Secure Military Messaging in a Network Enabled Environment
|
|
- Rachel Riley
- 6 years ago
- Views:
Transcription
1 Secure Military Messaging in a Network Enabled Environment BGen.Murat ÜÇÜNCÜ Chief of IS Dept. Turkish General Staff IT HAS ALWAYS BEEN DIFFICULT TO BE THE LAST SPEAKER IN AN EVENT LIKE THIS. IT IS DIFFICULT BECAUSE MOST OF THE DISTINGUISHED SPEKAERS BEFORE ME HAVE MENTIONED A LITTLE ABOUT WHAT I AM GONNA TALK ABOUT AND LEFT A LITTLE PORTION OF MY SPEECH UNTOUCHED. FUTHERMORE, I KNOW YOU ARE ALMOST READY TO LEAVE THE COFERENCE HALL AFTER STAYING IN YOUR CHAIRS FOR HOURS. HAVING NOTED THESE CIRCUMSTANCES, I WILL TRY MY BEST IN NEXT FIFTEEN MINUTES. 1
2 Outline Messaging NEC and NII Messaging in a Network Enabled Environment Properties of Secure Messaging Challenges Conclusion TODAY, I AM GONNA GIVE YOU A BRIEFING ABOUT SECURE MILITARY MESSAGING IN A NETWORK ENABLED ENVIRONMENT FOLLOWING THE REFLECTED OUTLINE ON THE CURTAIN. 2
3 Grades of Messaging critical information security integrity survivability non-repudiation important information security official correspondence reliability archiving ease of use assurance of delivery individuals assurance of delivery routine information individuals basic security cheapest & basic capability INTERNET MAIL MAY BE SUFFICINTLY RELIABLE FOR MANY COMMERICAL AND PERSONAL APPLICATIONS, BUT IT IS NOT DEFINITELY GOOD ENOUGH FOR SOME COMMUNITIES LIKE FOR INSTANCE MILITARY AND KEY GOVERNMENT AGENCIES. AS A RESULT OF THE ASSUMPTION, MESSAGING SERVICE IS USUALLY CATEGORIZED IN THREE DIFFERENT GRADES : HIGH, MEDIUM AND BASIC. A HIGH GRADE MESSAGING SERVICE IS A MECHANISM FOR EXCHANGING CRITICAL INFORMATION AN OFFICIAL CORRESPONDENCE THROUGHOUT AN ORGANIZATION AND ITS PARTNERS. THERE FORE THIS SERVICE SHOULD MEET STRINGENT REQUIREMENTS FOR SECURITY, ASSURANCE OF DELIVERY, INTEGRITY, RELIABILITIY, SURVIVABILITY, ARCHIVING, NON-REPUDIATION AND EASE OF USE. MEDIUM GRADE MESSAGING IS USUALLY DEFINED AS A MECHANISM FOR EXCHANGING IMPORTANT INFORMATION BETWEEN INDIVIDUALS THROUGHT AN ORGANIZATION AND ITS PARTNERS. SINCE IT IS ACCEPTED AS A SEMI OFFICIAL SERVICE, MEDIUM GRADE MESSAGING IS ALSO EXPECTED TO MEET ASSURANCE OF DELIVERY AND SECURITY TO A CERTAIN EXTENT. A MEDIUM GRADE MESSAGING IS A FIRE AND WATCH SERVICE BECAUSE ON ORGINATOR USING THIS SERVICE ACCEPTS RESPONSIBILITY FOR ENSURING DELIVERY HAVING BEEN ACHIEVED, WHILE A HIGH-GRADE MESSAGING IS A FIRE AND FORGET SERVICE. DIFFERENT FROM PREVIOUS TWO, A BASIC GRADE SERVICE IS A MECHANISM FOR EXCHANGING ROUTINE INFORMATION BETWEEN INDIVIDUALS THROUGHT AN ORGANIZATION AND ITS PARTNERS. THIS SERVICE IS ONLY REQUIRED TO DELIVER A BASIC CAPABILITY IN THE CHEAPEST WAY CONSISTENT WITH BASIC DEMANDS FOR SECURITY. FROM THIS DEFINITION, A BASIC GRADE MESSAGING CAN BE CATEGORIZED AS A FIRE AND HOPE SERVICE. 3
4 Military Messaging Service (MMS) The MMS is a service that provides electronic messaging to staff units and authorized individual users (i.e., message release authorities) in military organizations which fulfills established military requirements for messaging systems. ~ = IN THIS CONTEXT, THE MAIN OBJECT OF MY SPEECH IS GONNA BE A HIGH GRADE MESSAGING SERVICE, WHICH WE USALLY CALL MILITARY MESSAGING SERVICE. BOTH ACP 123 AND STANAG 4406 DEFINES THE MMS ALMOST IDENTICALLY AS A SERVICE THAT PROVIDES ELECTRONIC MESSAGING TO STAFF UNITS AND AUTHORIZED INDIVIDUAL USERS IN MILITARY ORGANIZATION AND THEY REQUIRE THE MMS MEETS ESTABLISHED MILITARY REQUIREMENTS FOR MESSAGING SYSTEMS. 4
