implications for security in a nco environment l.
Skip this Video
Loading SlideShow in 5 Seconds..
Implications for security in a NCO environment PowerPoint Presentation
Download Presentation
Implications for security in a NCO environment

Loading in 2 Seconds...

play fullscreen
1 / 31

Implications for security in a NCO environment - PowerPoint PPT Presentation

  • Uploaded on

Implications for security in a NCO environment 18 October 2007 MGen Frans Picavet Global NCO Ambassador Outline Operational Context Challenges Solutions Strategy Solutions Conclusion Operational context

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Implications for security in a NCO environment' - johana

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
implications for security in a nco environment

Implications for security in a NCO environment

18 October 2007

MGen Frans Picavet

Global NCO Ambassador

  • Operational Context
  • Challenges
  • Solutions Strategy
  • Solutions
  • Conclusion

| 3/7/2014 |

operational context
Operational context
  • Information security = confidentiality, availability and integrity it also includes authentication, authorization and non repudiation
  • Fighting at the same time third and fourth generation warfare
  • Effects based planning and execution
  • Integrating pol, mil, ec, legal and social initiatives
  • Every platform on every level a joint sensor , wide interoperability
  • At least NATO Secret, Mission Secret and Mission Unclassified domains
  • Widened CIMIC, IO, PsyOps, Human Intelligence
  • Focus on Strat/Pol-Mil, Operational and Tactical level
  • Joint COP and ISR integration is desperately needed
  • 50.000ish troops on three continents
  • Transformation to Network Centric Operations

| 3/7/2014 |

  • Operational Context
  • Challenges
  • Solution strategy
  • Solutions
  • Conclusion

| 3/7/2014 |

nco security cross domain relevance

Cyberthreats live in a virtual world of cyberspace (information, information systems, and computer networks) with no real boundaries

“Cybercrime”: use of IT by hackers, insider, organized crime


  • Cost Driven
  • Non-Real Time
  • Response - Collect Legal Evidence


  • Real time
  • Mission Critical
  • Hostile Environment
  • Information Operations
  • Active Response

- Attack Tolerance & Counter Attack

Critical Infrastructure Protection

  • Driven by Priorities (Not Necessarily Cost!)
  • Time critical
  • Terrorism
  • Response - Determine Culpability

“Cyberwarfare”: Information intensive operations conducted during crisis or conflict to achieve specific objectives over an adversary or adversaries

“Cyberterrorism”:The conduct of terrorism in cyberspace and on IT components of our nations critical infrastructures

NCO Security Cross Domain Relevance


Law Enforcement


Business & Industry




| 3/7/2014 |

the state of evolving threats
The State of Evolving Threats
  • Expanding e-crime
    • Big business driven by profit
    • Innovation to capture new markets (victims)
    • Victim segmentation and focus
    • Stealth is the new “black”
    • Rate of attacks is accelerating
    • Form of attack is more malicious
    • Attacks are “designer” in Nature

| 3/7/2014 |

vulnerabilities growing time to exploit shrinking
Vulnerabilities Growing, Time-to-exploit Shrinking

Average # of days between publication and broad exploitation of a vulnerability.

Number of vulnerabilities reported to CERT/CC since 1995.

Source: CERT/CC Statistics; CERT,

August 3, 2004;

Source: Information Security Magazine (based on Foundstone), June 2004;

| 3/7/2014 |

old security paradigms are becoming obsolete
Old Security Paradigms are Becoming Obsolete
  • Integration opens enterprises to their partners – and to attacks and fraud originating from their networks
  • Resource sharing and virtualization reduces barriers that once protected applications from each others
  • Provisioning engines and centralized directories (identity, policy) become prime targets for hackers and single points of failure
  • Openness make it easier for hackers to connect to and “plug into” IT systems
  • Automation – automatic adjustment of bandwidth, computing resources, security defenses
  • Speed and adaptiveness amplify security problems
  • Business Process Transformation / Outsourcing increases dependencies on third parties

| 3/7/2014 |


Through enhanced networking, Defense face sophisticated threats and vulnerabilities, and the pressure to achieve and maintain security compliance – all with limited resources, time and budget.

Security Concerns

  • Sabotage of information systems at HQ’rs and Agencies at all level
  • Theft of information or IT assets
  • Viruses causing operational and decison tempo slowdowns
  • Installation of unauthorized hardware and software
  • System vulnerabilities, including unauthorized access
  • New technology introduce new vulnerabilities
  • Web services appeal to hackers
  • Compliance Considerations
  • Cost and legal exposure of non-compliance
  • Poorly established compliance policies, processes and procedures
  • Lack of effective policy monitoring and compliance reporting

| 3/7/2014 |

notoriously difficult and sticky problems
Notoriously Difficult and Sticky Problems
  • Massive inflow of vulnerabilities:
    • Time to exploitation is shrinking
    • Increasing sophistication of attacks vs. automation of malware
  • Poorly designed and installed software
    • Many examples of poor engineering
    • Many examples of bad configuration
    • Many examples of poor usability
  • Minimal outflow
    • Well-known vulnerabilities do not get fixed, exploitation peek often after release of patch
  • Growing complexity of (security) management
    • Complex set-up and administration, many ways to do the same thing
    • Never changed standard passwords and settings/profiles
    • Helpdesk and other social attacks
  • OS, routers, application monocultures
    • Write once, attack everywhere

