GIG Information Assurance Architecture Protecting National Security Enterprises

1
GIG Information Assurance Architecture
Protecting National Security Enterprises

• Craig Harber
• Enterprise IA Architecture Systems Engineering
  Office
• Information Assurance Directorate
• National Security Agency

2
Net-Centricity Breaks Down Barriers to
Information Sharing, Collaboration, and Mission
Synchronization

• Benefits of an assured
• Net-Centric Environment
• Access by authorized users to information and
  services anytime, anywhere
• Secure collaboration among U.S., Allies,
  Coalition partners
• Highly available networked enterprise to support
  prioritized mission operations, even while under
  cyber attack
• Warfighter confidence in ability to synchronize
  and execute mission operations

Source NCE JFC version 1, dated 7 April 2005
net-centric
Autonomous
De-conflicted
Coordinated
Interdependent
The user community must be able to trust the
integrity and availability of the GIG information
and infrastructure
3
DoDs Net-centric Global Information Grid
Fundamental transformation in information /
content management, communications, and
information assurance
DoD operations critically dependent upon a
resilient and trusted GIG
4
Protecting the GIG Net-Centric Enterprise

• GIG will be a high priority target and will be
  constantly threatened from a variety of
  adversaries
• Greater interdependence and interconnectivity of
  systems will open new avenues of attack, insider
  threat and misuse
• IA is both an enabler of new and enhanced
  net-centric capabilities and the set of
  capabilities that counter the increased threats
• IA must evolve from system-high perimeter
  protection to an Enterprise IA protection model
• High water mark approach insufficient in
  environments where the users have varying levels
  of trust and their systems have varying levels of
  IA capabilities and trust.
• NSA tasked by OSD/NII to develop the IA
  architecture, protection strategy, system
  requirements and guidance to achieve an assured
  GIG enterprise

IA is a critical element of DoDs net-centric
vision
5
The National Security Community Shares a Common
Set of IA Challenges

• The Intelligence Reform and Terrorism Prevention
  Act of 2004 identifies similar net-centric
  needs
• means for sharing among all appropriate
  Federal, State, local, and the private sector
• direct and continuous online electronic access
  to information
• information access management controls access
  to data rather than just systems and networks,
  without sacrificing security
• facilitates sharing of information at and
  across all levels of security
• services for locating people and information
  
• strong mechanisms to enhance accountability and
  facilitate oversight, including audits,
  authentication, and access controls.
• take into account the varying missions and
  security requirements of agencies participating
  in the ISE

GIG IA broadly applicable to the National
Security Community
REF Intelligence Reform And Terrorism Prevention
Act Of 2004 , PL 108-458, SEC 1016 (Information
Sharing), Dec. 17, 2004
6
IA Protection Strategy Evolution
Transactional Enterprise IA Protection
Model Required level of Information Protection
Specified for each Transaction
Static Perimeter Protection Model Common level
of Information Protection provided by System
High Environment
Source NCE JFC version 1, dated 7 April 2005

• Common User Trust Level (Clearances) across
  sys-high environment

• User Trust Level sufficient across
  Transaction/COI varies for enterprise

• Privilege assigned to user/device based on
  operational role and can be changed

• Privilege gained by access to environment and
  rudimentary roles

Future
Today

• Information authority determines required level
  of protection (QoP) for the most sensitive
  information in the sys-high environment high
  water mark determines IT/IA/Comms Standards for
  all information

• Information authority determines required level
  of end-to-end protection (QoP) required to access
  information translates to a set of
  IT/IA/Comms Standard that must be met for the
  Transaction to occur

• Manual Review to Release Information Classified
  at Less than Sys-high
• Manual Analysis and Procedures determine allowed
  interconnects

• Automated mechanisms allow information to be
  Shared (Released) when users/devices have
  proper privilege and Transaction can meet QoP
  requirements

7
Key Elements of the Enterprise IA Strategy
(End-State)

• Transactional Information Protection
• Granular end-to-end security controls to enable
  protected information exchange within the
  variable trust net-centric environment
• Digital-Policy Enabled Enterprise
• Dynamic response to changing mission needs,
  attacks, and systems degradations through highly
  automated and coordinated distribution and
  enforcement of digital policies
• Defense Against an Adversary From Within
• Persistently monitor, track, search for, and
  respond to insider activity and misuse within the
  enterprise
• Integrated Security Management
• Dynamic and automated net-centric security
  management seamlessly integrated with operations
  management
• Enhanced Integrity and Trust of Net-Centric
  Systems
• Robust information assurance embedded within
  enterprise components and maintained over their
  life-cycle

IA Component of the GIG Integrated Architecture
Version 1.1
8
GIG IA Architecture Process

• Analysis of IA for a net-centric environment from
  many different perspectives
• Architecture Strategy
• Risk Assessment
• Capabilities Needs
• Technology Gaps
• Standards and Policy Gaps
• Transition Strategy
• Not a compliance document but will influence
  existing DoD processes - requirement, resource
  acquisition
• JFC, JIC, JOC,
• JCIDS GIG IA ICD, CDDs, CPDs
• Net-centric Implementation Document (NCID)
• NCOW-RM
• NR-KPPs
• PB07, POM 08,
• Initial IA strategy based on best approach to
  achieve GIG vision
• Unconstrained Environment