5 Minimum Military Requirements for Military Messaging Service Availability Integrity Interoperability Confidentiality Authentication Non-repudiation Accountability Guaranteed Delivery Timely Delivery C2 Business Process Support Tactical Bearer Support Access Control Security Labeling THEN WHAT ARE THE MILITARY REQUIREMENTS WHICH ARE EXPECTED FORM A MESSAGING SYSTEM TO MEET? THE LIST OF MINIMUM MILITARY REQUIREMENTS MADE FOR THE NATO MESSAGING SYSTEM IS A GOOD EXAMPLE OF THESE EXPECTATIONS. SINCE NMS IS DESIGNED TO PROVIDE A HIGH GRADE MESSAGING SERVICE, IT SHOULDN T BE SURPRISING THAT THE MOST OF THE ITEMS REFLECTED ON THE SLIDE MATCHES WITH THE PROPERTIES OF A HIGH GRADE MESSAGING SERVICE DEFINED PREVIOUSLY IN MY SPEECH. 5
6 A Busy Network-Enabled Environment IN TODAY S CIS INFRASTRUCTURE, MILITARY MESSAGING SYSTEMS PLAY A VITAL ROLE BECAUSE OF THEIR INDISPENSABLE SUPPORT TO COMMAND AND CONTROL. BUT, HOW IS THE SAME FUNCTIOANLITY GONNA BE PROVIDED IN A NETWORK ENABLED ENVIRONMENT. AS A NEW CONCEPT, NETWORK ENABLED CAPABILITY INTRODUCES A COMMON APPROACH DEVELOPING THE ARCHITECTURES, STANDARDS, PROCESSES, AND PROCEDURES NECESSARY TO PROVIDE THE FLEXIBILITY AND AGILITY NEEDED TO CONDUCT FUTURE NETWORK-CENTRIC OPERATIONS IN A BUSY COALITION ENVIRONMENT LIKE THE ONE SHOWN IN THE CURRENT SLIDE. NOW, LET S HAVE A LOOK HOW MILITARY MESSAGING SERVICE WILL FIT IN THIS NEW PICTURE. 6
7 Networking and Information Infrastructure (NII) NII, a key requirement for NEC: A robust, secure and effective CIS infrastructure. SOA approach, Information & Integration (IIS) A ROBUST, SECURE AND EFFECTIVE CIS INFRASTRUCTURE IS UNDENIABLY A KEY REQUIREMENT TO ACHIEVE NETWORK ENABLED CAPABILITY. IN NNEC FEASIBILITY STUDY, THIS IS CALLED AS NETWORKING AND INFORMATION INFRASTRUCTURE, NII. THE INFORMATION AND INTEGRATION COMPONENT OF THE NII IS CHARACTERIZED BY THE USE OF SERVICE ORIENTED ARCHITECTURE TO EXPOSE SOFTWARE FUNCTIONS AS CONSUMABLE SERVICES THAT CAN BE DISCOVERED AND INVOKED ACROSS THE NETWORK. INFORMATION AND INTEGRATION SERVICES ARE ALSO KNOWN AS CORE ENTERPRISE SERVICES AND ONE OF THE PRIMARY PURPOSES OF THESE SERVICES IS TO SUPPORT THE IMPLEMENTATION AND USE OF SOA TO MEET THE NEEDS OF PRE-PLANNED AND AD-HOC COMMUNITY OF INTERESTS. 7
8 NNEC IIS Layered Model NNEC Feasibilty Study THE NNEC ISS LAYERED MODEL FROM THE 2005 FEASIBILITY REPORT DEFINES DIFFERENT TYPES OF SERVICES ON A SOLID TRANSPORT AND INFRASTRUCTURE LAYER TO MEET DIFFERENT TYPES OF REQUIREMENTS. 8
9 Current Scope of NII Military Messaging Service COI-Specific Commom COI Information and Integration / Core Enterprise Discovery Repository Mediation Information Assurance Service Discovery Information Discovery Infrastructure Application Enterprise Directory Metadata Registry Messaging Interaction Composition Translation Publish/ Subscribe Service Management & Control Storage Collaboration Transition Network/Transport NII THE PREVIOUS LAYERED MODEL HAS BEEN REFINED RECENTLY NARROWING THE SCOPE OF THE NII. IN THIS NEW DIAGRAM YOU CAN SEE THAT A MESSAGING SERVICE IS DEFINED AS A CORE SERVICE. BUT THIS IS IMPORTANT TO ARTICULATE THAT THIS MESSAGING SERVICE IS A GENERIC SERVICE INTERACTION MECHANISM USED BY OTHER SERVICES OR APPLICATIONS. THIS IS NOT THE SAME AS THE MMS DEFINED IN STANAG 4406 OR ACP 123, WHICH IS NOT A CORE ENTERPRISE SERVICE. RATHER, MMS MIGHT BE HANDLED AT THE COI OR COMMON COI SERVICES LAYER, WHICH MAKES USE OF THE CORE ENTERPRISE SERVICES. 9