| 3/7/2014 |

more challenges
….more challenges…
  • Cyber attacks should be responded in seconds
  • Operational Enablement – “Knitting the Net” forces us to realize that in as much as there are new war fighter capabilities, there are new and easier ways to subvert those capabilities.
  • Most networks are highly secured with no connection to the outside world
  • MSH systems often no address verification, no non repudiation capabilities, no secure storage, no secure access control
  • National caveats ask for solutions who work around the constraints
  • Trace back capabilities requires cooperation of many internet providers

| 3/7/2014 |

  • Operational Context
  • Challenges
  • Solution strategy
  • Solutions
  • Conclusion

| 3/7/2014 |

guidance from nato and member states perspective feasibility study
Guidance from NATO and member states perspective … (Feasibility study)
  • The realization of a ‘Networking and Information Infrastructure’

Key Communication Elements are: Use of the Internet Protocol (IP), to provide a common transport mechanism, the Migration to ‘Black’ IP core network and ‘Edge Proxies’ for non-IP networks. Software Defined Radios, Waveform Interoperability and Mobile Ad-Hoc Networking.

  • Key Information and Integration Elements are : Service Oriented Architecture, Core Enterprise Services, Common Information Strategy, Meta-data standardization (semantics), Developing Ontologies and the use of XML technologies to enable dynamic, role-based, information access

The NNEC Feasibility Study concluded that it is challenging, but technically feasible to implement the NII. However it seems evident, based on the work done during this study, that without major changes in NATO CIS implementation and operational structures, policies, and processes NATO will find it difficult to achieve NNEC.

| 3/7/2014 |

more guidance from the alliance
….more guidance from the Alliance….
  • Need to prevent, detect, respond, recover and pursuit
  • Common core supporting dynamic multinational operations
  • National resources in a distributed fashion
  • Need for object level protection, role based
  • Need general information sharing policies
  • Need general interconnection sharing policy
  • Need automatic configuration
  • Need high assurance devices
  • Need risk management in stead of risk avoidance

| 3/7/2014 |

industry solutions strategy
Industry solutions strategy
  • Protect against vulnerabilities and behaviors rather than against exploits
  • Focus on assured network design with High-assurance authorization based on
      • Security classification
      • Need-to-know
      • Meta-data on the information
  • Use data centric models and user & services identity management
  • Focus on vulnerabilities checks of legacy and new systems, services
  • SOA needs single centralized identity management and security policy infrastructure including outside communities of interest and federated user life cycle management
  • Focus on enabling/securing non-traditional boundaries, between the “spaces”
  • Leverage (real time) knowledge and experience of other industries around the world
  • Use strong testing capabilities to track application compliance to security requirements

| 3/7/2014 |

solution framework
Solution framework



  • Discovered 51% of high risk vulnerabilities since 1998*
  • 1994 First commercial Vulnerability Scanner
  • 1996 First commercial Intrusion Detection System (RealSecure)
  • 2000 First Intrusion Prevention System (Guard)
  • 2004 First Managed Security Service protection guarantee (Managed Protection Services)
  • 2005 First behavioral-based Anti-Virus of its kind


Defends against internal

and external threats.

  • Preemptive protection stops threats before impact.
  • Enjoy a combined solution that includes:
  • Network security
  • Data security
  • Applications security
  • Physical security

IBM Tivoli Security software is used by:



  • 15 of the top 20 commercial bank companies worldwide
  • 6 top health care companies worldwide
  • 4 of the top 5 telecommunications companies worldwide
  • 6 of the top 10 aerospace and defense companies worldwide
  • 7 of the top 10 computer and data service companies worldwide

Assesses your

security exposure.

  • Inventory assets
  • Apply trusted security policies
  • Identify and prioritize vulnerabilities
  • Conduct strategic remediation

Controls access.

  • Manage user identity efficiently
  • Demonstrate consistent execution of security policy
  • Define, implement, maintain and audit identity and access policies

Monitors security events to facilitate remediation and compliance.

  • Advanced monitoring and reporting enable proactive detection and analysis of threats
  • Security event management solutions help you spot trends, identify focus areas and prioritize risk
  • Respond to auditor requests with greater ease and efficiency


| 3/7/2014 |

information access principles
Information Access Principles
  • Based on roles, not identity
    • One and only one identity,
    • But one or more roles
  • Multi-factor authentication
    • What you know [pin]
    • What you have [token]
    • Who you are [biometric]
  • High-assurance devices decide on releasability [authorization]
    • Security classification
    • Need-to-know
    • Meta-data on the information

| 3/7/2014 |

  • Operational Context
  • Challenges
  • Solution strategy
  • Solutions
  • Conclusion

| 3/7/2014 |

security and privacy research at ibm
Security and Privacy Research at IBM

World wide

~150 researchers

| 3/7/2014 |

web services security
Web Services Security




Services Driven Interactions

Web Services






SOAP Web Services

Non Web Services

Web ServicesRemote Portlets

Web Services





How do we identify and authenticate the service requester ? How do we identify and authenticate the source of the message ?Is the client authorized to send this message? Can we ensure message integrity & confidentiality ?How can I audit the access to Web Services?

