Military Communications and Information Technology: A Trusted ...
Military Communications and Information Technology: A Trusted ... Military Communications and Information Technology: A Trusted ...
360 Military Communications and Information Technology... B. NATO initiatives in the area of I&AM To date, following initiatives have been of significance in NATO within the I&AM area: • NATO Identity Management (NIDM) Workshop (2008-2009) – a combined effort of NATO Consultation, Command and Control Board (NC3B) Information Assurance Subcommittee (SC/4) and Information Systems Subcommittee (SC/5). As a result of this initiative, a NIDM Strawman [1] paper was published in 2009. The level of ambition for this document was to provide a framework for future work on NATO-wide Identity Management (IdM) concept, considering the federated nature on the NATO infrastructure; • NC3B SC/4 Security Management Infrastructure Ad Hoc Working Group addressed the IA view on different aspects related to identity, privilege, and access management. In 2010, this group produced a paper, aimed to provide a strategic plan for Identity Management developments in NATO [2] as well as Security Management Infrastructure Directive [3], currently being the only document where some identity and access management aspects are regulated in NATO; • The Alliance Command Operations (ACO) identified the issue of missing NATO-wide I&AM mechanism in the operational NATO Network and Information Infrastructure (NII) that would be adequate to support future Alliance Operations and Missions (AOM). As a result, a document was released in June 2011, describing a strategy to provide a capability of AOM Federated Identity and Access Management (AIDAM) [4]; • Anticipating the requirement to support NATO operations in federation scenarios, the Allied Command Transformation (ACT) supported a series of research programs in the area of I&AM, aimed to analyse possible solutions. Details can be found in [5]. C. AIDAM capability strategy Published by ACO in June 2011, the so called AIDAM is an excellent source of operational requirements and a vision for utilization of identity and access control services in the NATO federations. It also provides some recommendations on the solutions that should be adopted. The AIDAM view is in line with the recommendations provided through the ACT research programs, clearly indicating the most promising direction to achieve the information sharing capability in the environment of heterogeneous NII. The AIDAM makes the following statements: • I&AM are key to cross-domain protection and sharing of sensitive Command and Control (C2) information within federated Communities of Interest (CoI);
Chapter 4: Information Assurance & Cyber Defence 361 • In the near term, the aim for web-based I&AM will pursue a claims-based I&AM; • In the mid-term IAM is to be arrived at by means of federated identity and rights translation; • In the long-term AIDAM is to be obtained through standardization of all I&AM capabilities. II. NATO-specific architectural constrains A. NATO Bi-SC AIS network topology The current (and evolving) Bi-Strategic Command (Bi-SC) network topology is summarized and visualized in Figure 1. Figure 1. NATO NII Interconnection Visualization Detailed analysis of the Bi-SC Automated Information System (AIS) NII topology, as in [6], confirms a significant complexity in terms of possible network interconnection scenarios. The current situation can be summarized in the following way: • In the NATO Secret (NS) segment of the NATO NII, the domain integration approach allowed the achievement of a good level of consolidation. Still, fully centralized management of the entire NS segment will not be possible; in some cases only limited (unidirectional) trust relationship can be enabled between domains;
- Page 309 and 310: Chapter 3: Information Technology f
- Page 311 and 312: Chapter 3: Information Technology f
- Page 313 and 314: Chapter 3: Information Technology f
- Page 315 and 316: Chapter 3: Information Technology f
- Page 317 and 318: Application of CID Server in Decisi
- Page 319 and 320: Chapter 3: Information Technology f
- Page 321 and 322: Chapter 3: Information Technology f
- Page 323 and 324: Chapter 3: Information Technology f
- Page 325 and 326: Chapter 3: Information Technology f
- Page 327 and 328: Chapter 3: Information Technology f
- Page 329 and 330: Chapter 3: Information Technology f
- Page 331 and 332: Managing Lessons Learnt from Daily
- Page 333 and 334: Chapter 3: Information Technology f
- Page 335 and 336: Chapter 3: Information Technology f
- Page 337 and 338: Chapter 3: Information Technology f
- Page 339 and 340: Chapter 3: Information Technology f
- Page 341 and 342: Chapter 3: Information Technology f
- Page 343: Chapter 3: Information Technology f
- Page 347 and 348: Federated Cyber Defence System - Ap
- Page 349 and 350: Chapter 4: Information Assurance &
- Page 351 and 352: Chapter 4: Information Assurance &
- Page 353 and 354: Chapter 4: Information Assurance &
- Page 355 and 356: Chapter 4: Information Assurance &
- Page 357: Chapter 4: Information Assurance &
- Page 362 and 363: 362 Military Communications and Inf
- Page 364 and 365: 364 Military Communications and Inf
- Page 366 and 367: 366 Military Communications and Inf
- Page 368 and 369: 368 Military Communications and Inf
- Page 370 and 371: 370 Military Communications and Inf
- Page 372 and 373: 372 Military Communications and Inf
- Page 374 and 375: 374 Military Communications and Inf
- Page 377 and 378: Development of High Assurance Guard
- Page 379 and 380: Chapter 4: Information Assurance &
- Page 381 and 382: Chapter 4: Information Assurance &
- Page 383 and 384: Chapter 4: Information Assurance &
- Page 385 and 386: Chapter 4: Information Assurance &
- Page 387 and 388: Chapter 4: Information Assurance &
- Page 389 and 390: Chapter 4: Information Assurance &
- Page 391 and 392: Chapter 4: Information Assurance &
- Page 393 and 394: Chapter 4: Information Assurance &
- Page 395 and 396: Network Traffic Characteristics for
- Page 397 and 398: Chapter 4: Information Assurance &
- Page 399 and 400: Chapter 4: Information Assurance &
- Page 401 and 402: Chapter 4: Information Assurance &
- Page 403 and 404: Chapter 4: Information Assurance &
- Page 405 and 406: Chapter 4: Information Assurance &
- Page 407 and 408: Chapter 4: Information Assurance &
- Page 409 and 410: Chapter 4: Information Assurance &
Chapter 4: <strong>Information</strong> Assurance & Cyber Defence<br />
361<br />
• In the near term, the aim for web-based I&AM will pursue a claims-based<br />
I&AM;<br />
• In the mid-term IAM is to be arrived at by means of federated identity <strong>and</strong><br />
rights translation;<br />
• In the long-term AIDAM is to be obtained through st<strong>and</strong>ardization of all<br />
I&AM capabilities.<br />
II. NATO-specific architectural constrains<br />
A. NATO Bi-SC AIS network topology<br />
The current (<strong>and</strong> evolving) Bi-Strategic Comm<strong>and</strong> (Bi-SC) network topology<br />
is summarized <strong>and</strong> visualized in Figure 1.<br />
Figure 1. NATO NII Interconnection Visualization<br />
Detailed analysis of the Bi-SC Automated <strong>Information</strong> System (AIS) NII topology,<br />
as in [6], confirms a significant complexity in terms of possible network<br />
interconnection scenarios. The current situation can be summarized in the following<br />
way:<br />
• In the NATO Secret (NS) segment of the NATO NII, the domain integration<br />
approach allowed the achievement of a good level of consolidation.<br />
Still, fully centralized management of the entire NS segment will not be<br />
possible; in some cases only limited (unidirectional) trust relationship<br />
can be enabled between domains;