10 MMHSs as Legacy Systems MMHSs, as legacy systems, provide MMS using standardized interfaces. NNEC Feasibilty Study IF WE GO BACK TO THE QUESTION OF WHERE MMS WOULD RESIDE IN NEC CONCEPT NOW WE CAN SAY THAT IT IS GONNA BE ONE OF THE COI SPECIFIC OR COMMON COI SERVICES. THIS IS VERY OBVIOUS FROM THE DEFINITION AND NATURE OF THE MMS, BECAUSE NOT EVERY USER IN THE NETWORK NEEDS THE SERVICE. BUT THE QUESTION OF HOW THIS SERVICE WOULD BE IMPLEMENTED IN NEC IS STILL UNANSWERED. NOW I AM GONNA TRY TO FIND AN ACCEPTABLE ANSWER TO THIS QUESTION. IT IS NOT POSSIBLE TO CREATE A NEW SET OF CAPABILITIES BASED ON NEW OPERATIONAL REQUIREMENTS STARTING FROM THE SCRATCH, THIS STATEMENT IS VALID IN THE COURSE OF ACHIEVING THE NEC GOAL AS WELL. AT ANY POINT OF TIME THERE WILL ALWAYS BE LEGACY SYSTEMS. SO THE INCORPORATION OF LEGACY SYSTEMS WILL ALWAYS BE A REQUIREMENT, AND NOT ONLY IN AN INITIAL TRANSITION PHASE. EVEN THOUGH THE TERM LEGACY IS OFTEN ASSOCIATED TO OLD OR OBSOLETE, LEGACY SYSTEMS REFER TO THOSE SYSTEMS THAT ARE CURRENTLY OPERATIONAL AND WILL BE SO FOR AS LONG AS THEIR CAPABILITIES ARE REQUIRED OR THEIR REPLACEMENT IS NOT POSSIBLE. FROM MY POINT OF VIEW, CURRENT STANAG 4406 COMPLIANT MESSAGING SYSTEMS WHICH PROVIDE MMS ARE THE EXAMPLES OF LEGACY SYSTEMS NEED TO BE INTEGRATED IN THE NEW ARCHITECTURE BY USING STANDARDIZED INTERFACES. IN THIS WAY THESE SOLID APPLICATIONS COULD SERVE AS SERVICES WITHIN A SOA CONCEPT UNTIL, THEIR EFFICIENT REPLACEMENT S BASED ON A NEWER TECHNOLOGY IS AVAILABLE. 10
11 Military Messaging in a Network Enabled Environment Need for seamless message exchange between: Tactical and strategic environments, Seperated security domains, Different services, COIs and organizations. Armed Forces Government Institutions Nations SINCE NEC IS BASED UPON A CONCEPT OF FEDERATION OF NETWORKS AND SYSTEM OF SYSTEMS, THERE IS AN AMBITIOUS REQUIREMENT FOR USERS AT ALL OPERATIONAL LEVELS TO EXCHANGE INFORMATION. THEREFORE USERS, FROM TACTICAL AND STRATEGIC LEVELS, FROM SEPARATED SECURITY DOMAINS, FROM DIFFERENT SERVICES, COIS AND ORGANIZATIONS WILL NEED TO SEAMLESSLY EXCHANGE MESSAGES WITH THEIR CORRESPONDENCES TO MEET THEIR OPERATIONAL REQUIREMENTS IN SUCH AN ENVIRONMENT. THIS REQUIREMENT IS A LITTLE BIT DIFFERENT FRoM THE ONES WE ARE USED TO FOR A LONG TIME AND BRINGS SOME DIFFICULTIES THAT I AM GONNA BRIEFLY TALK IN THE LAST PART OF BRIEFING. 11
12 Traditional Security X.800 Standards Confidentiality Integrity Availability Authentication Access control Non-repudiation SO FAR WE HAVE LOCATED THE MMS IN A NEC ENVIRONMENT AND CAME UP WITH A VIABLE SOLUTION TO INTEGRATE THE SERVICE IN TO THE NEW ARCHITECTURE. NOW IT IS TIME TO TALK ABOUT HOW TO MAKE THE SERVICE SECURE. REPRESENTING INFORMATION ASSURANCE AS A PILLAR SPANNING ALL OTHER SERVICE LAYERS POINTS OUT TO THE IMPORTANCE OF SECURITY IN A NETWORK ENABLED ENVIRONMENT. ASSUMING THAT X.800 STANDARDS TRADITIONAL SECURITY SERVICES WILL SUSTAIN THEIR IMPORTANCE AND MAY NOT CHANGE EVEN IN THE LONG TERM, IMPLEMENTING THESE SERVICES IN A NETWORK ENABLED ENVIRONMENT WOULD PROVIDE A CERTAIN LEVEL OF SECURITY FOR SERVICES DEPLOYED IN THE SAME ENVIRONMENT. OF COURSE, ONE OF THESE DEPLOYED SERVICES WILL BE THE MMS. 12
13 Confidentiality Encrypting the communication link from-end-toend. Using integrated PKI software to encrypt messages. Sydney B Steven Need to sniff in the messaging between them, but how? ONE OF THESE SECURITY SERVICES IS CONFIDENTIALITY. THIS CAN BE IMPLEMENTED IN DIFFERENT WAYS. HARDWARE AND SOFTWERE SOLUTIONS TO ADEQUATELY PROTECT INFORMATION ARE AVAILABLE. WHILE IT IS POSSIBLE TO ENCRYPT THE COMMUNICATION LINK FORM END-TO-END, USING AN INTEGRATED PKI SOFTWARE IN A MESSAGING SERVICE MAKES IT POSSIBLE TO ENCRYPT A SINGLE MESSAGE TO ACHIEVE ITS CONFIDENTIALITY BETWEEN ITS ORIGINATOR AND RECEIVER. 13
