Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Content in the Department of Defense’s

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Securing Content in the Department of Defense’s"— Presentation transcript:

1 Securing Content in the Department of Defense’s
Global Information Grid Secure Knowledge Management Workshop State University of New York - Buffalo 23-24 September 2004 Robert W. McGraw Technical Director IA Architecture & Systems Security Engineering Group Information Assurance Directorate National Security Agency

2 Vision for DoD Transformation
The Department of Defense is transforming itself through the Global Information Grid (GIG) in pursuit of information superiority and net-centric warfare (NCW) “The two truly transforming things might be in information technology and information operating and networking… connecting things in ways that they function totally differently than they had previously.” “And if that’s possible…then possibly the single most transforming thing in our Force will not be a weapon system, but a set of interconnections and a substantially enhanced capability because of that awareness.” Donald Rumsfeld, Secretary of Defense Town Hall Meeting, Pentagon, 9 August 2001 “…the outcome we must achieve: fundamentally joint, network-centric, distributed forces capable of rapid decision superiority and massed effects across the battlefield” Donald Rumsfield, Secretary of Defense Secretary’s Foreword to Transformation Planning Guidance, April 2003

3 Mission Area-Specific Content Providers and Capabilities
GIG Vision Fundamental transformation in information/content management, communications, and information assurance. Mission Area-Specific Content Providers and Capabilities IP Transport Backbone Fiber Satellite Wireless Highly Available Service Oriented Architecture Core Enterprise Services Unique Mission Specific services Content Providers Provided by mission specific entities Many mission areas (e.g. business, financial, personnel, command and control, intelligence, warfighting) Users Consumers of the GIG content. DoD Intelligence Community, Allies and coalition partners, other government, state/local… Users Dynamically Created COIs Personnel Finance Command & Control Weapon Systems Logistics Etc. Intel Sensors IP-Based Transport Backbone Terrestrial Space Based Tactical Wireless Mediation Applications User Assistant Systems Management Discovery Collaboration Security/IA Storage Messaging Core Enterprise Services

4 GIG Transformation Drives Focus on IA and Securing Content
Current (Conceptual) Future (implied by GIG vision) INTERNET Converged IP Backbone Terrestrial Fiber Integrated Enterprise Management and Control Satellite Tactical Wireless Core Enterprise Services Warfighter Domain Business IC Separate networks that rely on physical, cryptographic, and administrative isolation to protect content of different sensitivity Isolation approach restricts ability to share content by creating stovepipes with limited bridging Incremental Evolution Top Secret Transport Computing Infrastructure Warfighter, Business, IC Mission Areas Secret Unclassified Management & Control Warfighter, Business , IC Warfighter, Business, IC Limited bridging Common, converged networks that rely on advanced Information Assurance technologies and trustworthy systems to protect content of different sensitivity Ubiquitous Information Assurance enables content sharing through logical domains and communities of interest

5 Some Considerations for Securing Content in the GIG
Goal: Ensure that the content relied upon by GIG users is properly protected, available, reliable, and authorized for use, in a common, coordinated manner. Security Risk Assessment Content types Reliability and trustworthiness of content Availability of content Robustness of systems Access control

6 Access Control Decision - Traditional
Object-level access control will become the primary protection mechanism for segregating information at different sensitivity levels Traditional access control approaches will not suffice to support the change in paradigm from need-to-know to need-to-share because they: Demand satisfaction of clearance and need-to-know and assume that the risk of granting access is unacceptable if both are not met – no exception Assume uniformity of people, IT components and situational conditions across the enterprise and time Are inflexible

7 Access Control Decision – Risk and Policy Based
A concept referred to as Risk Adaptable Access Control (RAdAC), is envisioned that will determine access based on: The security risk in granting the access Operational necessity for access The enterprise’s policy for the balance between the two for various situations. Operational necessity can trump security risk Security risk is primarily a function of the people, IT components, content object being accessed, the environment in which they exist and historical access. Measurement of risk is envisioned to be done by ‘intelligent’ system processes, that will operate on a set of inputs and provide a risk level. Multi Factor Access Control Risk Decision Policy Based Evaluation of Access Request Flexibility in Response to Operational Need

8 Access Control - Inputs
Characteristics of: The person (or other entity) to be given access The object or resource to be accessed The IT components involved and their pedigree The environment (e.g. location, facility) in which the person and IT components are operating Other Inputs Situational Awareness (e.g. threat level condition) Heuristics – past decisions, knowledge of total enterprise risk Digital Access Control Policy – specifies levels of acceptable risk and required operational need

9 Access Control - Context
The access control enforcement would be distributed to various systems A resource could be any content to which access must be controlled. Static data, real time video, web service, web page, and so forth. Access Control Request to Request to Enforcement access resource Entity / User access resource Resource (Policy Enforcement Point (PEP)) Access request Allow / Deny Access Control Capabilities Risk Knowledge Risk - Adaptable Access Control Decision (Policy Decision Point (PDP)) Retrieval of Access Control Access Rights, Privileges, Policy Retrieval & Attributes Content Labeling Management Metadata Catalog Policy Authentication Situational Awareness Authorization Management Management Identity Management Authorization Polices Entity/User Environmental Factors User Identities Profile

