes that access or act in a system must do so with a minimum level of privileges and permissions that let the user or the process realize its functions.
[127]
Some important risks related to security in wireless networks include: Loss of confidentiality is a high risk because of the broadcast and the radio nature. Wireless radio propagates into space; an attacker does not have to be in the facility to passively capture data, and the use of high-gain antennas can capture data from wireless networks beyond a network’s normal operating range. Exploitation in Wi-Fi of the WLAN security mechanism weaknesses is common and easily accomplished. The attacker needs only to passively catch enough data to be able to access the network and exploit vulnerability in the secure transmission protocol. In WIMAX, man-in-the-middle attack can be performed by exploiting unprotected management messages during the initial network entry process. Also, eavesdropping can be done even if the data are strongly ciphered by AES, allowing the attacker to identify the footprint of a network or conduct a traffic analysis, helping the attacker identify targets in the network. Loss of integrity is a risk to take into account although the threats are similar to those in wired networks. Only by using cryptographic protection can data integrity be achieved. Wi-Fi standards do not provide strong message integrity, so other kinds of active attacks that compromise system integrity are possible. Loss of availability is another significant risk in wireless networks. A denial of WLAN availability often involves some form of DoS attack, such as jamming73 or flooding.74 Another attack is the use of 802.11n network with backward compatibility disabled (Greenfield mode), which unintentionally creates a DoS attack to wireless networks. In WIMAX, the injection of RF interference during the transmission of specific management messages can degrade overall system performance (this attack is known as scrambling). The use of VPN with a validated encryption algorithm by means of a certified cipher is a method to achieve confidentiality and integrity. The use of Wireless Intrusion Detection and Prevention Systems can detect attacks and misconfigured WLAN clients, rogue Access Points, ad hoc networks, and other violations of security policies.
73
Jamming occurs when an RF signal emitted from a wireless device overwhelms other wireless devices and signals, causing a loss of communications. Jamming may be caused deliberately by a malicious user or inadvertently by emissions from other legitimate devices operating within an unlicensed spectrum, such as a cordless telephone or microwave oven. 74
Flooding attacks are initiated using software designed to transmit a large number of packets to an Access Point or other wireless device, causing the device to be overwhelmed by packets and cease normal operation. Flooding can cause a WLAN to degrade to an unacceptable performance level or even fail completely. Jamming and flooding threats are difficult to counter in any radio-based communications, and the legacy IEEE 802.11 standard does not provide any defence against them. Management frames in 802.11 technologies are not protected and are a cause of availability attacks: Forged frames can force a disassociating client and Access Point. Attacker can flood the Access Point associating table with false request until the Access Point no longer allows legitimate associations.
[128]
The use of “thin”75 Access Points wherever possible is recommendable to improve the security of wireless networks. As seen in the definition of the standards, 802.11 and 802.16 networks can coexist as part of CIS capacities. 802.11 networks can provide connectivity in a small area, which can be as versatile as a building or around a vehicle in a tactical environment. Meanwhile, 802.16 equipment can provide connectivity between 802.11 “islands,” allowing connectivity among them and the HQ. Wireless connectivity is widely used as well to enable fast deployment of security sensors perimeter and make the information available when and where it is needed. In this case, two possible alternatives can be taken into account: create small networks of sensors and interconnect them, or connect the sensors directly to the WiMax system. In both cases, the speed of creating the infrastructure is higher and the cost of the deployment is much lower, reducing the need for material and time to implant CIS systems. It is expected that wireless communication security problems will be solved in the short term for NEC purposes with this technology. This includes the application in military CIS to reach the necessary information assurance level. Hence, some security challenges related to the use of wireless networks for NEC are: a. Improve the confidentiality by adopting certified cryptographic suites and key management solutions. Use of IP crypto equipment (for example NINE crypto equipment) to assure confidentiality and integrity or the use of end-to-end confidentiality equipment (as SCIP). b. Improve communication integrity by using strong integrity algorithms and cryptographic security to management signalling. c. Improve availability by using anti-jamming techniques as frequency hopping and improvement of the radio spectrum techniques. Furthermore, wireless technology can evolve in other aspects not explicitly considered as part of security field, but are closely related, and they have a beneficial influence on NEC and NECCS. Examples of these aspects are: the expansion to military RF bands dedicated to military systems to avoid spectrum saturation and improve radio spectrum use in all the military bands; the modification of standards to increase transmission
75
Access Point (AP) can be categorized as “thick” or “thin.” A thick, or intelligent, AP handles encryption and the overall management of the client devices connected to it. For a thin AP, the processing of encryption and policy settings generally occurs in the central switch or controller. Thin APs are generally more secure than thick APs because thin APs do not have a key that could be extracted. In addition, they do not require the same level of physical security and other countermeasures than thick APs.
[129]
speed and coverage; and the use of automated fast connection and routing techniques to enable connectivity in rapid changing environments.
9.6.
TEMPEST
Since the early 1960s, it has been well known in the military sphere that electronic devices, such as computers, communication lines, etc., generate electromagnetic radiation that can interfere with other electronic equipment. Known as compromising emanation or TEMPEST radiation, the unintentional electromagnetic broadcast of data has been a significant concern in military electronic applications since then. The TEMPEST threat has been widely study, and the appropriate countermeasures have been described in NATO and NATO TEMPEST protection nations’ security regulations. In NATO many guides, policy should be revised regulations, and standards (AMSG, SDIP, etc.) have been to adapt it to the NEC developed to cope with this type of threat. context, where Technological advances in the manufacturing of electronic equipment have increased their protection against the TEMPEST threat, reducing the associated risks, although they still remain.
distributed information prevails rather than information concentration.
The tools and techniques needed to make technical TEMPEST interceptions are available not only for state-sponsored entities, but for anyone with an Internet access. Therefore, the TEMPEST threat is still alive and will have to be considered in NEC implementation. Furthermore, appropriate countermeasures will remain necessary in classified systems. The approach for TEMPEST mitigation may be based on risk assessment and can be managed case by case rather than by establishing general rules covering all potential situations. However, TEMPEST is a phenomenon that emerged in the context of the Cold War, when information exchange requirements, communication networks structure, IT technology, and information confidentiality policies were radically different than they are now. The success of TEMPEST activity lies in identifying concentration points where important and sensitive information is transmitted. (TEMPEST is not designed to capture information when stored.) During the Cold War period, communications centers and embassies were the main objectives. This choice was due to the need to
[130]
make profitable the large investment involved in the planning and installation of permanent TEMPEST eavesdropping stations. TEMPEST requires substantial investment related to CIS equipment to avoid unwanted electromagnetic emissions. In short, TEMPEST protection can be achieved through: a. Acquisition of TEMPEST protected CIS devices from a factory having the corresponding official certification. b. Acquisition of special TEMPEST protected boxes to place inside CIS devices. c. Hosting the CIS devices in facilities protected against electro-magnetic emissions (Faraday cages). d. Keeping the CIS devices far away enough from a potential malicious TEMPEST station. Beyond the high monetary investment, TEMPEST protection involves a loss of IT infrastructure flexibility and interoperability. The implementation of TEMPEST protections results in high costs in terms of both money and loss of flexibility and interoperability of ITI. However, at the same time the potential risk due to TEMPEST threats is not well defined and could in fact be low. NECCS should promote the revision of the TEMPEST policy according to current TEMPEST threat and the new information environment that NEC represents, where distributed information is preferable rather than information concentration.
Cold War
NEC
- Concentrated Information
- Distributed Information
- Information Confidentiality
- Information Sharing
High TEMPEST Threat
Low TEMPEST Threat
Figure 47. TEMPEST evolution
[131]
9.7.