14 Integrity Hardware solution : IP-crypto devices Software solution : Digital signatures. Sydney Steven Need to change the messagie in the way, but how? ANOTHER SECURITY SERVICE IS INTEGRITY. LIKE CONFIDENTRALITY, INTEGRITY OF MMS CAN BE ACHIEVED BY IMPOSING BOTH HARDWERE AND SOFTWERE SOLUTIONS. OP-CRYPTO DEVICES ARE AND WILL BE USED IN THE FORESEEABLE FUTURE TO PROVIDE INTEGRITY AS FOR AS THE COMMUCITION LINK IS CORCERNED. IN ADDITION TO LINE ENCRYPTION DIGITAL SIGNATURES SHOULD BY USED TO SUPPORT MESSAGE INTEGRITY. 14
15 Availability Keeping the service operational, Making the service able to transfer messages for a high percentage of the work cycle. WAN AVAILABILITY OF THE MMS HAS UTMOST IMPORTANCE BECAUSE THE SERVICE IS USED TO EXCHANGE CRITICAL INFORMATION FOR THE ORGANIZATION. THIS MUST BE DONE BY BUILDING ROBUST AND RESILIENT SYSTEMS TO PROVIDE THE SERVICE. AVAILABILITY OF A MESSAGING SERVICE CANNOT BE ASSURED BY ONLY KEEPING IT OPERATIONAL, MAKING THE SERVICE ABLE TO TRANSFER MESSAGES FOR A HIGH PERCENTAGE OF THE WORK CYCLE IS ALSO REQUIRED TO FULFILL AVAILABILITY. 15
16 Authentication Strong authentication to protect information. Smart card use, Smart card password. Use at least 2 out of 3. Biometric devices Xcfrawe145& IN ORDER TO PROPERLY PROTECT ACCESS TO INFORMATION EXCHANGED VIA MMS, ALL USERS OF THE SERVICE SHOULD AUTHENTICATE AND THIS AUTHENTICATION SHOULD BE BASED ON A FORM OF STRONG AUTHENTICATION. UTILIZING SMART CARDS LOADED WITH USER CERTIFICATES AND CONFIRMING CARD HOLDER WITH A CARD PASSWORD TOGETHER IS A GOOD EXAMPLE OF AVAILABLE STRONG AUTHENTICATION METHODS THAT CAN BE INTEGRATED INTO A MILITARY MESSAGING SERVICE. 16
17 Access Control Authorized personnel only. Network access control via IP-encryption, Effective and interoperable identity management ACCES CONTROL IS NEEDED TO RESTRICT ACCESS TO THE MESSAGING SERVICES TO AUTHORIZED PERSONNEL ONLY. THIS CAN BE HANDLED BY THE IP ENCRYPTION DEVICES ON THE NETWORK LEVEL. IN ADDITION AN INTEROPERABLE IDENTITY MANAGEMENT SERVICE SHOULD BE DEPLOYED IN A NETWORK ENABLED ENVIRONMENT IN ORDER TO SUPPORT SECURELY ACCESS TO THE INFORMATION EXCHANGED BY THE MESSAGING SYSTEM. 17
18 Non-repudiation Sydney Provide assurance against repudiation. Digital signatures enabled by PKI technology. Steven NON-REPUDIATION PROVIDES ASSURANCE THAT SOMETHING CANNOT SUCCESSFULLY BE DISCLAIMED. NON-REPUDIATION IS CRUCIAL FOR A SERVICE BY WHICH OFFICAL CORRESPONDENCE IS EXCHANGED. DIGITAL SIGNATURES PROVIDED BY PKI TECHNOLOGY ARE USED TO SIGN MESSAGES EXCHANGED VIA A MESSAGING SERVICE TO ACHIEVE NON-REPUDIATION. 18
19 Challenges Harmonization of messaging requirements with web technologies. Low band-width constraints in tactical environment. Need for solid IPnetworks in the field. Efficient PKI usage. Need for a robust key management. An interoperable Identity Management. Cross domain security issues HAVING AND SECURING A CRITICAL SERVICE LIKE MILITARY MESSAGING IN A NETWORK ENABLED ENVIRONMENT IS NOT AN EASY JOB. THERE ARE CERTAIN OBSTACLES TO ACHIEVE THIS FUNCTIOANLITY AT THE LEVEL INTENDED AND EXPECTED. FOR THE TIME BEING, WEB TECHNOLOGIES IS THE MOST POWERFUL CANDIDATE TO IMPLEMENT SOA. THEREFORE SOLUTIONS SHOULD BE INVESTIGATED TO MEET MESSAGING REQUIREMENTS VIA THESE TECHNOLOGIES. ANOTHER CONSTRAINT WITHIN NEC IS CAUSED BY LOW BAND-WIDTHS ESPECIALLY IN TACTICAL DOMAINS. EFFCIENT IP-NETWORKS ARE NEEDED NOT ONLY AT STRATEGIC