1 / 17

The Rise and Fall of DMS/FORTEZZA: Lessons Learned in U.S. Defense Messaging

The small but smart supplier of superior messaging software. The Rise and Fall of DMS/FORTEZZA: Lessons Learned in U.S. Defense Messaging. Kathy Nuckles CEO/President kn@commpower.com www.commpower.com. Agenda. Introduction/Background Context of Presentation Security Adversaries

jonco
Download Presentation

The Rise and Fall of DMS/FORTEZZA: Lessons Learned in U.S. Defense Messaging

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The small but smart supplier of superior messaging software. The Rise and Fall of DMS/FORTEZZA: Lessons Learned in U.S. Defense Messaging Kathy Nuckles CEO/President kn@commpower.com www.commpower.com

  2. Agenda • Introduction/Background • Context of Presentation • Security Adversaries • DMS Timeline: 14+ years in the making • DMS Future (per Mandate) • Next Generation Security Focused Building Blocks • Common Data Medium: XML • Common Security Labeling & Access Control: SPIF • Common Access Card (CAC) • Commerciality • Security Summary

  3. Introduction/ Background • Established in 1984; California Corporation [Small Business] • Specialize in Military/Weather Product Development and System Integration • Products: 6 Military Gateway Products; 1 Text-to-Speech Product; 2 Security Label Toolsets • Systems: Turn-Key “COMMCENs” for the U.S. Air Force and Defense Logistics Agency, U.S. Federal Aviation Administration, U.S. National Weather Service • Key Team Member of the U.S. Defense Message System (DMS) Program Since Inception (1995) • Visit www.commpower.com

  4. Context of Presentation As a key product supplier and team member to the U.S. Defense Message System (DMS) program for 14+ years, CommPower has amassed a wealth of communications and security experience. This presentation is based on that experience. Please note that the views and opinions presented are CommPower’s and don’t necessarily reflect the views of the U.S. Government. Messaging Typical organization of a theater of operations as envisaged by War Department Doctrine, 1940 http://en.wikipedia.org/wiki/File:Theater_of_operations.gif

  5. Security Woes: Technical or Political? Technical Political The goods are available Why don’t they want them?

  6. Factors Affecting Security • Cost:Considered an overhead burden; Must not be a big ticket item • Ease of Use:If it is not intuitive, users will mount an attack • Availability of Alternatives:If there is a workaround, users will find it • Enforcement:Without enforcement, security will be bypassed

  7. DMS Timeline: 14+ years in the making 1995 2000 2010 2008 RAAUTJAZ RUWQAAAA0001 0151500—UUUU- . . . ZNR UUUUU . . . UNCLAS SUBJ: OPERATIONS IN . . . Stove-Pipes • Mandate to retire “DMS” and adopt commercial capabilities • Command E-mail concept begins to form; no solid definition to date • Panic retreat back to legacy • Discontinued Outlook (thick) client • AMHS proxy model is prolific • “Reduced” (or shared) organizational certificates becomes attractive • AMHS backside stovepipes start appearing with proprietary security labeling methods • Continued Outlook (thick) client with usability improvements. • Introduction of Proxy model with CAC enabled web clients and server resident FORTEZZA services (AMHS). • FORTEZZA access control is limited to transport; AMHS informational access controls are local and proprietary • Outlook & Domino Clients (Thick) • FORTEZZA at the desktop • Message is encrypted upon client submission • SPIF based security labels; Overly complicated client interface for security label generation • Teletype format • Human readable • COMMCEN operations • Closed backbone infrastructure • Organic Security model Unknown Security model fragments Front Line Security Security begins to retreat

  8. DMS FUTURE • DMS retires in 2012 • Adopt Commercial Technology NOW • DMS Replacement will NOT be provided • . . . but, let’s not lose site of basic security requirements. MROC (??) **Multi-command Required Operational Capability

  9. DMS/Security: Next Generation From the confusion there IS opportunity . . .

  10. Next Generation Messaging Security: Step #1a Don’t expect Industry to deliver a single, consolidated capability on its own; Give them critical building blocks to take and run with . . . • Basic Payload Construct • CommPower proposes XML • Commercially prolific • Easily processed • Carries all data types • Easily extended and customized • Backward compatibility is supported <!ELEMENT cpe-Payload (cpe-CONTENT-TYPE, cpe-IDENTIFIER, cpe-ORIGINATOR, cpe-RECIPIENT+, cpe-SIGNERS-DN*, cpe-CONTENT-SIZE?, cpe-CONTAINS-BINARY-ATTACHMENTS?, cpe-ALT-DELIVERY-ALLOWED?, cpe-LATEST-DELIVERY-TIME?, cpe-SECURITY-LABEL, cpe-EXTENSIONS?, cpe-CONTENT)>