Forensics
Forensic analysis is the process of identifying the causes of security breaches and functionality failures in information systems and computer networks and of determining origins and responsibilities, producing indirectly a deterrent effect against potential malicious activities. In most cases the forensic investigation is a multidisciplinary and multinational process in which technical, legal, and political aspects are involved, and many nations should collaborate. In many cases the lack of political collaboration of just one party will render fruitless the efforts of the other parties in the technical and legal fields. In traditional environments where national systems are not federated, the forensic capability of a specific nation or system depends only on its own capabilities and its level of ambition. So, the preventive measures implemented in the system (audit logs, automatic even correlation tools, forensics investigators, etc.) determine the effectiveness of a forensic process. But as mentioned above, this will be not enough. NEC is designed to work in a multinational federated environment where the network responsibility is distributed among the different federated parties, nations, or organizations. The distribution of responsibilities increases the complexity of the forensic investigation and can reduce the efficiency of the forensic capability. In a federated environment it is vital to build a forensic collaboration environment through a legal agreement among federations. This agreement should facilitate the forensic investigation process invoked by either party. Currently, the international scene is very bleak in regard to this issue. A sound forensic capability is a fundamental deterrence against external or internal cyber attacks and against internal negligence within NII. Building an international cyber law framework that facilitates the partnership and collaboration to pursue illegal or malicious activit ies in cyberspace is a political issue that goes beyond NECCS responsibility. Not surprisingly, the forensic capability to protect the
Forensic Technical Capability
International Cyber Law
Cyber Conflicts Awareness
International Political Collaboration
Figure 48. Forensic capability aspects
[132]
NII depends largely on the success in establishing this legal framework. Hence, NECCS should strengthen the cyber forensic capability and in addition promote international collaboration and awareness on cyber conflicts. These are two sides of same coin.
9.8.
Change Management
Fear of change is one of the biggest obstacles that usually arise when implementing a new system. In fact, a large number of projects fail eventually because of not considering this issue from the beginning. If a new system is implemented without having prepared the users, their resistance can become so great that it could derail the effectiveness or implementation of the new system. Undoubtedly, one of the lessons learned from the implementation of new systems is that it is essential to involve potential users early and prepare them for change through appropriate training and awareness. The implementation of NEC is a fairly strong change affecting different dimensions, such as technology, policy, and people. Clearly, change management is always a complex issue that should be handled with special sensitivity. The NEC revolution entails an NECCS revolution as well, and the changes in responsibilities, mentality, and culture in the cyber security field are significant, involving all of NEC users and echelons.
Technology change management
The NECCS change management plan should consider, at least, the technology, security policy, and human factor.
Policy change management
People change management
Figure 49. Change management aspects
[133]
9.8.1.
Technology Change Management
The management of change in technology is a critical process. Systems evolve and are upgraded, incorporating new and better features. However, there comes a time when it is not possible or cost-effective to keep renewing the system, and it must be replaced. The act of replacement is usually not immediate, but takes a period in which new technologies coexist with the legacy ones. During the coexistence of technologies, it is particularly important that the process of implementing additional security measures allow, without increasing the risks, the joint functioning despite the different types of technology and level of maturities. It is important to analyze how this situation influences the security aspect during the migration to new technologies. The new risks and vulnerabilities must be identified and measures must be implemented to rectify the shortfalls.
9.8.2.
Policy Change Management
Policy change management refers to the management of the life cycle of security. In static environments it is not a big issue; but in NEC, where dynamism is main characteristic, the management is really complex. There should be a continuous review of the effectiveness of the security measures implemented, since the changes in the environment can drastically reduce their effectiveness. In addition, the effectiveness of the security measures implemented should be compared with other technologies whose maturity is demonstrated to be adaptable to the changes that may occur to ensure that security remains at the proper level. Finally, there should be a continuous review of security policies, systems configurations, vulnerabilities, risks, and threats.
9.8.3.
People Change Management
NEC is not a simple change for new users, but a drastic change that entails a new way of doing business and a new kind of human relationship. Consequently, people will face a huger behavior change according to a new security mentality and culture
[134]
People usually, for reasons of convenience or lack of interest in learning, like becoming accustomed to old and well-known routines and systems. The migration to new safeguards or procedures should be progressive. Starting the implementation of the security measures should be avoided after the system is operational. Security measures should be incorporated gradually during the introduction of the new systems. In this way, people are better prepared and are willing to face the changes. “Need to know” culture has always been rooted in defence systems and, as mentioned earlier, cannot be overlooked. It is necessary to treat properly the change in mentality regarding "Duty to Share" and "Share to Win" concepts because the security implemented on current systems has more restrictive measures on information sharing. These new concepts should not eclipse the old one. The change in this area should be realized from the beginning of the system, sharing a more open mind for cooperating with other nations. But even if that change is made, the old mindset should also coexist with the new, as the "Need to Know" will always be necessary to control the access to information. In short, NECCS entails a radical change in mentality whereby security, including information confidentiality, is not an end in itself, but a means to NEC strategic objectives. These changes must be accepted by all users. The way to do this is to prepare them gradually from the beginning, before the change occurs, through continuous training and awareness campaigns in cyber security.
9.9.
Risk Management
There are some special characteristics of current cyber threats as uncertainty, the fast pace, and change of patrons make risk management more complex but at the same time more necessary. Risk analysis and risk management are the main instruments that NECCS has to make decisions addressed to reach the balanced information domain (discussed in section 8.3.). In fact, in most of the organizations, it is mandatory to perform a risk analysis to evaluate the security of information systems and then to grant the proper security clearance. The risk analysis is used to identify the level of risk of the systems, improvements, and security measures that should be implemented to safeguard life cycles that should be developed. As a result, security systems will be more efficient, thus contributing to the efficiency of the whole system.
[135]
But a traditional risk analysis is based on known threats. (When risk management was born, systems and their environments were static, and changes occurred from time to time in predictable way.) A traditional risk analysis is not valid in principle for new threats or new form of same threats. Thus, currently in an NEC environment, static risk analysis performs a role of helper in the initial phases of an NEC implementation process. However, it is not enough to provide reliable knowledge on level of risk of systems within an environment where cyber threats are uncertain and dynamic in nature. To give response to the new environment the concept of dynamic risk management arises, where data to support risk are continually renewed in order to determine the level of actual risk. Assets (their value and impacts), threats, vulnerabilities and even security measures are constantly reviewed and updated, and the level of risk based on these data is continuously calculated. The automation of processes for data collection, overall assessment, and risk determination is necessary to bring this concept to reality.
Figure 50. Dynamic risk management aspects
In an NEC environment there is an added problem related to Federation of Systems. Levels of trust should be established to run the connections, but they are not exempt from the inherited risks that should also be analyzed. Security accreditation metrics should be defined to ensure minimum security standards in a federation of networks with different level of risk acceptance. For adequate dynamic risk management, communication channels must be established among the different related entities in order to have real, updated, and timely knowledge of the level of risk. Threats,
[136]
vulnerabilities, and risky situations identified and analyzed by a nation should be shared with others to reach a common and efficient level of knowledge of risk.
9.10.
Security Audit
A security audit is an official inspection or examination to evaluate the appropriateness and efficiency of the security measures implemented in a system according to the expected investment and results. The security audit is a work outside the dynamic risk management (DRM). The DRM is a task and service under the responsibility of the NECCS organization.
Security audit should be performed, periodically, by an independent entity
Actually, the security audit is an important tool in the hands of NEC authority to supervise and control the work done by the NECCS organization. Consequently, the audit should be addressed to every component of NECCS organization, but should be performed periodically by an independent entity with no special relationship with the NECCS organization. Security audit must identify the efficiency of the technical security measures, as well as of policies and users. NECCS organization should be willing to be audited periodically by an independent organization as a natural part of the process of building a secure NEC.
NEC owner
NECCS audit
NEC organization
NECCS dynamic risk mangement
Figure 51. NECCS audit
[137]
9.11.
Security with Partners
In the process of building a secure NEC different actors are involved with mutually interdependent roles, which can be classified in two different groups: NEC organization and NEC partners.
NEC organization is composed of all the individuals that have some responsibility in the NEC management. Some of the roles are: NEC owner or customer: the nation, alliance, organization, ministry, army, etc. that NEC serves. NEC owner must set the level of ambition and the expected results and should provide the necessary resources consistently. It receives the benefits ultimately. NEC authority: the person in charge to command, lead, and manage the NII. Also the measures, policies, and information aimed at reaching the expected information superiority. NEC management: the organization in charge of managing the NEC resources. NECCS management: the organization in charge of managing the NECCS resources and responsible for driving all aspects of security towards NEC strategic objectives. NEC user: any individual who has official authorization for access to some of the services that the NEC provides.