BUT ALSO AT OPERATIONAL AND TACTICAL LEVELS IN ORDER TO PROVIDE QUALITY OF SERVICE IN MESSAGING. PKI IS ONE OF THE KEY AREAS FOR ACHIEVING SECURITY IN NEC. HOWEVER, IT IS NOT A COMPLETE SOLUTION BY ITSELF AND POLICIES TO IMPLEMENT PKI ACROSS BORDERS ARE STILL IN THE PHASE OF DEFINITION BY QUALIFIED AUTHORITIES. IP-CRYTO DEVICES WILL BE A MAJOR MEANS TO IMPROVE SECURITY OF NETWORK IN THE FORESEEABLE FUTURE. IN PARALEL, SOLID KEY MANAGEMENT POLICIES AND IMPLEMENTATIONS WILL GAIN IMPORTANCE. IN MY OPINION THERE ARE STILL ISSUES TO EXPLORE IN THIS AREA AS WELL. IN ORDER TO MANAGE THE SERVICES AND MAINTAIN THE SECURITY ON THE NETWORK IT IS CRUCIALLY IMPORTANT TO KNOW WHO IS WHO IN A NETWORK ENABLED ENVIRONMENT. THIS IS ONLY BE ACHIEVED BY AN INTEROPERABLE AND ROBUST IDENTITY MANAGEMENT. EVEN THOUGH IT IS EASY TO SAY, IN REALITY TO PROVIDE A VALUABLE IDENTITY MANAGEMENT SERVICE IS ONE OF THE MOST GHALLENGING JOBS TO BE ACCOMPLISHED. 19
20 Conclusion NEC is a new era different from the one which we are in at the present time. Military messaging service is indispensible now and will be in the future. Major technology breakthroughs are required to cope with the challenges to accomplish the NEC goal
WAN-DDS A wide area data distribution capability
1 A wide area data distribution capability Piet Griffioen, Thales Division Naval - Above Water Systems, Netherlands Abstract- The publish-subscribe paradigm has shown many qualities to efficiently implement
More informationRealizing the Army Net-Centric Data Strategy (ANCDS) in a Service Oriented Architecture (SOA)
Realizing the Army Net-Centric Data Strategy (ANCDS) in a Service Oriented Architecture (SOA) A presentation to GMU/AFCEA symposium "Critical Issues in C4I" Michelle Dirner, James Blalock, Eric Yuan National
More informationWeb Services and Service Discovery in Military Networks. Frank T. Johnsen Trude Hafsøe Magnus Skjegstad
Web Services and Service Discovery in Military Networks Frank T. Johnsen Trude Hafsøe Magnus Skjegstad Outline Introducing service discovery SOA and status categories of discovery models three topologies
More informationDoDD DoDI
DoDD 8500.1 DoDI 8500.2 Tutorial Lecture for students pursuing NSTISSI 4011 INFOSEC Professional 1 Scope of DoDD 8500.1 Information Classes: Unclassified Sensitive information Classified All ISs to include:
More informationGPS OCX BLOCK 1 NETCENTRIC INTERFACES. Walid Al-Masyabi Raytheon Company, Intelligence, Information and Services,
GPS OCX BLOCK 1 NETCENTRIC INTERFACES Walid Al-Masyabi Raytheon Company, Intelligence, Information and Services, Chuck Corwin, Sarah Law, Stephen Moran, Michael Worden Raytheon Company, Intelligence, Information
More informationSecure information exchange
www.thales.no Secure information exchange 2 together. Safer. everywhere. Whenever critical decisions need to be made, Thales has a role to play. In all its markets aerospace, space, ground transportation,
More informationIntegrated C4isr and Cyber Solutions
Integrated C4isr and Cyber Solutions When Performance Matters L3 Communication Systems-East provides solutions in the C4ISR and cyber markets that support mission-critical operations worldwide. With a
More informationDigital Preservation at NARA
Digital Preservation at NARA Policy, Records, Technology Leslie Johnston Director of Digital Preservation US National Archives and Records Administration (NARA) ARMA, April 18, 2018 Policy Managing Government
More informationINFORMATION EXCHANGE GATEWAYS: REFERENCE ARCHITECTURE
