6/13/20141 the rise and fall of dms/fortezza: lessons learned in u.s. defense messaging the small...
TRANSCRIPT
04/18/23 1
The Rise and Fall of The Rise and Fall of DMS/FORTEZZA:DMS/FORTEZZA:Lessons Learned in U.S. Defense Lessons Learned in U.S. Defense MessagingMessaging
The small but smart supplier of superior messaging software.
Kathy NucklesCEO/[email protected]
04/18/23 2
Introduction/BackgroundContext of PresentationSecurity AdversariesDMS Timeline: 14+ years in the makingDMS Future (per Mandate)
Next Generation Security Focused Building Blocks• Common Data Medium: XML• Common Security Labeling & Access Control: SPIF• Common Access Card (CAC)• CommercialitySecurity Summary
04/18/23 3
Established in 1984; California Corporation [Small Business]
Specialize in Military/Weather Product Development and System Integration
Products: 6 Military Gateway Products; 1 Text-to-Speech Product; 2 Security Label Toolsets
Systems: Turn-Key “COMMCENs” for the U.S. Air Force and Defense Logistics Agency, U.S. Federal Aviation Administration, U.S. National Weather Service
Key Team Member of the U.S. Defense Message System (DMS) Program Since Inception (1995)
Visit www.commpower.com
04/18/23 4
Typical organization of a theater of operations as envisaged by War Department Doctrine, 1940 http://en.wikipedia.org/wiki/File:Theater_of_operations.gif
As a key product supplier and team member to the U.S. Defense Message System (DMS) program for 14+ years, CommPower has amassed a wealth of communications and security experience. This presentation is based on that experience.
Please note that the views and opinions presented are CommPower’s and don’t necessarily reflect the views of the U.S. Government.
04/18/23 5
The goods are available Why don’t they want them?
Cost: Considered an overhead burden; Must not be a big ticket item
Ease of Use: If it is not intuitive, users will mount an attack
Availability of Alternatives: If there is a workaround, users will find it
Enforcement: Without enforcement, security will be bypassed
04/18/23 6
04/18/23 7
2010
• Outlook & Domino Clients (Thick)
• FORTEZZA at the desktop
• Message is encrypted upon client submission
• SPIF based security labels; Overly complicated client interface for security label generation
RAAUTJAZ
RUWQAAAA
0001
015
1500
—UUUU- .
. .
ZNR UUUUU
. . .
UNCLAS
SUBJ:
OPERAT
IONS
IN .
. .
• Teletype format
• Human readable
• COMMCEN operations
• Closed backbone infrastructure
• Organic Security model
• Continued Outlook (thick) client with usability improvements.
• Introduction of Proxy model with CAC enabled web clients and server resident FORTEZZA services (AMHS).
• FORTEZZA access control is limited to transport; AMHS informational access controls are local and proprietary
• Discontinued Outlook (thick) client
• AMHS proxy model is prolific
• “Reduced” (or shared) organizational certificates becomes attractive
• AMHS backside stovepipes start appearing with proprietary security labeling methods
• Mandate to retire “DMS” and adopt commercial capabilities
• Command E-mail concept begins to form; no solid definition to date
• Panic retreat back to legacy
Stove-
Pipes
1995 2000 2008
Security model fragments
Security begins to retreat
Front Line Security
Unknown
04/18/23 8
• DMS retires in 2012• Adopt Commercial
Technology NOW• DMS Replacement
will NOT be provided• . . . but, let’s not
lose site of basic security requirements.
MROC (??)**Multi-command Required Operational Capability
04/18/23 9
From the confusion there IS opportunity . . .
04/18/23 10
Don’t expect Industry to deliver a single, consolidated capability on its own; Give them critical building blocks to take and run with . . .
<!ELEMENT cpe-Payload (cpe-CONTENT-TYPE, cpe-IDENTIFIER, cpe-ORIGINATOR, cpe-RECIPIENT+, cpe-SIGNERS-DN*, cpe-CONTENT-SIZE?, cpe-CONTAINS-BINARY-ATTACHMENTS?, cpe-ALT-DELIVERY-ALLOWED?, cpe-LATEST-DELIVERY-TIME?, cpe-SECURITY-LABEL, cpe-EXTENSIONS?, cpe-CONTENT)>
Basic Payload Construct CommPower proposes XML
Commercially prolificEasily processedCarries all data typesEasily extended and
customizedBackward compatibility is
supported
04/18/23 11
Security Labels: Valid and consistent security labeling is an integral part of military communications, yet not an integral part of commercial communications. This, therefore, cannot be left to chance.