Multiple layers of enforcement – perimeter, gateway, app server, application

| 3/7/2014 |

service oriented assurance for cop creation
Service Oriented Assurance for COP Creation










  • Label Management
  • Authentification
  • Cryptology Management
  • Single-Level Broker


| 3/7/2014 |

data in the nextgen sec arch
Data in the NextGen Sec.Arch

Today’s Security Architectures

Air Gap

Today’s Security Architectures:

  • Systems are labeled
  • Data inherits label from system
  • Limited Flexibilty:
    • Downclassification costly
    • Data can only live on same-level systems

Next Generation Security Architecture:

  • System determines “default” data label
  • Data may have different label
  • All data can be transported on all layers
  • Protections against unauthorized downflow:
    • Read Protection (Encryption)
    • Write Protection (Authentication)
    • Flow authorization/blocking (Guards)

Next Generation Security Arch.






| 3/7/2014 |

data transport


Data Transport

Data Transport via Upper Level

  • “Confidential” Radar Pictures in Secret Operational Picture
  • Transmission of Restricted Mail via Confidential Systems


    • Less need for down classification
    • Common transmission of high/low data


    • Modified data needs “normal” down classification

Data Tunneling via Lower Level

  • Transmission of Secret Situation Picture via Conf Peers
  • Distribution of Patches via Untrusted Networks


    • Cheaper / more networks
    • Common transmission of high/low data

Security: Data is encrypted




| 3/7/2014 |

data down classification
Data Down classification

Down classification Procedure:

  • Obtain data & credentials
  • Verify credentials
  • Change Classification
  • Return d.c. data to application
  • Optional: Send to lower systems

Down classification Requirements

  • Authorized roles (user/sender/receiver)
  • Authorized application/service
  • Correct format
  • Same requirements (other policy) for
    • Down/up-transmission
    • Integrity trust changes
  • Note: Classification != Communication


| 3/7/2014 |

innovation nco center of excellence helsinki
Innovation: NCO Center of Excellence - Helsinki
  • Who: The Finnish Defense Forces and IBM
  • When: Established January 2006
  • Focus: NCO solutions built on service oriented architecture.
    • Utilizing commercial off-the-shelf (COTS) products
    • Based on open standards


Develop solutions to support FDF NCO capability development.

Leveraging the latest technology innovations

productize NCO solutions created by FDF and IBM for application and usage in other

defense organizations

Creating innovation exchange with other defense forces

Lower risks by experimentation and evolutionary approach in developing capabilities

Results PoC’s of

Knowledge transfer to C4ISR project



SOA scalability

MLS in SOA environment (in preparation) with Zurich lab as partner

| 3/7/2014 |

managed security services the virtual soc


Operations Center


Atlanta - Detroit








Managed Security Services & the Virtual-SOC



Global Security Operations Center

Meta data

(logs, events)





Value of Managed Security Services

  • 24x7 service
  • Quality SLA’s
  • Security specialist
  • Proven processes
  • Alerting and Remediation

IT-Security Manager

  • Early warning
  • Security Research
  • Lower TCO
  • Less risk

| 3/7/2014 |

extension autonomic management architecture
Extension: Autonomic Management Architecture



Policies & Consent


SecurityManagement Console



Policies &Management Commands

Status & Audit Information

| 3/7/2014 |

security in the federated enterprise service bus
Security in the Federated Enterprise Service Bus


Publishes selected MIP data, Geo, Hydro and Met


Network Enterprise Core Services provide the Enabling SOA infrastructure On Which To Run Business Services

  • Discovery
  • Mediation
  • Messaging
  • Transformation
  • Security
  • Registry
  • Service Mgmt
  • QoS

Publishes LINK 16 information


Tactical Data Links

IBM WebSphere




Publishes ATO/ACO

Consumes RMP, Met, Geo and Hydro

Without ‘FRED’ lack of Corporate Governance leads to

‘Islands of SOA’




Publishes enhanced Geo Services

Consumes ATO/ACO, Met, Geo and Hydro

Logical Federated ESB Common Denominator for Network Enterprise Core Services




Publishes RMP

Consumes Met, Geo and Hydro

| 3/7/2014 |

  • Operational Context
  • Challenges
  • Solution strategy
  • Solutions
  • Conclusion

| 3/7/2014 |

  • Terrorist networks adapt quicker their tactics in days and hours
  • Security is a matter of anybody: supplier, service provider, operator, user (private and military business)
  • Most information sharing is hampered by policy and not by technology
  • Need strong monitoring system, authorities to shut systems down remotely
  • Good procedures to trace evidence, and discipline not to destroy this
  • Lower risks by experimentation and evolutionary approach in developing interoperable information security capabilities
  • Need greater degree of structural and effective collaboration and coordination of all parties at all levels to complement and reinforce each other
  • De-risk by working closely with strategic trusted partners who invest in continuous research and security operations centres

| 3/7/2014 |