INFORMATION EXCHANGE GATEWAYS: REFERENCE ARCHITECTURE MAY 2017 A NEXOR WHITE PAPER NEXOR 2017 ALL RIGHTS RESERVED CONTENTS 3 4 5 6 7 8 11 12 13 14 15 INTRODUCTION IEG SCENARIOS REFERENCE ARCHITECTURE ARCHITECTURE
More informationInventory and Reporting Security Q&A
Inventory and Reporting Security Q&A General Q. What is Inventory Reporting, Collection, and Analysis? A. Inventory Reporting, Collection, and Analysis is a tool that discovers, collects, and analyzes
More information5 Pillars of API. management
5 Pillars of API management 5 Pillars of API Management P3 Introduction: Managing the New Open Enterprise Realizing the Opportunities of the API Economy Across industry sectors, the boundaries of the
More informationGREEN DEFENCE FRAMEWORK
GREEN DEFENCE FRAMEWORK Approved by the North Atlantic Council in February 2014 GREEN DEFENCE FRAMEWORK OVERVIEW 1. Green Defence could, at this stage, be defined as a multifaceted endeavour cutting across
More informationBeyond Technical Interoperability
Beyond Technical Interoperability Net Centric Operations Context for the Interoperability & Net Centric Operations Track @ 2017 NDIA SE Conference October 2017 Jack Zavin Chair I/NCO Track jack.e.zavin.civ@mail.mil
More informationAFCEA Welcome/Opening Keynote Speech. Murad Bayar, Undersecretary for Defense Industries, MoND, Turkey
AFCEA Welcome/Opening Keynote Speech Murad Bayar, Undersecretary for Defense Industries, MoND, Turkey A Turkish Perspective on the Challenges of Security in a Network-Enabled Environment I would like to
More informationTest & Evaluation of the NR-KPP
Defense Information Systems Agency Test & Evaluation of the NR-KPP Danielle Mackenzie Koester Chief, Engineering and Policy Branch March 15, 2011 2 "The information provided in this briefing is for general
More informationFive Tips to Mastering Enterprise Mobility
Five Tips to Mastering Enterprise Mobility Table of Contents Introduction Tip 1: Assess Your Environment Tip 2: Review Security Protocols Tip 3: Be Smart About BYOD Tip 4: Consider Customized Mobility
More informationthalesgroup.com NETWORK & INFRASTRUCTURE SYSTEMS NEXIUM Theatre Your partner for smarter tactical networks
thalesgroup.com NETWORK & INFRASTRUCTURE SYSTEMS NEXIUM Theatre Your partner for smarter tactical networks Connecting your field operations any In a fast changing world with daily emerging new threats,
More informationTop Priority for Hybrid IT
Make Your Enterprise Network a Top Priority for Hybrid IT Hybrid IT has become a vital element in enterprises digital transformation strategy. But putting in place a hybrid IT framework is one thing, and
More informationIBM Software IBM InfoSphere Information Server for Data Quality
IBM InfoSphere Information Server for Data Quality A component index Table of contents 3 6 9 9 InfoSphere QualityStage 10 InfoSphere Information Analyzer 12 InfoSphere Discovery 13 14 2 Do you have confidence
More informationSparta Systems Stratas Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationIntegrating ITIL and COBIT 5 to optimize IT Process and service delivery. Johan Muliadi Kerta
Integrating ITIL and COBIT 5 to optimize IT Process and service delivery Johan Muliadi Kerta Measurement is the first step that leads to control and eventually to improvement. If you can t measure something,
More informationSingapore s National Digital Identity (NDI):
Singapore s National Digital Identity (NDI): Leaving no one behind Kwok Quek Sin Director, National Digital Identity Programme Government Technology Agency PART 1 INTRODUCTION TO NDI Better Living For
More informationCertification Authority