9
Key GIG IA Relationships
IA Architecture Integration
Global Information Grid
LandWarNet Army
Net-Centric Operational Capabilities
FORCEnet Navy
ConstellationNet Air Force
Arch
Strategy, Guidance System Requirements
Arch
NC IA Strategy
JCIDS
6 IA Op Need Areas
GIG IA Portfolio Management (GIAP)
GIG IA ICD
Arch
ESE
ESE
ESE
ESE
NCIDS
Arch
IA Standards
ESE
Arch
10
GIG IA ICD Defines the Operational Capabilities
Required to Protect the GIG
Defend the GIG
Assured Information Sharing
Confidentiality
Monitors, analyzes, detects, responds to
unauthorized activity, as well as unintentional,
non-malicious user errors within DOD information
systems and networks
Integrity/Non-Repudiation
Highly Available Enterprise
DTG
Assured Mission Management
Source Extraction from GIG IA ICD
11
A Balanced Mix of IA Operational Capabilities
Enables Mission Assurance..
IA EMPHASIS
Confidentiality, access controls, misuse
detection Availability, Integrity,
Prioritization, Low Bandwidth, varying user
trust Integrity

• Each Mission Area has Different IA Emphasis (i.e.
  varying QoP needs)
• Varying levels of trust within and between
  Mission Areas
• Cross Mission Area Collaboration is Complex
• Graded IA standards not a one size fits all
  strategy

Assured Information Sharing
Integrity / Non-Repudiation
Assured Mission Management
Defend the GIG
HAE
Highly Available Enterprise
CON
Confidentiality
with an appropriate level of IA Functionality
and Robustness to meet each missions diverse
needs
12
Synchronization of GIG Operational Needs,
Capabilities, and System Functions

OPERATIONAL CONCEPTS
REQUIRED OPERATIONAL CAPABILITIES
SYSTEM SOLUTIONS
GIG IA Initial Capabilities Document
GIG IA Architecture v 1.1
NCOE Joint Integrating Concept
13
Transition Strategy Increment 1 Development
Methodology
IA Operational Capabilities
Assured Information Sharing (1-4)
Integrity/ Non-Repud (5-6)
Highly Available Enterprise (7-9)
Confidentiality (10)
Defend The GIG (11-14)
Assured Mission Mgmt (15)
ICD Vision
ICD Vision
ICD Vision
ICD Vision
ICD Vision
ICD Vision
Increment 1
Increment 1
Increment 1
Increment 1
Increment 1
Increment 1
14
Phased Transition With increasing Levels of
Functionality, Robustness, and Integration
15
Increment 1 Information Sharing Environment and
Assumptions

• Traditional system-high Type 1 protection
  mechanisms provide the primary protections for
  information
• Multiple system high environments seamlessly
  interconnected to improve discovery,
  collaboration and information sharing among DoD,
  IC, DHS, and close allies
• Improved, fine grained access control mechanisms
  allow richer set of information to be safely
  posted/accessed across the collection of system
  high environments
• Labeling of information at the service level
  some at the object level
• Leverages DoD-PKI and Service Oriented
  Architecture technology
• Dynamic COIs within and across organizational
  boundaries enables controlled sharing within the
  system high environment
• Supports US only, releasable, bi-lateral, and COI
  specific information
• Privately held (organization specific) data will
  evolve to COI-restricted data
• Set of partners fairly well and fairly evenly
  trusted allowing use of largely COTS technology
  within system-high perimeter
• Focus is on deploying capability aimed at
  preventing inadvertent disclosure

16
Increment 1 Federated Environment DoD Example
DoD Secret Environment
US
LandWarNet (Army)
ForceNet (Navy)
Ally or Non-DoD
Partner
SIPRNet Infrastructure
C2Constellation (Air Force)
DoD Agency Networks
17
IA Enterprise Architecture and Systems
Engineering Key Deliverables

• IA Component of the GIG Integrated Architecture
• Increment 1
• Version 1.1 (Draft) April 2006
• Version 1.1 (Final) September 2006
• Increment 2
• Version 2.0 (IA Strategy Only Initial Draft)
  July 2006
• Version 2.0 (Initial Draft) 6 months after
  approval of the Version 2.0 IA Strategy
• Enterprise IA System Engineering
  Analysis/Recommendations
• Increment 1
• Initial Draft (V.3) September 2006
• Final (V1.1) TBD dependent on available funding
• Net-Centric IA Strategy
• Initial Draft December 2005
• Final April 2006

Executive Summary, Version 1.1, and supporting
analysis documents are available on the DoD
Portal https//gesportal.dod.mil/sites/gigia
18
Summary

• GIG will be a high priority target and will be
  constantly threatened from a variety of
  adversaries
• Must be able to sustain operations during attacks
  
• GIG is most complex enterprise in the world.
  Varying trust of users and systems and varying
  sensitivity of information make for a significant
  IA challenge
• IA must evolve from system-high perimeter
  protection to a dynamic, transactional
  Enterprise IA protection model
• Changing IA solution strategy
• Shift from IA point solutions to IA functionality
  in every IT component - Integrated-in vs.
  Bolted-on IA
• Government National Security Community and
  Industry must partner to raise the bar for IA
• Industry likely to deliver much of the required
  IA functionality however, IA robustness is not
  sufficient without Government leadership and
  standards
• GIG IA Enterprise Protection Strategy broadly
  applicable to the IC and DHS
• Common IA strategy across the National Security
  Community is required to achieve desired
  information sharing, collaboration,
  infrastructure availability and mission
  effectiveness

19

• Enterprise IA Architecture and Systems
  Engineering Office
• National Security Agency
• (410) 854-7069
• DoD Portal https//gesportal.dod.mil/sites/gigia