NEC Partners: entities that do not belong to the permanent NEC organization, but are somehow involved in the development of the NEC; or those that require NEC services punctually and temporarily. Industry: develop and build NII products, as well as provide technology through R&D&I departments. Academia: provide scientific and technologic support to the development of NII products. Other partners: NGOs, foundations, institutes, international organization, etc.
[138]
NEC management NECCS management NEC Owner
NEC Authority
Industry NEC users Academia NEC partners NGOs
Others Figure 52. NEC Organization
The success of NECCS depends on issues that are not directly under its control. Two examples of non-NECCS dependent issues that have direct influence on the success of the NECCS implementation are:
a. The need for convergence between NEC owner and Industry interests: According to section 8.5, it is evident that there is not total understanding between Industry and NEC owners. NEC needs some practical implementations that Industry is not able to provide in a satisfactory timeframe or at an acceptable price. Industry is governed by its own principles, which differ significantly from NEC owners’ interests. It is not realistic to think that Industry will change its principles to suit customer needs. Industry likes to peek beyond the horizon to view the benefits. There are two ways to tackle this issue: make large financial investments to spark special interest in the industry, or adapt to what the industry offers according to market demand. The decision to take one or the other is the responsibility of the NEC owner. The NECCS staff can support the decision process by reporting risk assessment in terms understandable by the NEC owner.
b. The need for information sharing channels between NEC owner and other partners: NEC is a capability focused on providing information superiority to its owner in a multinational and multi-organizational environment.
[139]
In current operations and business there is a need to share information with partners that are not official members of the organization served by the NEC (NGOs, foundations, international organizations, etc.). The lack of mutual confidence may hinder or prevent the exchange of information. NECCS should plan additional measures, with temporary effects, to facilitate the information exchange between the NEC organization and other partners involved in same operation or business that cannot guarantee timely compliance with NEC security policy. NEC is a challenge for the public sector, and industry can facilitate the achievement of NEC objectives. As the same time, NEC could represent a business opportunity for the IT industry. Initiatives such as NCOIC (Network Centric Operations Industry Consortium) facilitate the sharing of knowledge between public and private sector and ultimately the acceleration of implantation of NEC. However, the success of NEC implementation probably will depend on the public investment in NEC projects, especially taking into account the current economic crisis, which is affecting the R&D capacity of private companies.
9.12.
Active Cyber Security
NECCS is a set of defensive security measures. Offensive activities, in particular penetration actions against the NII, can be performed to test the efficiency of the security measures and the preparedness of the NECCS organization personnel. But offensive actions against objectives outside the NII are not considered.
[140]
Chapter 10
NECCS way ahead (DOTMLPFI)
DOTMLPF is an acronym originally coined by the US DoD to guide planners on the aspects that they should undertake when developing a program according to the JCIDS procedure (Joint Capabilities Integration and Development System). It refers to Doctrine, Organization, Training, Materiel, Leadership, Personnel, and Facilities. Later, NATO adopted the acronym, adding the interoperability component, DOTMLPFI, because interoperability is vital issue to the success of the development of any CIS. Furthermore, NATO considers interoperability as a transversal component that has to be undertaken along with the rest of the components (DOTMLPF). In this way, NATO ensures that this critical element is included from the beginning. This avoids the recurring problem of requiring additional work to address interoperability issues after developing a system. Likewise, the praxis has shown that security is a cornerstone in most programs, especially those related to information systems and telecommunications. Any change or occurrence subsequent to the implementation requires more expense and effort than if it had been incorporated from the beginning. Moreover, in some cases it is not possible to implement it after the fact. NECCS is the “S” of the DOTMLPFIS acronym in NEC plans and, in turn, a DOTMLPFI study is a convenient way to tackle NECCS itself. The DOTMLPFI study of NECCS is composed of smaller studies embracing just one element or aspect of NECCS. However, all of them have in common the same goal, “Information Superiority.” The DOTMLPFI features for NECCS study are: Doctrine Study focuses on the development of a legal and procedural framework that guides users in how to proceed securely in an NEC environment. It is related to the development of doctrine, policy, regulations, guides and best practices. Organization Study focuses on the development of the better way to organize and link all the NECCS components (DOTMLPFI). It is related to the development of the NECCS organization and structure, roles and responsibilities.
[141]
Training. Study focuses on the development of an educational activity that prepares users to interact securely with the information systems. It is related to the development of cyber security training, awareness, and exercises, mainly through online activities. Materiel. Study focuses on all the computer materiel needed to carry out all the security services. It is related to computer equipment, software applications, both ancillary and spare. Leadership. Study focuses on preparing NEC leaders in cyber security issues and NECCS leaders. It is related to the assumption by users of their respective responsibilities as well as to the study of trends that help prepare now for the future. Personnel. Study focuses on the need for human resources. It is related to qualifications, job descriptions, training, awareness, leadership, change management, and motivation. Facilities. Study focuses on the need for permanent and deployable installations to host the CIS securely. Interoperability. Study focuses on the development of standards that help the secure interconnection between information systems with different security requirements. Below are detailed general recommendations to develop a DOTMLPFI study for NECCS.
Doctrine
Organization
Interoperability
Facilities
NECCS Planning
Personnel
Training
Materiel
Leadership
Figure 53. NECCS planning
[142]
10.1.
Doctrine
Doctrine is a term generally used in the military, legal, or religious fields and is understood in different ways: as a strict set of rules, a collection of general principles, or a list of recommendations. Traditional military doctrine is a concise expression aimed at providing guidance in how military forces conduct operations. It is a guide to action, rather than a strict set of rules. Another important objective of a doctrine is to provide a common lexicon. This objective is particularly important in the cyber security field, where the current situation regarding uniformity and consistency of terminology is a bit chaotic. NECCS doctrine concept is closer to the military understanding “guide to action” rather than a “set of strict rules.” So far, doctrines are based on theory, history, case studies, lessons, and experimentation. They offer guidance about how to act when some type of standard attack or other situation occurs. The problem in NEC environment is that this approach for developing a doctrine is not enough due to the characteristics of the particular NEC battle location, i.e., cyber space, where cyber threats are uncertain and dynamic in nature. Below are some recommendations to develop an NECCS doctrine: a. Due to the uncertain nature of cyber space, NECCS doctrine should add to the traditional study sources (theory, history, case studies, lessons learned, and experimentation) a study of trends and analysis of perspectives and prospects in cyber space. b. Due to the changing nature of cyber space, NECCS doctrine should be flexible and allow a degree of freedom or non-observance to the users based on objective criteria. c. Due to the rapid evolution of the cyber space, NECCS doctrine should foresee a mechanism that reliably allows constant updates to itself. d. Due to the lack of uniformity and consistency of the terminology related to the cyber field and in particular, in security matters, NECCS doctrine should be permanently involved in the study and implementation of a cyber security glossary and taxonomy as well as explanations of new concepts. e. NECCS doctrine should be composed of a comprehensive body of knowledge, including cyber security principles, policy, technical, and operational guidance,
[143]
and international legal framework, all aimed at fostering initiative and creative thinking in the cyber security field. Security policies and procedures evolve and adapt with time. A period of time is necessary to achieve a level of maturity and integration in order to be truly effective. After that, the policies can be considered doctrine.
Traditional doctrine Comprehensive body of knowledge
Trends analysis
NECCS Doctrine Cyber taxonomy
Flexibility
Cyber glossary
Constant updates
Figure 54. NECCS doctrine
10.2.
Organization
NECCS organization is understood according to two aspects: a. The organized group of people working together in the development, implementation, application, management, control, monitoring, and supervision of security measures and policies within an NEC
[144]
b. The way in which all the NECCS elements -doctrine, training, materiel, leadership, personnel, facilities, interoperability, services, technology, industry, partners and so on- are arranged and interact between them. Following is a description of the two aspects related to NECCS -- human organization and arrangement organization:
10.2.1.