  11. Next Generation Messaging Security: Step #1b Security Labels: Valid and consistent security labeling is an integral part of military communications, yet not an integral part of commercial communications. This, therefore, cannot be left to chance. Simple button to invoke Security Label Creation. Vendor would use the provided toolkit to create a custom user interface “look and feel” • Security Label Toolset • CommPower proposes an XML based SPIF definition and a freely distributed toolset. • Same XML merits as for the message format apply • Vendors could integrate the toolset without having to understand the intricacies. Security Label

  12. Next Generation Messaging Security: Step #1c Security Token: The Common Access Card is based on commercial technology and is widely deployed and accepted. Keep running with it!!! • Common Access Card • Infrastructure in place and operational • Based on accepted and practiced commercial technologies • Multi-Platform support

  13. . . . How Far Do These Building Blocks Bring Us? DMS Community X.400 X.400 P772 P772 DMSMTA Allies SPIF Security Label SPIF Security Label AMHS Client Client CP XML CP XML SMTP SMTP AMHS Client Client Other incl. CP-XJP CP-EXP CP-EXP CP-EXP CP XML CP XML AMHS SPIF Security Label SPIF Security Label AMHS Client Client Mail Relay Future DMS Replacement Next Generation Military Information Exchange: New and innovative products based on the three commercially aligned building blocks Future DMS Replacement

  14. RESTRICTED Consistent information throughout . . . And it’s More than Just e-Mail Outlook Chat Office Collaboration

  15. Next Generation Messaging Security: Step #1d • Government Responsibilities: It’s not enough to simply demand COTS; Action is Required • Maintain the building blocks • Evolve the building blocks • ENFORCE USE OF THE BUILDING BLOCKS “Setting an example is not the main means of influencing another, it is the only means.” ~Albert Einstein

  16. Security Summary: What is its Fate? Sound Security Building Blocks Woven into the “fabric” of operations Military/Defense Commerciality Can be carried toward the front line as required . . . Yet still remain embraced by Industry

  17. Partners in Defense Security (http://www.isode.com/company/xmlspif.html): Boldon James: Boldon James, a wholly-owned QinetiQ subsidiary since October 2007, has over 20 years’ experience specialising in secure messaging solutions tailored to meet the formal information exchange requirements of the worldwide defence and secure government sectors. Its Version 3 Secure Information Exchange architecture now provides a suite of Microsoft commercial off-the-shelf (COTS) functional extensions across the Unified Communications collaboration and conferencing suite, resulting in solutions with a low total cost of ownership (TCO) and significantly reduced deployment risk. Boldon James are a Microsoft Gold Partner and the Microsoft Global Go To Market Partner for Messaging in Defence and Public Safety sectors. Cadmidium: Cadmidium Services Ltd is a technical consultancy specialising in communications system procurement, support services and product development. Cadmidium services have a diverse range of expertise backed up by decades of experience. Cadmidium currently have staff engaged with clients on a number of projects across land, sea and air environments. Clearswift: Since 1982, Clearswift have provided internet content filtering solutions to more than 17,000 organizations around the world. We design our technologies and services around how people interact, developing adaptable solutions that define business communication. Clearswift solutions, available through an extensive partner network of qualified security specialists, safeguard information and communications, leaving employees free to communicate and collaborate, creating an environment that nurtures growth. Clearswift solutions allow you to strike the right balance between growth, cost and risk. CommPower: CommPower, since its inception in 1984, has been seeking excellence in the product development and integration market, with emphasis on secure, real-time message processing/switching and data communications applications for military and meteorological markets. For these sectors, CommPower offers a host of gateway/dissemination products as well as Microsoft Exchange-based offerings all of which adhere to popular and open industry standards. eB2Bcom: eB2Bcom builds and markets the high performance View500 Discovery & Directory server that combines LDAP, X.500 and XMLeD protocols in a single system. Renowned for its searching and matching capabilities and integrated WebDUA, View500 is deployed in Australia, Asia, USA, and Europe. Isode Ltd: Isode builds high performance messaging and directory server products, using Open Standard protocols. Isode has customers in over 30 countries with exports accounting for over 60% of sales. Isode’s products are used in sectors where security, scaleability, reliability and excellent support are core requirements. JSC: JSC Ltd provides design, integration, support, specialist training and technical consultancy services to the defence and defence related sectors. We specialise in the delivery and support of high-end secure messaging, directories and PKI-based solutions. Nexor: Nexor is a leading provider of information assurance solutions to defence and government agencies. We ensure that sensitive information is accessed, controlled and shared in accordance with prevailing security policies by handling the connection, transformation and protection of that information. Our specialist capability and technology has been developed over two decades and our comprehensive portfolio is readily tailored to provide a value for money contribution to information assurance programmes. SMHS Ltd: SMHS is a small, UK-based, company providing scientific, technical and integration consultancy services for a range of core enterprise services. These services include messaging (both formal and informal); directory services, security services and web services.

More Related