GIG Information Assurance Architecture Protecting National Security Enterprises - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

GIG Information Assurance Architecture Protecting National Security Enterprises

Description:

Access by authorized users to information and services anytime, anywhere ... Persistently monitor, track, search for, and respond to insider activity and ... – PowerPoint PPT presentation

Number of Views:97
Avg rating:3.0/5.0
Slides: 20
Provided by: cis51
Category:

less

Transcript and Presenter's Notes

Title: GIG Information Assurance Architecture Protecting National Security Enterprises


1
GIG Information Assurance Architecture
Protecting National Security Enterprises
  • Craig Harber
  • Enterprise IA Architecture Systems Engineering
    Office
  • Information Assurance Directorate
  • National Security Agency

2
Net-Centricity Breaks Down Barriers to
Information Sharing, Collaboration, and Mission
Synchronization
  • Benefits of an assured
  • Net-Centric Environment
  • Access by authorized users to information and
    services anytime, anywhere
  • Secure collaboration among U.S., Allies,
    Coalition partners
  • Highly available networked enterprise to support
    prioritized mission operations, even while under
    cyber attack
  • Warfighter confidence in ability to synchronize
    and execute mission operations

Source NCE JFC version 1, dated 7 April 2005
net-centric
Autonomous
De-conflicted
Coordinated
Interdependent
The user community must be able to trust the
integrity and availability of the GIG information
and infrastructure
3
DoDs Net-centric Global Information Grid
Fundamental transformation in information /
content management, communications, and
information assurance
DoD operations critically dependent upon a
resilient and trusted GIG
4
Protecting the GIG Net-Centric Enterprise
  • GIG will be a high priority target and will be
    constantly threatened from a variety of
    adversaries
  • Greater interdependence and interconnectivity of
    systems will open new avenues of attack, insider
    threat and misuse
  • IA is both an enabler of new and enhanced
    net-centric capabilities and the set of
    capabilities that counter the increased threats
  • IA must evolve from system-high perimeter
    protection to an Enterprise IA protection model
  • High water mark approach insufficient in
    environments where the users have varying levels
    of trust and their systems have varying levels of
    IA capabilities and trust.
  • NSA tasked by OSD/NII to develop the IA
    architecture, protection strategy, system
    requirements and guidance to achieve an assured
    GIG enterprise

IA is a critical element of DoDs net-centric
vision
5
The National Security Community Shares a Common
Set of IA Challenges
  • The Intelligence Reform and Terrorism Prevention
    Act of 2004 identifies similar net-centric
    needs
  • means for sharing among all appropriate
    Federal, State, local, and the private sector
  • direct and continuous online electronic access
    to information
  • information access management controls access
    to data rather than just systems and networks,
    without sacrificing security
  • facilitates sharing of information at and
    across all levels of security
  • services for locating people and information
  • strong mechanisms to enhance accountability and
    facilitate oversight, including audits,
    authentication, and access controls.
  • take into account the varying missions and
    security requirements of agencies participating
    in the ISE

GIG IA broadly applicable to the National
Security Community
REF Intelligence Reform And Terrorism Prevention
Act Of 2004 , PL 108-458, SEC 1016 (Information
Sharing), Dec. 17, 2004
6
IA Protection Strategy Evolution
Transactional Enterprise IA Protection
Model Required level of Information Protection
Specified for each Transaction
Static Perimeter Protection Model Common level
of Information Protection provided by System
High Environment
Source NCE JFC version 1, dated 7 April 2005
  • Common User Trust Level (Clearances) across
    sys-high environment
  • User Trust Level sufficient across
    Transaction/COI varies for enterprise
  • Privilege assigned to user/device based on
    operational role and can be changed
  • Privilege gained by access to environment and
    rudimentary roles