NECCS Human Organization
Regarding “group of people,” the NECCS organization is composed of: a) in general, all the NEC users, since every user has part of the responsibility for the application, management, and supervision of the security measures; and b) in particular, the small CIS security-qualified group of people who have responsibility for the development, implementation, application, management, control, monitoring, and supervision of the whole cyber security within NEC. Hence, there should be a specific NECCS department within the NEC organization with the responsibility of ensuring a proper level of security. However, the idea should be fostered that every user is an active part of NECCS and consequently part of the NECCS organization. Security in NEC is not only a technical matter, but also a complex interweaving of multiple disciplines. The NECCS department should be composed not only of people with technical professional profile, but with experts in other fields like organization, human resources, training, awareness, law, and policy issues. The NECCS human organizational structure must be flexible and dynamic enough to allow a constant adaptation to a changing environment.
10.2.2.
NECCS Arrangement Organization
Regarding “way of arrangement,” NECCS organization is a complex multinational and multidisciplinary organizational structure with the goal of making all NECCS components converge on the same end -- information superiority. NECCS arrangement organization should pay special attention to the specific information about cyber security issues and the channels, procedures, and mechanisms to make cyber security information visible, accessible, manageable, reliable, and usable for the NECCS department.
[145]
As well as NECCS human organization, the NECCS arrangement organizational structure must be flexible and dynamic enough to allow a constant adaptation to a changing environment.
10.3.
Training and Education
Education is the foundation of NECCS. Investment in education is always cost-effective and should have top priority in budgets and plans. If NECCS resources are limited and not sufficient to support the DOTMLPFI requirements, it is preferable to reduce the budget and effort dedicated to materiel or other NECCS aspects rather than education. The ordinary user is the main actor in NEC and NECCS. In fact, the user is part of NECCS organization. As active members of NEC and NECCS, users must be qualified in NECCS measures application, aware of cyber threats and risks from misuse or neglect of information and information systems. They should act consistently with NECCS policy and with the other users.
The ordinary user is the main actor in NEC and NECCS
Education is the best way to reach the abovementioned NECCS user requirements through the performance of three distinct activities: awareness, training, and exercises (ATE), which can be integrated into a single NECCS educational program.
NECCS Education Awareness, Training and Exercises Principles
Activities
Methods
Areas
Levels
• Flexibility • Dynamism • Comprehensiveness • Balance • Ubiquity • Continuity • Permanence
• Awareness • Training • Exercises
• In-house • Deployable • Off-the-shelf • Distance • On-line
• Technical • Strategy • Legal and Policy • General awareness
• NEC owners • NEC senior staff • NEC management • NECCS management • NEC users • NEC partners
Figure 55. NECCS education
[146]
Recommendations for the development of an NECCS education program are described below.
10.3.1.
NECCS Education Principles
In this section are some recommendations in the form of general principles to consider when developing an educational program for cyber security in an NEC environment. The NECCS education principles are: 1.
Flexibility: The NECCS ATE program should adapt the individual needs of all users. It must allow some degree of freedom for the users to choose the aspects most relevant for them.
2. Dynamism: The NECCS ATE program should constantly evolve to adapt to the emerging threats and technologies. 3. Comprehensiveness: The NECCS ATE program must address all aspects of cyber security. A system is said to be only as secure as its weakest link. So the program must strive not to forget security aspects that later might become a vulnerability. 4. Balance: The NECCS ATE program must consistently pay attention to each aspect of cyber security proportional to the risk. 5. Ubiquity: Every user is an active part of NECCS. Consequently, the NECCS ATE program must reach out to every user wherever they are located. 6. Permanence: Cyber Security is an activity and a condition that is never perfect; it has no end. Consequently, the NECCS education program is an activity that must be ongoing throughout the life cycle of the NEC and should be constantly improved.
Comprehensivenes s
Balance
Dynamism
Ubiquity
NECCS Education
Flexibility
Figure 56. NECCS education principles
[147]
Permanence
10.3.2.
NECCS Education Activities
As mentioned earlier in this section, three main education activities must be undertaken to achieve NECCS education objectives - awareness, training, and exercises (ATE). These activities are described below. Awareness: NECCS awareness is a key point since the cyber threat is neither tangible nor visible: it can be a permanent action or a sleeper agent; it has no face and is very difficult to identify and quantify. These characteristics make a threat seem harmless, unreal, or non-existent. But the threat really exists, either attacking or waiting for vulnerability. This secretive and noiseless behavior makes the cyber security awareness campaign an essential part of the NECCS education program. Cyber security awareness is focused on strategic topics and strategic audiences, in keeping a universal level of attention to cyber risks and threats. Training: The core point of the NECCS education program. It is addressed mainly to technical and operational topics and to a specialized audience. Exercises: A complementary way of training to: a) Train and practice a particular cyber security activity. b) Train the coordination of NECCS activities among different NEC parties. c) Evaluate the level of training and preparedness of NEC users in security situations as well as the efficiency of NECCS measures.
Figure 57. NECCS education activities
[148]
10.3.3.
NECCS Education Methods
The awareness, training and exercising (ATE) in NECCS matters can be realized according to the standard educational methodologies. These methodologies applied to NECCS are described below. In-house education: This method can be used for teaching very specialized technological skills that must be taught in a controlled physical environment. It can be used as well when physical contact among students or attendees is important or when it is advisable due to confidentiality requirements. To guarantee the effectiveness of in-house training, the NECCS department must ensure that there is appropriate expertise in-house, and quality control procedures are in place. In principle, in-house education is limited to ATE on very specialized technological matters for NECCS managers and strategic awareness for senior authorities. Deployable education: Economic reasons or lack of in-house experts can suggest that the teachers’ team move to the potential students’ locations and not the opposite. This could be a complementary activity to in-house education. Off-the-shelf education: To have the appropriate expertise in-house is not always possible in matters related to cyber security. In that case buying an off-the-shelf education tailored to the NECCS needs might be a good alternative. This type of education methodology could be recommended in cases of temporary training demand. Distance education: Distance education is the individual work accomplished by the student at home or at work. It is usually used at an earlier stage before attending a classroom-based course to ensure a minimum level of knowledge when taking part in in-house education. On-line education: It is undoubtedly the preferable way to perform ATE for NECCS matters since is the only method with capability to meet all the NECCS education principles at the same time: flexibility, E-learning is the only dynamism, comprehensiveness, balance, ubiquity, and method that provides permanence.
flexibility, dynamism, comprehensiveness, balance, ubiquity, and permanence
[149]
On-line education
Distance education
In-house education
NECCS education
Off-theshelf education
Deployable education
Figure 58. NECCS Education methods
[150]
10.3.4.
NECCS Education Focus Areas
One of the most common defects when addressing IT training is the tendency to focus the program on technical matters. NECCS organization should make an effort to develop a balanced education program that encompasses all aspects of NECCS, with the attention that each one of them deserves and requires. A balanced education program must address the following elements at a minimum: Technical issues: related to the operation of specific cyber security service and application as well as to techniques and tactics for performing a particular cyber security activity. Strategy: related to cyber security governance, national and multinational strategies, plans, perspectives, organization, costs, benefits, risks, and vulnerabilities from an international and multidisciplinary point of view. Legal and Policy: related to the establishment of an effective international cyber security legal framework, policy, development of international agreements, and implementation of the administrative apparatus to enforce compliance. General awareness: related to keeping a proper level of tension and attention to cyber risks, vulnerabilities and threats by all the members of NECCS organization and NEC users.
10.3.5.
