NATO Consultation, Command

1
NATO Consultation, Command Control
BoardINFOSEC SubcommitteeProtection of
InformationSC/4 Perspectives4 May 2005

• Mr. Mark S. Loepker
• Colonel Enrico Bologna
• SC/4 Co-Chairmen

NATO UNCLASSIFIED
2
NOS
Policy
Protecting Information
INFOSEC Subcommittee SC/4
Multiple Bodies
Directives Guidance
Oversight
3
Overview

• INFOSEC Subcommittee - SC/4
• Role of SC/4
• Achievements Activities
• Areas of Interest

4
Mission Statement

• The primary mission of the INFOSEC SC is to
  support the NATO C3 Board (NC3B) in achieving the
  fundamental security objectives of
  confidentiality, integrity and availability in
  relation to NATO information stored, processed or
  transmitted in C3 systems and, as appropriate, in
  relation to the supporting C3 systems
  infrastructure. The INFOSEC SC also supports the
  Military Committee (MC) and the NATO Security
  Committee (NSC) by responding on urgent matters
  of an operational or a security policy nature.

5
SC/4 Composition

• 26 Member National Representatives
• Strategic Commands Agencies
• Supreme Headquarters Allied Powers Europe (SHAPE)
  / ACO
• Supreme Allied Command Transformation (SACT)
• NATO Office of Security (NOS)
• NATO CIS Support Agency (NCSA)
• NATO C3 Agency (NC3A)
• NATO ACCS Management Agency (NACMA)
• SECAN, DACAN, EUSEC, EUDAC
• Secretariat
• Co-Chairmen (Staff and Nationally Elected)
• Secretary

6
The Agencies
SECAN Military Committee Communications and
Information Systems Security and Evaluation
Agency - US Staffed and Operated EUSEC Military
Committee European Communications Security and
Evaluation Agency - UK Staffed and
Operated DACAN Military Committee Distribution
and Accounting Agency US Staffed and
Operated EUDAC Military Committee European
Distribution and Accounting Agency UK Staffed and
Operated
7
Relationships
8
Relationships
NATO C3 BOARD
SHAPE / ACO
SACT
SECAN
DACAN
EUSEC
EUDAC
Provides technical support, as needed
9
Ad Hoc Working Groups
INFOSEC SC AC/322 (SC/4)
Staff co-Chairman Col. Enrico BOLOGNA
National co-Chairman Mr. Mark Loepker
COMMON CRITERIA AHWG/10 Chairman Mr. David
MARTIN Sec LTC Mike RICHARDSON
CRYPTOGRAPHIC DOCUMENTATION AHWG/14 Chairman
Mrs. Debby WALLNER Sec Maj. Giordano EUSEPI
ISDN AHWG/3 Dormant Chairman VACANT
TECHNICAL INFOSEC DOCUMENTATION
AHWG/15 Chairman Mr. Kjell W. BERGAN Sec LTC
Mike Richardson
INTERCONNECTION OF NETWORKS(ICN)AHWG/4 Chairman
Mr. Jim OBAL Sec Cdr. Bernd FÜSER
NATO/NON-NATO CO-OPERATION AHWG/11 Chairman
Cdr. Bernd FÜSER
SCIP AHWG/6 Chairman Antony MARTIN Sec Maj.
Fred JORDAN
INFOSEC ARCHITECTURES AHWG/13 Chairman CDR
Wolfgang KÖHLER Sec Maj. Giordano EUSEPI
CRYPTOGRAPHIC MODERNISATION AHWG/16 Chairman
LTC Robert LOGSDON Sec Col Enrico BOLOGNA
10
Role of SC/4

• Develop Technical and Implementation Directives
  and Guidance Based on Security Policy
• Assist in Identification and Formulation of
  INFOSEC Requirements
• Promote Interoperability Between NATO and NATO
  Nations, Non-NATO Nations and International
  Organizations

11
Role of SC/4 (Continued)

• Recommend Improvements to Operations, Materials,
  and Facilities
• Contribute to the Identification of
  Vulnerabilities
• Provide a Forum for Exchange of Information and
  Ideas

12
Role of SC/4 (Continued)

• Maintain Technological Awareness of Developments
  That May Affect Security
• Advise the NATO Security Council on Implications
  for NATO Security Policy
• Monitor and Assess the INFOSEC Projects Within
  the NC3A

13
2004 Achievements

• Requirement for, Selection, Approval and
  Implementation of, Security Tools
• Electronic Labelling of NATO Information
• Consistent Marking of NATO Information in C3
  Systems
• Intrusion Detection
• Support of PKI Cryptographic Aspects

14
2004 Achievements (Continued)

• Education and Training Requirements for INFOSEC
  Personnel
• Criteria for NNN Structures, Rules and Procedures
• Strategy on Non-NATO Cryptographic
  Confidentiality Issues Implementation Plan
• INFOSEC Course for NNN and IO
• NATO Public Key Infrastructure Reference
  Architecture

15
2005 Planned Activities

• Cryptographic Security and Cryptographic
  Mechanisms
• Protecting NATO Information Over the Internet
• Network Centric Environment
• Guidance on Common Criteria
• Technical Characteristics for Primary Rate
  Interface

16
2005 Planned Activities (Continued)

• Secure Communications Interoperability Protocol
• Comprehensive Cryptographic Modernisation Roadmap
• INFOSEC Training and Awareness Programme
• Plenary Session in EAPC Format
• INFOSEC Day with Industry

17
Areas of Interest
18
INFOSEC Capability Package

• Reference Architectures
• Strategic Commands Input
• Statement of Requirements
• Provides Nations Insight for INFOSEC Product
  Development

19
Crypto Selection and Procurement

• CSP Task Force
• IS, IMS, Nations, SC, Agencies
• Agreed That Synchronisation Will Reduce
  Procurement Delay
• NICE NSIE Initial Review
• Separate Serial Processes - Caused Delays
• Change to Integrated Parallel Approach

20
Cyber Defence andNCIRC

• Central Capability
• Incident Handling and Reporting
• Establish Links With National CIRCs
• NATO Computer Incident Response Capability
  (NCIRC) IOC Declared on 16 Dec 04
• IDS 17 Sites/2 Sensors Each by End 05

21
NATO Public Key Infrastructure

• Governed by NATO PKI Management Authority (NPMA)
• Ensure Interoperability Across NATO, NATO Nations
  and its Partners
• Provides Identification, Authenticity and
  Integrity
• Provides Protection of NATO Information up to
  NATO Restricted
• Must have Public Key Enabled Applications

22
NATO Network Enabled Capability (NNEC)

• Support to Political and Military
• Strategic Framework
• Late 2005
• INFOSEC Aspects
• Operational Requirements
• Security Policy
• Network Interconnections
• Risk Management

23
Road Map

• NOS Developed
• Support NSC and NC3B
• Web based collection of NATO Security Policies,
  Directives, and Guidance for the protection of
  NATO Information on Communication and Information
  Systems (CIS)
• In Final Development

24
Summary

• Protecting Information is Complex
• Policy, Directives, Guidance and Oversight
  Provide Common Agreed Methods for Protection
• Collaborative Process Between NATO Bodies and
  NATO Nations
• Requires Constance Vigilance