nato cis services agency nato information assurance a nato view of the application of information...
TRANSCRIPT
NATO CIS Services Agency
NATO Information Assurance
A NATO view of the application of Information Assurance Techniques
5 June 2009 AFCEA TechNet Europe 2009
NATO UNCLASSIFIEDCONNECTING NATO 2
Outline
• NC3 Organization
• NCSA
• NATO Information Assurance
• Identity Management
NATO UNCLASSIFIEDCONNECTING NATO 3
NC3 Organization
NC3 Organisation
NATO C3 Agency (NC3A)
NATO C3 Agency (NC3A)
SACEURSACEURNATO C3 Board(NC3 Board)
NATO C3 Board(NC3 Board)
NC3 RepsNC3 Reps
NATO CISSERVICES AGENCY
(NCSA)
NATO UNCLASSIFIEDCONNECTING NATO 4
NCSA Mission
To ensure the provision of secure end-to-end information exchange services and information processing services required for NATO Consultation, Command and Control, using fielded Communications and Information Systems in the most cost effective manner.
NATO UNCLASSIFIEDCONNECTING NATO 5
Current NCSA Structure
NCISS
Latina
Brunssum
Sector
NorfolkSector
Mons Sector
Naples Sector
Lisbon Sector
Madrid Sector
Ramstein Sector
Izmir Sector
Heidelberg Sector
Northwood
Sector
NCSA HQ
MONS
1 NATO Signal BnMaastricht
2 NATO Signal BnNaples
Total PE: ~ 3300Deployable
NATO UNCLASSIFIEDCONNECTING NATO 6
NCSA Areas of Responsibility
US
CA
Norfolk Sector Mons Sector Brunssum Sector (includes CLD-B)Naples Sector (includes CLD-N)Northwood Sector Madrid SectorLisbon SectorIzmir Sector
Heidelberg Sector and Ramstein Sector without assigned AOR
SPPO
FR
BELux.
NL.
GEPL
CZ.
IT
GR
TU
HU
NO
UK
IC
SI
SZ
LHLG
EN
RO
BU
EUFOR KFOR ISAF IRAQ
NATO UNCLASSIFIEDCONNECTING NATO
INFOSEC -> IA
• NATO definition
• NNEC enabler
• Risk management
• Strong authentication
7
NATO UNCLASSIFIEDCONNECTING NATO
SMI Services• Identity management
• Credential management
• Attribute management
• Privilege management
• Digital policy mangement
8
NATO UNCLASSIFIEDCONNECTING NATO
SMI Services• IA configuration management
• Crypto key management
• IA metadata management
• IA audit managment
9
NATO UNCLASSIFIEDCONNECTING NATO
NATO Identity Management• EAPC(AC/322-SC/5-WG/5)WP(2009)0001
NATO Identity Management (NIdM)
• AC/322-D(2005)0044
INFOSEC Technical And Implementation Guidance On Identification and Authentication
• AC/322-D(2004)0024REV2
NATO Public Key Infrastructure (NPKI) Certificate Policy (CertP) Rev2
10
NATO UNCLASSIFIEDCONNECTING NATO
NATO Identity Management
• Passwords
• Tokens
• Biometrics
11
NATO UNCLASSIFIEDCONNECTING NATO
NPKI• Information sharing
• Effects-based approach
• Improved decision making
• Physical access control
12
NATO UNCLASSIFIEDCONNECTING NATO
NPKI Today
• Office Communication Suite (OCS)
• NATO Restricted (NR) network
• NEKMS
13
NATO UNCLASSIFIEDCONNECTING NATO 14
NATO Information Assurance• Email Content Checking
• Mail guards
• OS/applications security settings
• Forensic capability
• Security event management• IDS
• Firewalls
• Anti-virus software
NATO UNCLASSIFIEDCONNECTING NATO 15
IA Threats• Spam
• Malware
• Web defacements
• User indiscretions
• Targeted attacks
• Classified information leakage
• Vulnerabilities exposed by poor maintenance
• System privilege abuse
NATO UNCLASSIFIEDCONNECTING NATO 16
IA Future• Increased capacity
• Smarter tools
• Centralized management
• Consolidated IA picture
• Faster reaction
NATO UNCLASSIFIEDCONNECTING NATO 17
Conclusion• Speed up
• Cooperate closely
• Do not forget the human factor
• Flexibility and mobility
NATO UNCLASSIFIEDCONNECTING NATO
Questions?
18