NECCS Education Focus Levels
NECCS education program must consider different activities and approaches that involve different training depth, quality, nature, and language to make them more consistent with the audience. The different groups of audience and their characteristics are described below. NEC owners: Although NEC owners – nations, alliances, departments, organizations, armies, etc. - are the main beneficiaries of NEC services, they are not always aware of the risks associated with the lack of an appropriate NECCS implementation. NECCS departments should foster a strategic cyber security awareness campaign addressed to NEC owners and senior authorities, with the aim of disseminating a
[151]
clear understanding of the benefits and costs of NECCS as well as the risks in case of a shortfall. The awareness campaign managers must pay special attention to present the cyber security issues in an understandable language for this particular audience. NEC senior staff: NEC authorities usually are so involved in the solution of operational problems in the NEC that the security issues can go unnoticed by them. NECCS department must pay special attention to keeping the necessary level of cyber security awareness within NEC authorities to place NECCS in the proper role. NEC management: The main risk regarding NEC managers is the tendency to consider security issues as an integral part of the NEC management. Both roles should be performed at the same time for same people. In short, operational and security issues should be managed by same department. This classic error leads to a corrupted security system developed by non security experts and tailored according to operational conveniences. NEC management department must accept the leadership of the NECCS department in cyber security issues and must be trained for their responsibilities. NECCS management: The rapid evolution of IT technology forces NECCS personnel to receive training and retraining in a systematic and planned manner. NECCS staff should be the first to receive the necessary cyber security education in order to be the main promoter of cyber security education for the rest of NEC users and to facilitate the whole security change of mentality. NEC users: The NECCS education program should reach all NEC users wherever they are and whatever positions they occupy. The program should be complete and flexible enough to meet all needs. In principle, the only way to reach NEC universal education is through on-line education. A mechanism must be implemented to encourage users to receive the training and to evaluate the level of qualification reached. Partners: Finally, NECCS education activities for partners must be foreseen to ensure compliance with NECCS policy when working together in temporary situations.
[152]
10.3.6.
NECCS Education Evaluation
NECCS education is a permanent cyclical process that starts with a list of requirements requested by NEC owner and NEC/NECCS authorities; next an action plan that includes all the activities needed to meet the requirements; then implementation of the security services according to security policy and security plans; and finally an evaluation process to identify the level of qualification and compliance with security policies and plans, the result of which will provide appropriate feedback.
Figure 59. NECCS Education Cycle
[153]
10.4.
Materiel
NECCS materiel is all the equipment, apparatus, supplies, and ancillary items used by the NECCS organization to provide the cyber security services required to reach NEC strategic objectives. They include computer security hardware and software, communication security devices, and cryptographic equipment. The choice of cyber security materiel depends on a number of factors that should be considered, both prior to the procurement as well as in the future, to ensure that the materiel will meet future requirements. Some of the factors that should be considered when acquiring NECCS materiel are:
a. Efficiency in the required functionality. b. Guarantee that it does what it claims. This can be obtained through official certifications such as Common Criteria, SECAN, etc. c. Cryptographic guarantee, usually granted by a National Security Agency. d. Guarantee that it does not do anything apart from what it claims. e. Interoperability with other equipment in the system and with legacy systems. f.
Friendliness in the operation.
g. Resilience, i.e., the ability to recover from cyber attacks. h. Modularity and scalability, i.e., the ability to be updated by incorporating new modules. i.
Programmability, i.e., the ability to modify specific operational aspects or values without affecting the security.
j.
TEMPEST protection if needed.
k. COTS or GOTS: COTS usually is a cheaper alternative, but GOTS can be tailored to meet the requirements precisely. l.
Price.
[154]
Price
Operational Efficiency
Security Certificate
COTS / GOTS
Crypto Certificate
NECCS Materiel
TEMPEST protection
Interoperability
Programmable
Friendliness
Scalability
Resillience
Modularity
Figure 60. NECCS materiel
[155]
10.5.
Leadership
The environment in which NEC leaders have to make decisions is composed of special features that make the decision making process more complex and risky than ever before. NEC environment, and in particular cyber security in NEC, are characterized by uncertainty, constant change, rapid actions, fast evolution, unknown enemies, threats and risks, and blurred legal framework. The NEC environment requires leaders to make decisions rapidly and constantly. Therefore, they should assume a certain degree of risk and uncertainty in their effectiveness. Security is not perfect; the NEC environment is dynamic and uncertain in nature; consequently the making decision process should be rapid, dynamic and risky. The need to take decisions rapidly and the capability of NEC to develop an effective information sharing and widespread, entail the need to open and extent the decision making process, making it less dependent on hierarchy structures. Furthermore, NEC is based on a Federation of System, which is characterized by leadership decentralization. The federations are independent in command, control, and organization. Leadership must be exercised through common policies, standards, collaboration agreements, and trust. NECCS should help leaders in the decision-making process by providing information in non-technical language on cyber threats, vulnerabilities, and risks. In addition, it must help ensure the establishment of a reliable, rapid, and extended decision- making process. NECCS leaders must not forget that the effectiveness of NECCS implementation depends on external factors not controllable by NEC/NECCS organizations. Therefore, they must foster the necessary collaborative environment to reach international and multidisciplinary agreements as well as common understandings that facilitate convergence to NECCS principles.
Dynamic
NEC decision process
Fast
Risky
Figure 61. NEC decision process
[156]
10.6.
Personnel
NECCS is a new way of viewing security that involves a change of mentality by every NEC user; and every NEC user is part of the NECCS organization. Thus, they have real responsibilities for the application of security measures. An NECCS plan addressed to personnel should include at a minimum the following elements: a. Inform all NEC users about their NECCS responsibilities. b. Implement an NECCS education program according to section 9.3. c. Keep all NEC users informed of the importance of compliance with the NECCS policy. d. Keep NEC users updated about new threats and risks. e. Maintain and constantly evaluate the level of tension, attention, and qualification of all NEC users in cyber security issues. Monitor the activities and behavior of all NEC users to test the level of compliance with NECCS policy. f.
Implement a change management plan when implementing a new system or service.
Another two additional considerations: NECCS department is responsible for implementing, managing and supervising all the activities mentioned above. Personnel belonging to the NECCS department must be dedicated exclusively to cyber security issues.
Figure 62. NECCS personnel plan
[157]
10.7.
Facilities
NECCS facilities are secure places where cyber security materiel is hosted and protected. In many cases the NECCS materiel is classified in same manner and to the same degree as the information it processes. Therefore, it must be protected against unauthorized access. In this case, the facilities must be equipped with measures of physical security to protect the hosted classified materiel. NECCS physical security consists of the implementation of physical barriers and control procedures to prevent NECCS facilities and materiel from damage caused by threats other than cyber threats. Physical threats can be grouped in two different set: natural disasters (fires, floods, earthquakes, etc.) and human action (theft, fraud, sabotage, etc.) A plan to protect the NECCS facilities must include at a minimum the following elements: a. Specific measures against natural disasters according to the regional level of risk. b. Security controls against unauthorized physical access, e.g., use of guards, metal detectors, biometric systems, automatic signature verification systems, animals, access and perimeter protection, electronic devices, etc. c. Control and monitoring measures against overload or failure in power supply, e.g., use of UPS, etc. d. Control measures against unwanted electromagnetic emissions, e.g., use of measures against TEMPEST phenomenon. e. Control measures against radio jamming, e.g. use of Faraday cages, etc.
Natural disaster prevention
Radio jamming protection
NECCS facilities protection
Unauthorized physical access control
Figure 63. NECCS facilities protection TEMPEST protection
Power suply protection
[158]
10.8.
Interoperability
NEC interoperability is the ability of all NEC systems and organizations to work together. Interoperability is a pivotal aspect since NEC is based on a federation of systems, where each federation defines, implements, and manages its own systems and eventually works like a single logical system. NECCS should consider the interoperability aspect from the beginning, working to foster common security policies and technical standards. Interoperability must not be reduced to issues related to the NII, but encompass activities aimed at enhancing the communication flow and information sharing among people by converging security mentalities and cultures.
10.9.
DOTMLPFIS
DOTMLPFI is an acronym used by NATO to remind planners about fundamental aspects that have to be considered when planning the development of a system or program. Security is an aspect that makes the planning work more complex. As a result, it is deliberately avoided even though it may be reflected in the plans in a concise manner.
DOTMLPFIS provides a reminder that “security is an important aspect that has to be considered specifically from the outset”
Inevitably, security eventually will become part in the planning or implementation; and the later that happens, the more risk of dysfunction there will be. Therefore, the system will become effective, but with more delay and a higher price. Security is something that makes planning more complex. Therefore, it is deliberately avoided even though it may appear in plans in a concise manner.
Inevitably, security eventually becomes part of the planning or implementation. However, the later it is put into place, the greater the risk of dysfunction. The system will become effective, but with more delay and at a higher price. For some people, adding the security aspect to the acronym is unnecessary because security is a universal issue affecting all the components of the DOTLMPFI. And because of that, the use of DOTLMPFI without the S is considered sufficient. This is true for all the components of DOTMLPFI, not only for security. The reason behind promoting the use of DOTLMPFIS is to provide a reminder that security is an important aspect that has to be considered specifically from the outset.