10 Some Technology and Research Challenges
The whole Information Assurance vision for the evolution of the GIG is replete with technology and research topics. The access control concepts just discussed generate many. Here are a few: Calculating security risk of access decisions – real time Determining the affect of access decisions on overall enterprise security Quantifying trust in people – through a security clearance or otherwise Determining a person’s operational need Quantifying and calculating the level of trust for various identification and authentication mechanisms Automatic determination and labeling of content protection requirements in accordance with enterprise policies, including subpart labels Quantifying the trust level of IT components and systems. Determining the location of IT components/client systems and quantifying the adversarial threat in that location Heuristics as applied to access control decisions and improving access control decisions Providing and managing digital security policies – dealing with conflict Providing affordable, trustworthy components

11 Summary The DoD, via implementation of the Global Information Grid, is undergoing a transformation in the way it manages, communicates and secures its information content. Information Assurance is critical to the success of the GIG vision. The GIG will be realized through a phased implementation over 15+ years which: Ensures Information Assurance capabilities, guidance, and policies exist to safely evolve to the next GIG increment Ensures the transformation does not become so complex that it cannot be adequately understood and evaluated For more information on Information Assurance for the GIG, please visit the Information Assurance Technical Framework (IATF) Forum website at

Download ppt "Securing Content in the Department of Defense’s"

Similar presentations

Institute for Cyber Security

Institute for Cyber Security
INDIANAUNIVERSITYINDIANAUNIVERSITY GENI Global Environment for Network Innovation James Williams Director – International Networking Director – Operational.

INDIANAUNIVERSITYINDIANAUNIVERSITY GENI Global Environment for Network Innovation James Williams Director – International Networking Director – Operational.
0 McLean, VA August 8, 2006 SOA, Semantics and Security.

0 McLean, VA August 8, 2006 SOA, Semantics and Security.
Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.

Trusted Computing in Government Networks May 16, 2007 Richard C. (Dick) Schaeffer, Jr. Information Assurance Director National Security Agency.
SOA for EGovernment 1 Emergency Services Enterprise Framework: A Service-Oriented Approach Sukumar Dwarkanath COMCARE Michael Daconta Oberon Associates.

SOA for EGovernment 1 Emergency Services Enterprise Framework: A Service-Oriented Approach Sukumar Dwarkanath COMCARE Michael Daconta Oberon Associates.
DELOS Highlights COSTANTINO THANOS ITALIAN NATIONAL RESEARCH COUNCIL.

DELOS Highlights COSTANTINO THANOS ITALIAN NATIONAL RESEARCH COUNCIL.
1 Susan Alexander Chief Technology Officer for Information and Identity Assurance Office of the Assistant Secretary of Defense, Networks and Information.

1 Susan Alexander Chief Technology Officer for Information and Identity Assurance Office of the Assistant Secretary of Defense, Networks and Information.
NRL Security Architecture: A Web Services-Based Solution

NRL Security Architecture: A Web Services-Based Solution
Navy’s Operational Authority for Naval Networks, Information Operations, and FORCEnet 2004 Strike, Land Attack & Air Defense Annual Symposium Vice Admiral.

Navy’s Operational Authority for Naval Networks, Information Operations, and FORCEnet 2004 Strike, Land Attack & Air Defense Annual Symposium Vice Admiral.
ERS Overview 5/15/12 | Page-1 Distribution Statement A – Cleared for public release by OSR, SR Case #s 12-S-0258, 0817, 1003, and 1854 apply. Affordable,

ERS Overview 5/15/12 | Page-1 Distribution Statement A – Cleared for public release by OSR, SR Case #s 12-S-0258, 0817, 1003, and 1854 apply. Affordable,
BENEFITS OF SUCCESSFUL IT MODERNIZATION

BENEFITS OF SUCCESSFUL IT MODERNIZATION
Keeping the War Fighter Informed

Keeping the War Fighter Informed
4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.

4/29/2009Michael J. Cohen1 Practical DIACAP Implementation CS526 Research Project by Michael J. Cohen 4/29/2009.
Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch

Smart Grid - Cyber Security Small Rural Electric George Gamble Black & Veatch
5/17/2015 1 SUPPORT THE WARFIGHTER DoD CIO 1 (U) FOUO DoD Transformation for Data and Information Sharing Version 1.0 DoD Net-Centric Data Strategy (DS)

5/17/ SUPPORT THE WARFIGHTER DoD CIO 1 (U) FOUO DoD Transformation for Data and Information Sharing Version 1.0 DoD Net-Centric Data Strategy (DS)
National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.

National Space-Based Positioning, Navigation, and Timing (PNT) Federal Advisory Board DHS Challenges & Opportunities Captain Curtis Dubay, P.E. Department.
Know the Earth…Show the Way NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY Approved for public release NGA # 07-102 Gregory Black Director, eGEOINT Management.

Know the Earth…Show the Way NATIONAL GEOSPATIAL-INTELLIGENCE AGENCY Approved for public release NGA # Gregory Black Director, eGEOINT Management.
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Connecting People With Information Conclusions DoD Net-Centric Data Strategy (DS) and Community of Interest (COI) Training For further information email.

Connecting People With Information Conclusions DoD Net-Centric Data Strategy (DS) and Community of Interest (COI) Training For further information .
© 2006 Carnegie Mellon University Establishing a Network Centric Capability: Implications for Acquisition and Engineering Dennis Smith Complex System Symposium.

© 2006 Carnegie Mellon University Establishing a Network Centric Capability: Implications for Acquisition and Engineering Dennis Smith Complex System Symposium.

Similar presentations

Ads by Google