Future
Today
  • Information authority determines required level
    of protection (QoP) for the most sensitive
    information in the sys-high environment high
    water mark determines IT/IA/Comms Standards for
    all information
  • Information authority determines required level
    of end-to-end protection (QoP) required to access
    information translates to a set of
    IT/IA/Comms Standard that must be met for the
    Transaction to occur
  • Manual Review to Release Information Classified
    at Less than Sys-high
  • Manual Analysis and Procedures determine allowed
    interconnects
  • Automated mechanisms allow information to be
    Shared (Released) when users/devices have
    proper privilege and Transaction can meet QoP
    requirements

7
Key Elements of the Enterprise IA Strategy
(End-State)
  • Transactional Information Protection
  • Granular end-to-end security controls to enable
    protected information exchange within the
    variable trust net-centric environment
  • Digital-Policy Enabled Enterprise
  • Dynamic response to changing mission needs,
    attacks, and systems degradations through highly
    automated and coordinated distribution and
    enforcement of digital policies
  • Defense Against an Adversary From Within
  • Persistently monitor, track, search for, and
    respond to insider activity and misuse within the
    enterprise
  • Integrated Security Management
  • Dynamic and automated net-centric security
    management seamlessly integrated with operations
    management
  • Enhanced Integrity and Trust of Net-Centric
    Systems
  • Robust information assurance embedded within
    enterprise components and maintained over their
    life-cycle

IA Component of the GIG Integrated Architecture
Version 1.1
8
GIG IA Architecture Process
  • Analysis of IA for a net-centric environment from
    many different perspectives
  • Architecture Strategy
  • Risk Assessment
  • Capabilities Needs
  • Technology Gaps
  • Standards and Policy Gaps
  • Transition Strategy
  • Not a compliance document but will influence
    existing DoD processes - requirement, resource
    acquisition
  • JFC, JIC, JOC,
  • JCIDS GIG IA ICD, CDDs, CPDs
  • Net-centric Implementation Document (NCID)
  • NCOW-RM
  • NR-KPPs
  • PB07, POM 08,
  • Initial IA strategy based on best approach to
    achieve GIG vision
  • Unconstrained Environment

9
Key GIG IA Relationships
IA Architecture Integration
Global Information Grid
LandWarNet Army
Net-Centric Operational Capabilities
FORCEnet Navy
ConstellationNet Air Force
Arch
Strategy, Guidance System Requirements
Arch
NC IA Strategy
JCIDS
6 IA Op Need Areas
GIG IA Portfolio Management (GIAP)
GIG IA ICD
Arch
ESE
ESE
ESE
ESE
NCIDS
Arch
IA Standards
ESE
Arch
10
GIG IA ICD Defines the Operational Capabilities
Required to Protect the GIG
Defend the GIG
Assured Information Sharing
Confidentiality
Monitors, analyzes, detects, responds to
unauthorized activity, as well as unintentional,
non-malicious user errors within DOD information
systems and networks
Integrity/Non-Repudiation
Highly Available Enterprise
DTG
Assured Mission Management
Source Extraction from GIG IA ICD
11
A Balanced Mix of IA Operational Capabilities
Enables Mission Assurance..
IA EMPHASIS
Confidentiality, access controls, misuse
detection Availability, Integrity,
Prioritization, Low Bandwidth, varying user
trust Integrity
  • Each Mission Area has Different IA Emphasis (i.e.
    varying QoP needs)
  • Varying levels of trust within and between
    Mission Areas
  • Cross Mission Area Collaboration is Complex
  • Graded IA standards not a one size fits all
    strategy

Assured Information Sharing
Integrity / Non-Repudiation
Assured Mission Management
Defend the GIG
HAE
Highly Available Enterprise
CON
Confidentiality
with an appropriate level of IA Functionality
and Robustness to meet each missions diverse
needs
12
Synchronization of GIG Operational Needs,
Capabilities, and System Functions