[159]
[160]
Concluding Considerations
1. The natural evolution of the information age makes NEC the way ahead, whether it is wanted or not. 2. Cyber Security is a necessary component not only to make NEC safer, but to ensure its survival and operation. 3. NECCS involves a cognitive revolution and a change of mentality, whereby the goal is not protecting the information, systems, and networks, but using this protection to facilitate the information superiority of the NEC owner. 4. Some researchers believe that NEC/NECCS is about people rather than technology, while others believe than NEC/NECCS is about culture rather than people or technology. We believe that NEC/NECCS is about people-culture, technology, and information. These elements are mutually dependent. All of them have importance since the failure of one means the failure of all. 5. Although all the main components (people, technology, and information) are equally important, information must be the reference in all NECCS actions. 6. NECCS should be considered during the complete life cycle of NEC, from inception to disposal. 7. NECCS education and change management are the crucial aspects to succeed in an NEC implementation. 8. NECCS is about dynamic risk management, and how to disseminate the resulting information to decisions makers in a timely manner and in appropriate language. 9. NECCS should provide guidance to face known, emerging, and potential threats and to foresee secure connection to NEC authorized users as well as unanticipated temporary partners.
[161]
10. It is necessary the revision of security concepts and policies, like information classification, TEMPEST, DOTMLPFI, etc. to adapt them to a new context more participatory, dynamic, and unpredictable.
[162]
List of Acronyms
ACT
Allied Command Transformation
AES
Advanced Encryption Standard
AMSG
Allied Military Security Guidelines
ATE
Awareness, Training and Exercising
BPD
Boundary Protection Device
CC
Common Criteria
CCD CoE
Cooperative Cyber Defence Centre of Excellence
CDMA
Cyber Defence Management Authority
CIP
Critical Infrastructure Protection
CIS
Communication and Information System
CNA
Computer Network Attack
CND
Computer Network Defence
CNE
Computer Network Exploitation
CNO
Computer Network Operations
COTS
Commercial Off-The-Shelf
CP0A0155
INFOSEC Capability Package
CTCPEC
Canadian Trusted Computer Product Evaluation Criteria
DAF
Defence Architectural Framework
DoD
Department of Defence
DoDAF
Department of Defence Architectural Framework
DOTMLPFI
Doctrine, Organization, Training and Education, Materiel, Leadership, Personnel, Facilities, and Interoperability
[163]
DRM
Dynamic Risk Management
EISA
Gartner’s Enterprise Information Security Architecture
ENISA
European Network and Information Security Agency
EU
European Union
FoS
Federation of Systems
GOTS
Government Off-The-Shelf
HQ
Headquarter
IA
Information Assurance
IDEAS
International Defence Enterprise Architecture Specification for Exchange
IEG
Information Exchange Gateway
INFOSEC
Information Security
IT
Information Technology
ITI
Information Technology Infrastructure
ITS
Information Technology Security
ITSEC
Information Technology Security Criteria
MLS
Multi-Level Security
MODAF
Ministry of Defence Architectural Framework
MSL
Multi-Security Level
NATO
North Atlantic Treaty Organization
NCIRC
NATO Computer Incident Response Capability
NCOIC
Network Centric Operations Industry Consortium
NCW
Network Centric Warfare
NEC
Network Enabled Capability
NECCS
Network Enabled Capability Cyber Security
NII
Networking and Information Infrastructure
NNEC
NATO Network Enabled Capability
OSI
Open System Interconnection Model
[164]
PKI
Public Key Infrastructure
QoS
Quality of Service
R&D
Research and Development
SABSA
Sherwood Applied Business Security Architecture
SCIP
Secure Interoperability Protocol
SDIP
SECAN Doctrine and Information Publication
SLA
Service Level Agreement
SOA
Service Oriented Architecture
TCSEC
Trusted Computer System Evaluation Criteria
TOA
Transformation Objectives Areas
US
United States
VPN
Virtual Private Network
WIMAX
Worldwide Interoperability for Microwave Access
WLAN
Wireless Local Area Network
XML
Extensible Markup Language
[165]
[166]
Glossary
Black / red network
A black network is a network that uses ciphers to protect data and communications. Red network do not use ciphers, and information travels in clear.
Computer Network Attack
Capability based on actions to disrupt, deny, degrade, and destroy the communication and information systems or the information that they store and process.
Computer Network Defence
Capability based on actions to prevent disruption, denial, degradation, destruction, and exploitation of the communication and information systems or the information that they store and process.
Computer Network Exploitation
Capability based on intelligence and actions of compilation, analysis, and exploitation of information stored and processed at Communication and Information Systems.
Computer Network Operations
Actions of attack, exploitation, and defence of Communication and Information Systems and the information that they store and process, with the objective of obtaining information superiority. Computer Network Operations (CNO) are composed of Computer Network Attack (CNA), Computer Network Defence (CND), and Computer Network Exploitation (CNE).
Cyber Defence
Concept used in defence environments that involves securing system activities, but is aimed at defending systems from possible deliberated attacks, for example cyber terrorism (terrorist attacks executed on cyber space) or even international operations in cyber space.
Cyber Security
Concept based on the protection of Communication and Information Systems (CIS) from different possible threats that could materialize and cause damage.
[167]
Cyber Space
Existing global group of communication networks and systems that are interconnected directly or indirectly
Cyber Warfare
Armed fight (where weapons are CIS) between two or more nations or sides of the same nation, where the battlefield is cyber space.
Decision making
Process used to make a choice between several alternatives to solve a situation. It usually implies defining the purpose, defining and evaluate the different options, choosing an alternative, and turning it into an action.
Decision Superiority
The ability of all elements of the system, mainly people, to make optimal decisions that each situation requires.
Information
Facts, data, or instructions in any medium or form. The meaning that a human assigns to data by means of the known conventions used in their representation.
Information Assurance
The protection and defence of information and communication and information systems (CIS) through the totality of measures to ensure their availability, integrity, authentication, confidentiality, and non-repudiation.
Information Availability
Information property or characteristic related to guaranteed access to the information by authorized entities or processes when required.
Information Confidentiality
Information property or characteristic related to prevent disclosure or access to the information from unauthorized entities or processes.
Information Dissemination
Distribution of information to the public or the process of making information available to the public.
Information Handling
Activity or activities related to the use of information by creating, presenting, storing, processing, transporting, or disposing of it.
Information Integrity
Information property or characteristic related to guarantee that the information has not been altered without authorization.
Information Management
The function of managing an organization’s information resources by the handling of knowledge acquired by one or many different individuals and organizations in a way that optimizes access by all who have a share in that knowledge or a right to that knowledge.
[168]
Information Superiority
State of relative advantage in the information domain achieved by getting the right information to the right people at the right time in the right form while denying an adversary the ability to do the same.
INFOSEC
The protection of confidentiality, integrity, and availability of the information; the integrity and availability of the CIS that manages it.
NEC
Network Enabled Capability. Ability to deliver precise and decisive military effects with unparalleled speed and accuracy through linking sensors, decision makers, and weapon systems. It relies upon the ability to collect, fuse, and analyze relevant information in near real time to allow rapid decision making and rapid delivery of the most desired effect (Bi - Strategic Command).
NECCS
Network Enabled Capability Cyber Security. Set of technical and procedural security measures addressed to information, people and Networking and Information Infrastructure (NII), with the goal to facilitate the information superiority in an NEC environment.
Need to know
Security principle that states that the access of information can be executed only by the people who have a real necessity of knowing it.
Need to share
Principle that invokes the necessity of sharing information between different entities to gain strategic, tactical, and operational advantages.
NII
Networking and Information Infrastructure. The globally interconnected, end-to-end set of information capabilities, associated processes, and personnel for collecting, processing, storing, disseminating, and managing information on demand to war fighters, policy makers, and support personnel. The NII includes communications and computing systems, software, data, and security elements. It provides the services necessary to achieve Information Superiority. The NII provides capabilities to all operating locations (HQ, posts, camps, stations, facilities, mobile platforms, deployed sites, and agencies). The NII provides interfaces to coalition, allied and non-NATO users and systems (NNEC Feasibility Study).