Certification Authority Overview Identifying CA Hierarchy Design Requirements Common CA Hierarchy Designs Documenting Legal Requirements Analyzing Design Requirements Designing a Hierarchy Structure Identifying
More informationWho s Protecting Your Keys? August 2018
Who s Protecting Your Keys? August 2018 Protecting the most vital data from the core to the cloud to the field Trusted, U.S. based source for cyber security solutions We develop, manufacture, sell and
More informationIdentity Management as a Service
Identity Management as a Service The Challenge Today s technological landscape is one of permanent change. While connections to digital services and mobile devices grow, securing the data generated by
More informationTASMUS.
TASMUS www.aselsan.com.tr TACTICAL AREA COMMUNICATIONS SYSTEM TASMUS Tactical Area Communications System TASMUS, Tactical Area Communications System, is a network centric communication infrastructure that
More informationSparta Systems TrackWise Digital Solution
Systems TrackWise Digital Solution 21 CFR Part 11 and Annex 11 Assessment February 2018 Systems TrackWise Digital Solution Introduction The purpose of this document is to outline the roles and responsibilities
More informationVocera Secure Texting 2.1 FAQ
General Description Q. What is Vocera Secure Texting? A. Vocera Secure Texting (VST) combines convenience with privacy by providing a secure, easy to use, HIPAA-compliant alternative to SMS as well as
More informationInteragency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008
Interagency Advisory Board HSPD-12 Insights: Past, Present and Future Carol Bales Office of Management and Budget December 2, 2008 Importance of Identity, Credential and Access Management within the Federal
More informationWe make hybrid cloud deliver the business outcomes you require
We make hybrid cloud deliver the business outcomes you require Leverage the optimum venues for your applications and workloads and accelerate your transformation as a digital business The business outcomes
More informationUNCLASSIFIED. R-1 ITEM NOMENCLATURE PE D8W: IT Software Development Initiatives. FY 2011 Total Estimate. FY 2011 OCO Estimate
Exhibit R-2, RDT&E Budget Item Justification: PB 2011 Washington Headquarters Service DATE: February 2010 COST ($ in Millions) FY 2009 Actual FY 2010 FY 2012 FY 2013 FY 2014 FY 2015 Cost To Complete Program
More informationService-Oriented Architecture for Command and Control Systems with Dynamic Reconfiguration
Service-Oriented Architecture for Command and Control Systems with Dynamic Reconfiguration Raymond A. Paul Department of Defense Washington, DC raymond.paul@osd.mil 2004-5-22 1 Outlines Motivation Dynamic
More information1. Publishable Summary
1. Publishable Summary 1.1Project objectives and context Identity management (IdM) has emerged as a promising technology to distribute identity information across security domains. In e-business scenarios,
More informationThe Impact of SOA Policy-Based Computing on C2 Interoperation and Computing. R. Paul, W. T. Tsai, Jay Bayne
The Impact of SOA Policy-Based Computing on C2 Interoperation and Computing R. Paul, W. T. Tsai, Jay Bayne 1 Table of Content Introduction Service-Oriented Computing Acceptance of SOA within DOD Policy-based
More informationWHITEPAPER Rewrite Services. Power365 Integration Pro
WHITEPAPER Email Rewrite Services Power365 Integration Pro Table of Contents The Challenge... 3 The Binary Tree Solution... 3 What to Expect... 3 Day 1 Email Rewrite Services... 3 Day 2 Email Rewrite Services...