Security Label Toolset CommPower proposes an XML based SPIF definition and a freely distributed toolset.
Same XML merits as for the message format apply
Vendors could integrate the toolset without having to understand the intricacies.
Security Label
Simple button to invoke Security Label Creation. Vendor would use the provided toolkit to create a custom user interface “look and feel”
04/18/23 12
Security Token: The Common Access Card is based on commercial technology and is widely deployed and accepted. Keep running with it!!!
Common Access Card
Infrastructure in place and operational
Based on accepted and practiced commercial technologies
Multi-Platform support
04/18/23 13
Next Generation Military Information Exchange: New and innovative products based on the three commercially
aligned building blocks
Next Generation Military Information Exchange: New and innovative products based on the three commercially
aligned building blocks
DMS Community
DMS Community
CP-EXP
DM
S M
TA
Relay
AMHS Client
AMH
S
AMHS Client
AMHS Client
CP-EXP
ClientOther incl.
CP-XJP
SPIF Security Label
Client
Client
CP-EXP
SPIF Security Label
SPIF Security Label
SPIF Security Label
Allies
Future DMS Replacement
Future DMS Replacement
14
RESTRICTED
Consistent information throughout
OfficeChat
Collaboration
Outlook
04/18/23
04/18/23 15
Government Responsibilities: It’s not enough to simply demand COTS; Action is Required
•Maintain the building blocks•Evolve the building blocks•ENFORCE USE OF THE BUILDING BLOCKS
“Setting an example is not the main means of influencing another, it is the only means.” ~Albert Einstein
04/18/23 16
Sound Security Building Blocks Woven into the
“fabric” of operations
Can be carried toward the front line as required . . . Yet still
remain embraced by Industry
Commerciality
Military/Defense
04/18/23 17
Boldon James: Boldon James, a wholly-owned QinetiQ subsidiary since October 2007, has over 20 years’ experience specialising in secure messaging solutions tailored to meet the formal information exchange requirements of the worldwide defence and secure government sectors. Its Version 3 Secure Information Exchange architecture now provides a suite of Microsoft commercial off-the-shelf (COTS) functional extensions across the Unified Communications collaboration and conferencing suite, resulting in solutions with a low total cost of ownership (TCO) and significantly reduced deployment risk. Boldon James are a Microsoft Gold Partner and the Microsoft Global Go To Market Partner for Messaging in Defence and Public Safety sectors.
Cadmidium: Cadmidium Services Ltd is a technical consultancy specialising in communications system procurement, support services and product development. Cadmidium services have a diverse range of expertise backed up by decades of experience. Cadmidium currently have staff engaged with clients on a number of projects across land, sea and air environments.
Clearswift: Since 1982, Clearswift have provided internet content filtering solutions to more than 17,000 organizations around the world. We design our technologies and services around how people interact, developing adaptable solutions that define business communication. Clearswift solutions, available through an extensive partner network of qualified security specialists, safeguard information and communications, leaving employees free to communicate and collaborate, creating an environment that nurtures growth. Clearswift solutions allow you to strike the right balance between growth, cost and risk.
CommPower: CommPower, since its inception in 1984, has been seeking excellence in the product development and integration market, with emphasis on secure, real-time message processing/switching and data communications applications for military and meteorological markets. For these sectors, CommPower offers a host of gateway/dissemination products as well as Microsoft Exchange-based offerings all of which adhere to popular and open industry standards.
eB2Bcom: eB2Bcom builds and markets the high performance View500 Discovery & Directory server that combines LDAP, X.500 and XMLeD protocols in a single system. Renowned for its searching and matching capabilities and integrated WebDUA, View500 is deployed in Australia, Asia, USA, and Europe.
Isode Ltd: Isode builds high performance messaging and directory server products, using Open Standard protocols. Isode has customers in over 30 countries with exports accounting for over 60% of sales. Isode’s products are used in sectors where security, scaleability, reliability and excellent support are core requirements.
JSC: JSC Ltd provides design, integration, support, specialist training and technical consultancy services to the defence and defence related sectors. We specialise in the delivery and support of high-end secure messaging, directories and PKI-based solutions.
Nexor: Nexor is a leading provider of information assurance solutions to defence and government agencies. We ensure that sensitive information is accessed, controlled and shared in accordance with prevailing security policies by handling the connection, transformation and protection of that information. Our specialist capability and technology has been developed over two decades and our comprehensive portfolio is readily tailored to provide a value for money contribution to information assurance programmes.
SMHS Ltd: SMHS is a small, UK-based, company providing scientific, technical and integration consultancy services for a range of core enterprise services. These services include messaging (both formal and informal); directory services, security services and web services.