[169]
NNEC
NATO Network Enabled Capability. The Alliance’s cognitive and technical ability to integrate the various components of the operational environment, from the strategic level (including NATO HQ) down to the tactical levels, through a network of networks (MCM-0038-2005).
NNEC Governance
The method used to manage, administer, and control NNEC. It is highly related to the necessity of communication and information systems assurance, the administration of risk, and the control of Information.
Principle of “just in case”
Refers to the behavior related to the indiscriminate implementation of security solutions without having a clear return on investment or without saving a proportion between investment and expected benefits.
Principle of efficiency
Refers to the systematic and planned implementation of security solutions considering the ratio between investment and expected benefits.
Process Reengineering
Fundamental preconception and redesign of business processes to achieve dramatic improvement in performance measures such h as costs, quality, service, and speed (Institute of industrial Engineers).
Secure Information flow
Transmitted information by any channel that protects its availability, integrity and confidentiality.
Share to win
The need for information sharing as a pivotal aspect for success.
Suite B algorithms
A type of cryptographic algorithm that has been approved by NATO Nations and NCSA that are not kept secret.
_________________________________________________ Sources of definitions: NATO Network Enabled Capability (NNEC) Feasibility Study NATO Network Enabled Capability NNEC Vision and Concept DoD Dictionary of Military and Associated Terms Cátedra ISDEFE-UPM. Seguridad nacional y Ciberdefensa IEEE Bi - Strategic Command Institute of Industrial Engineers
[170]
Bibliography
Alberts, Davis S.; Gartska, John J.; Stein, Frederick P;. (2003). Network Centric Warfare, Developing and Liberaging Information Superiority. DoD Command and Control Research Program. Andrew D. James, U. o. (2004). Delivering Network Enabled Capability: Industrial, Procurement and Policy Challenges for the UK. Cátedra ISDEFE-UPM. (2010). Investigación, Desarrollo e Innovación. I+D+i en el Sector de la Defensa. Cátedra ISDEFE-UPM. (2009). Seguridad nacional y Ciberdefensa. Coleman, K. G. (2010). Cyber Commander's Handbook, the Weaponry & Strategies of Digital Conflict. Pittsburgh, PA: Technolytics. Czosseck, Christian; Podins, Karlis;. (2010). Conference on Cyber Conflcit, Proceedings 2010. Tallinn: Cooperative Cyber Defence Centre of Excellence (CCDCOE). David S. Alberts, J. J. (2000). Network Centric Warfare. Developing and Leveraging Information Superiority. Domingo, Alberto; Rico, Miguel Angel;. (2010). NATO Network-Enabled Capability (NNEC) Frecuently Asked Questions (FAQ). Norfolk: SACT. España, E. m. (2007). Concepto de Información en Red (NEC) del JEMAD. España, E. M. Convergencia de redes y sistemas en NEC. España, M. d. (2008). Implementación del concepto NEC en una fuerza aérea expedicionaria. España, M. d. (2009). Monografías del SOPT. Network Centric Warfare. Network Enabled Capability. Euronec. (2009). Extract from the NEC vision. EU NEC vision report. Europa Press relases Rapid. (2010). EU Industrial R&D Investment Scoreboard. Retrieved from http://europa.eu/rapid/pressReleasesAction.do?reference=MEMO/10/522&format=HTML& aged=0&language=EN&guiLanguage=en.
[171]
Europa Press relases Rapid. (2010). R&D and the economic crisis: top EU firms cut investment less than US rivals, but Europe still well behind. Retrieved from http://europa.eu/rapid/pressReleasesAction.do?reference=IP/10/1379&format=HTML&age d=0&language=EN&guiLanguage=en. European Commission. Monitoring industrial research: The 2010 EU industrial R&D investment Scoreboard. European Defence Agency (EDA). (2009). Annual Report. Germany. (n.d.). Bundeswehr. Retrieved from http://www.deutschesheer.de/portal/a/heer/technik/perspek/infante. Germany. (n.d.). http://www.danmil.de/10184.html. IBM. (2000). Deploying a Public Key Infrastructure. Italy. (n.d.). http://www.esercito.difesa.it/root/chisiamo/docs_rivmil/Rivmil07_02_FNEC.pdf. Italy, M. d. (n.d.). Forza NEC. Retrieved from http://www.difesa.it/approfondimenti/festarepubblica/2giugno07/rivista-militare/sfilamentoreparti/mezzi_tecnologici_forza_nec_ei.htm. Italy, S. M. La Transformazione NET-Centrica. Khalilzad, Zalmay M.; White, John P.;. (1999). The Changing Role of Information Warfare. Washington: RAND. Larstan. (2004). Multi-Level Security Strategies for the Federal Government. Luis Joyanes Aguilar, María José Caro Bejarano, José Luis González Cussac, Juan Salom Clotet, Nestor Ganuza Artiles, Juan Díaz del Río Durán y Javier Candau Romero. (2010). Ciberseguridad. Retos y amenazas a la seguridad nacional en el ciberespacio. Madrid: Instituto Español de Estudios Estratégicos. Mbda-Systems. (n.d.). Phoenix 2008. Retrieved from http://www.mbdasystems.com/mbda/site/docs_wsw/RUB_344/dp_phoenix_9_oct_2008_va.pdf. NATO. (2007). Compendium of NNEC Related Architectures - Revision 2. NNEC Strategic Framework. NATO. (2009). Multiple Future Project. NATO. (n.d.). NATO Network Enabled Capability. Retrieved from http://nnec.act.nato.int/default.aspx. NATO. (2009). NATO Network Enabled Capability (NNEC) Conference Report. NATO. (2010). NATO Network Enabled Capability (NNEC) Conference Report.
[172]
NATO. (2005). NATO Network Enabled Capability (NNEC) Feasibility Study Executive Summary. NATO. (2005). NATO Network Enabled Capability (NNEC) Feasibility Study Volume I: NATO Network-Centric operational needs and implications for the development of Net-Centric solutions. NATO. (2005). NATO Network Enabled Capability (NNEC) Feasibility Study Volume II: Detailed report covering a strategy and roadmap for realizing a NNEC Nettworking and Information Infrastructure (NII). NATO. (2010). NATO Network Enabled Capability (NNEC) Frequently Asked Questions (FAQ). NATO. (2009). NATO Network Enabled Capability (NNEC) Introduction to the NEC Roadmap. NATO. (2009). NATO Network Enabled Capability (NNEC) Strategic Analysis of the NEC Roadmap. NATO. (2006). NATO Network Enabled Capability NNEC Vision and Concept. NNEC Strategic Framework. NATO. (n.d.). NCOIC. Retrieved from https://www.ncoic.org/home/. NATO. (2008). NEC Security Research Strategy. NATO. NRF-13 NNEC Assessment Report. NC3A. (2009). NATO and Sweeden joint live experiment on NEC. A first step towards a NEC realization. NC3B. (2009). Directive on the implementation of the federated communications services within the networked information infrastructure. NIST. (2006). SP 800-86 Guide to Integrating Forensic Techniques into Incident Response. OGC. (2007). ITIL v3. Prof. Nick Jennings, D. R. (2003). Network Enabled Capability: Decentralised Coordination of Autonomous Agents to Achieve Operational Goals. Future Capabilities. Rusi.org, C. l. (n.d.). Network Enabled Capability: A UK Perspective. Rusi.org, Z. H. (2006). Electronic Security Implications of NEC: A Tactical Battlefield Scenario. Sharma, A. (2009). Cyber Wars: A paradigm shift from Means to Ends. Institute for System Studies and Analysis (I.S.S.A), Defence Research and Developmen Organization (D.R.D.O), Ministry of Defence, India. soldiermod.com. (n.d.). Retrieved from http://www.soldiermod.com/volume2/pheonix.html.