OPERATIONAL CONCEPTS
REQUIRED OPERATIONAL CAPABILITIES
SYSTEM SOLUTIONS
GIG IA Initial Capabilities Document
GIG IA Architecture v 1.1
NCOE Joint Integrating Concept
13
Transition Strategy Increment 1 Development
Methodology
IA Operational Capabilities
Assured Information Sharing (1-4)
Integrity/ Non-Repud (5-6)
Highly Available Enterprise (7-9)
Confidentiality (10)
Defend The GIG (11-14)
Assured Mission Mgmt (15)
ICD Vision
ICD Vision
ICD Vision
ICD Vision
ICD Vision
ICD Vision
Increment 1
Increment 1
Increment 1
Increment 1
Increment 1
Increment 1
14
Phased Transition With increasing Levels of
Functionality, Robustness, and Integration
15
Increment 1 Information Sharing Environment and
Assumptions
  • Traditional system-high Type 1 protection
    mechanisms provide the primary protections for
    information
  • Multiple system high environments seamlessly
    interconnected to improve discovery,
    collaboration and information sharing among DoD,
    IC, DHS, and close allies
  • Improved, fine grained access control mechanisms
    allow richer set of information to be safely
    posted/accessed across the collection of system
    high environments
  • Labeling of information at the service level
    some at the object level
  • Leverages DoD-PKI and Service Oriented
    Architecture technology
  • Dynamic COIs within and across organizational
    boundaries enables controlled sharing within the
    system high environment
  • Supports US only, releasable, bi-lateral, and COI
    specific information
  • Privately held (organization specific) data will
    evolve to COI-restricted data
  • Set of partners fairly well and fairly evenly
    trusted allowing use of largely COTS technology
    within system-high perimeter
  • Focus is on deploying capability aimed at
    preventing inadvertent disclosure

16
Increment 1 Federated Environment DoD Example
DoD Secret Environment
US
LandWarNet (Army)
ForceNet (Navy)
Ally or Non-DoD
Partner
SIPRNet Infrastructure
C2Constellation (Air Force)
DoD Agency Networks
17
IA Enterprise Architecture and Systems
Engineering Key Deliverables
  • IA Component of the GIG Integrated Architecture
  • Increment 1
  • Version 1.1 (Draft) April 2006
  • Version 1.1 (Final) September 2006
  • Increment 2
  • Version 2.0 (IA Strategy Only Initial Draft)
    July 2006
  • Version 2.0 (Initial Draft) 6 months after
    approval of the Version 2.0 IA Strategy
  • Enterprise IA System Engineering
    Analysis/Recommendations
  • Increment 1
  • Initial Draft (V.3) September 2006
  • Final (V1.1) TBD dependent on available funding
  • Net-Centric IA Strategy
  • Initial Draft December 2005
  • Final April 2006

Executive Summary, Version 1.1, and supporting
analysis documents are available on the DoD
Portal https//gesportal.dod.mil/sites/gigia
18
Summary
  • GIG will be a high priority target and will be
    constantly threatened from a variety of
    adversaries
  • Must be able to sustain operations during attacks
  • GIG is most complex enterprise in the world.
    Varying trust of users and systems and varying
    sensitivity of information make for a significant
    IA challenge
  • IA must evolve from system-high perimeter
    protection to a dynamic, transactional
    Enterprise IA protection model
  • Changing IA solution strategy
  • Shift from IA point solutions to IA functionality
    in every IT component - Integrated-in vs.
    Bolted-on IA
  • Government National Security Community and
    Industry must partner to raise the bar for IA
  • Industry likely to deliver much of the required
    IA functionality however, IA robustness is not
    sufficient without Government leadership and
    standards
  • GIG IA Enterprise Protection Strategy broadly
    applicable to the IC and DHS
  • Common IA strategy across the National Security
    Community is required to achieve desired
    information sharing, collaboration,
    infrastructure availability and mission
    effectiveness

19
  • Enterprise IA Architecture and Systems
    Engineering Office
  • National Security Agency
  • (410) 854-7069
  • DoD Portal https//gesportal.dod.mil/sites/gigia
Write a Comment
User Comments (0)
About PowerShow.com