[173]
United Kingdom, M. o. (n.d.). MODAF. Retrieved from http://www.mod.uk/DefenceInternet/AboutDefence/WhatWeDo/InformationManagement /MODAF/ModafDetailedGuidance.htm. United Kingdom, M. o. (2009). NEC. Understanding Network Enabled Capability. s.l. Newdesk Communications Ltd. United Kingdom, M. o. (2005). Network Enabled Capability JSP 777. United Kingdom, O. o. (2009). Cyber Security Strategy of the United Kingdom. United States. (n.d.). Office of Cyber Security (OCS). Retrieved from http://www.cscic.state.ny.us/. United States, D. o. (n.d.). DoD Architecture Framework (DoDAF). Retrieved from http://cionii.defence.gov/sites/dodaf20/. United States, D. o. (2010). NATO NEC C2 Maturity Model. United States, D. o. (2001). Network Centric Warfare. Report to Congress. United States, H. S. (n.d.). Cyber Storm: Securing Cyber Space. Retrieved from http://www.dhs.gov/files/training/gc_1204738275985.shtm. United States, H. S. (2003). The National Strategy to Secure Cyberspace. University of Cambridge, M. G. (2003). Compromising emanations: eavesdropping risks of computer displays. US Army War College. (2006). Information as Power Vol. 1-4.
[174]
About NATO CCDCOE
The NATO Cooperative Cyber Defence Centre of Excellence (NATO CCD COE) is a multinational initiative aimed at improving the understanding of the cyber security field through multinational and multidisciplinary cooperation. The multinational cooperation to date is guaranteed by Germany, Spain, Estonia, Hungary, Italy, Latvia, Lithuania, and Slovakia as sponsoring nations and by other partners that collaborate with the NATO CCDCOE in specific projects of mutual interest. The United States, Turkey, and Poland are involved in the administrative process for being a sponsoring nation. The multidisciplinary cooperation in NATO CCDCOE projects, programs, and activities is achieved through the integration, of experts in the different fields to provide a comprehensive and effective solution to cyber security issues. Generally, most projects are carried out in close cooperation among experts in cyber security strategy, technology, science, policy, law, and military issues. NATO CCDCOE was formally established on the 14th of May, 2008, in Tallinn, capital of the Republic of Estonia, with the goal to enhance the NATO’s cyber defence capability. Specifically, the mission of NATO CCDCOE is to enhance the cyber defence capability, cooperation, and information sharing among NATO, NATO nations, and partners by virtue of research and development, lessons learned, education, and consultation.
[175]
About ISDEFE
ISDEFE (Ingeniería de Sistemas para la Defensa or Systems Engineering for Defence) was created in September 1985 by Spain’s Council of Ministers decision, with the objective of providing technical support in engineering and consulting services for advanced technologies, in both the defence and civil sectors. ISDEFE is divided into several divisions providing services to over 25 national and international civil and defence agencies, mainly within the Spanish Ministry of Defence, Armies and Ministry of Public Works (Civil Aviation Authority), as well from the Public Body AENA (Spanish Airports and Air Navigation), EUROCONTROL, and several General Directorates of the European Commission (EC). With a staff of more than 900 employees, ISDEFE’s activities are mainly focused on the following fields: cyber defence and information security, command and control, intelligence, combat and weapon systems, electronic war, air navigation, safety and security in air transport, telecommunications, simulators, and logistic support. ISDEFE’s goal is to provide personalized consulting services, technical excellence in the solutions proposed, and strong integration with the client’s environment. The corporation’s main values are: independence from industrial, commercial and financial interests; a high level of professional qualifications; excellence in technology and management; and a clear commitment to technological innovation, security, and quality. ISDEFE is a non-for-profit corporation that ensures the maximum independence and impartiality in the projects it undertakes. According to the company by-laws that assure absolute independence, only public entities are allowed to become ISDEFE clients. ISDEFE has participated in a great number of projects for variety of clients. In the twenty-five years since its creation, ISDEFE has demonstrated that it is the best ally of Spain’s Public Administration and provides optimum support in national and multinational programs for other public agencies, especially for the Ministry of Defence and the Spanish Armed Forces, as well as for other civil and military entities of the European Union, North Atlantic Treaty Organization (NATO), and United Nations (UN). For a more detailed description of ISDEFE’s activities and company profile, visit: http://www.isdefe.es/eng/empresa-memoria.php.
[176]
About the Authors
Néstor Ganuza is the chief of the Training and Doctrine Branch of the NATO Cooperative Cyber Defence Centre of Excellence. Since 1998, he has been working in the information assurance arena, holding various positions related to Information Assurance and Information Infrastructure Technology Security management at the Spanish Defence Staff and MoD Communication and Information System (CIS) Directorate. During the last 13 years, Lt. Colonel Ganuza has been involved, as chief manager in the following projects: Cryptographic monitoring of the multinational imagery satellite “Helios” (multinational keys surveillance cell member); defence crypto devices procurement program; foundation and organization of the 1st SP MoD Defence Information Assurance Annual Conference; definition, development, and establishment of the SP MoD public key infrastructure, PKI (co-manager); definition, development, and establishment of the SP MoD identity card -crypto smart card-; definition, development, and implementation of SP MoD information assurance policy; cyber security taxonomy and glossary; and cyber security in NEC. Néstor Ganuza is a Lieutenant Colonel in the Spanish Army Signal Corps, Master in Computing Security from Universidad Politécnica de Madrid, and Cryptographic Specialist by Spanish National Security Agency (CNI).
Alberto Hernández is the Head of the Cyber Defence Area in ISDEFE, supporting different projects and initiatives of the company in this area, especially in the defence sector. Since joining ISDEFE in 2001, Mr. Hernández has been involved in many facets of the cyber defence area, mainly serving as principal advisor of the Information Assurance Section and Program of the Spanish Defence Staff. Since 2007, his main activity has been managing project teams in cyber defence and information assurance programs. During his more than 13 years of experience, he has been leading projects related to secure C2 system architectures design, accreditation, vulnerability evaluation and risk assessment processes, security policies and regulations development, military computer incident response capability definition and implementation, and national cyber Defence exercises preparation and execution.
[177]
Alberto Hernández is a Telecommunication Engineer from the Polytechnic University of Madrid, Certified Security Director by Spanish Home Office, Certified Information System Auditor (CISA) by ISACA, Certified Information Security Professional (CISSP) by ISC2 and certified ITIL and Prince2 among others.
Daniel Benavente is a Systems Engineer at Cyber Defence Area in ISDEFE, participating in several projects since 2007, especially in the defence sector. During his entire professional career, security and innovation have been an integral part of the activities and projects he has participated in. With more than 5 years experience, he has worked at Information Assurance Section and Program of the Spanish Defence Joint Staff in projects related to architectural design, accreditation processes and security audits, vulnerability evaluation and risk assessment processes, and cyber defence exercise preparation and execution. He is an expert in risk analysis and management and has participated in R&D projects, where the study, comparison, and development of risk management methodologies and tools were important activities. He has also participated in different NATO and ENISA workshops, one of which concerned dynamic risk assessment. He has also been a speaker in several security conferences. Daniel Benavente is a Telecommunication Engineer from the Polytechnic University of Madrid, Certified Information System Auditor (CISA) by ISACA, certified on ITIL v3, and certified as Implanter Specialist on Management Systems of Information Security (AENOR) among others.
[178]
About NECCS-2
The NATO CCDCOE NECCS (Cooperative Cyber Defence Centre of Excellent Network Enabled Capability Cyber Security) project was conceived as a long term, systematic top-down study on all the aspects related to the security in NEC. This paper, NECCS-1, is the first and most general study, providing the framework for the following studies. NECCS-2 is planned to contain deeper, updated content already dealt with in NECCS-1. It will include the most recent findings and initiatives in NEC that have emerged since the publication of NECCS-1 and will expand the studies to other nations and organizations. In particular, NECCS-2 will undertake topics that are considered pivotal for the future of NEC. These topics include: a. NECCS as an essential enabler for a NEC Comprehensive Approach. b. NNEC body of knowledge, security aspects. c. Cyber Security in mission networks and operations d. Dynamic Risk Assessment. e. Simulation and Training. f.
Computer Network Operations.
g. Temporary and unanticipated NEC members. h. CERTs in NEC i.
Emerging technology challenges.
[179]
[180]