More informationNext Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop
Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop PACS Integration into the Identity Infrastructure Salvatore D Agostino CEO, IDmachines LLC 8 th Annual
More informationFederated Access. Identity & Privacy Protection
Federated Access Identity & Privacy Protection Presented at: Information Systems Security Association-Northern Virginia (ISSA-NOVA) Chapter Meeting Presented by: Daniel E. Turissini Board Member, Federation
More informationPlanning and Deploying System Center 2012 Configuration Manager
Planning and Deploying System Center 2012 Configuration Manager 10748C; 3 days, Instructor Led Course Description Get detailed instruction and hands-on practice planning and deploying Microsoft System
More informationDesigning and Deploying Messaging Solutions with Microsoft Exchange Server 2010
Designing and Deploying Messaging Solutions with Microsoft Exchange Server 2010 Course No.10233B 5 Days Instructor-led, Hands-on Introduction This five-day, instructor-led course provides you with the
More informationKeynote: The Future of Data Leakage Prevention
Keynote: The Future of Data Leakage Prevention ISSS Zürcher Tagung 2010 1.6.2010, WIDDER Hotel, Zürich Sandy Porter Head of Identity and Security, Avoco Secure Information Security Society Switzerland
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete
More informationBeyond Technical Interoperability Introducing a Reference Model for Measures of Merit for Coalition Interoperability
Beyond Technical Interoperability Introducing a Reference Model for Measures of Merit for Coalition Interoperability Andreas Tolk, Ph.D. Virginia Modeling Analysis and Simulation Center Old Dominion University
More informationSentinet for BizTalk Server SENTINET
Sentinet for BizTalk Server SENTINET Sentinet for BizTalk Server 1 Contents Introduction... 2 Sentinet Benefits... 3 SOA and API Repository... 4 Security... 4 Mediation and Virtualization... 5 Authentication
More informationEllipse Web Services Overview
Ellipse Web Services Overview Ellipse Web Services Overview Contents Ellipse Web Services Overview 2 Commercial In Confidence 3 Introduction 4 Purpose 4 Scope 4 References 4 Definitions 4 Background 5
More informationAIM Enterprise Platform Software IBM z/transaction Processing Facility Enterprise Edition 1.1.0
z/tpf V1.1 TPF Users Group - Spring 2009 Security Considerations in a Service Oriented Architecture (SOA) Jason Keenaghan Main Tent AIM Enterprise Platform Software IBM z/transaction Processing Facility
More informationRSA Solution Brief. Providing Secure Access to Corporate Resources from BlackBerry. Devices. Leveraging Two-factor Authentication. RSA Solution Brief
Providing Secure Access to Corporate Resources from BlackBerry Devices Leveraging Two-factor Authentication Augmenting the BlackBerry Enterprise Solution BlackBerry devices are becoming ubiquitous throughout
More informationExecutive Summary...1 Chapter 1: Introduction...1
Table of Contents Executive Summary...1 Chapter 1: Introduction...1 SSA Organization... 1 IRM Strategic Plan Purpose... 3 IRM Strategic Plan Objectives... 4 Relationship to Other Strategic Planning Documents...
More informationOracle Enterprise Single Sign-on Authentication Manager
Oracle Enterprise Single Sign-on Authentication Manager Installation and Setup Guide Release 10.1.4.0.4 E10559-01 November 2007 , Release 10.1.4.0.4 E10559-01 Copyright 2006-2007, Oracle. All rights reserved.
More informationArchiving. Services. Optimize the management of information by defining a lifecycle strategy for data. Archiving. ediscovery. Data Loss Prevention
Symantec Enterprise Vault TransVault CommonDesk ARCviewer Vault LLC Optimize the management of information by defining a lifecycle strategy for data Backup is for recovery, archiving is for discovery.
More informationCommonwealth of Pennsylvania - Justice Network
Commonwealth of Pennsylvania - Justice Network Published: June 1999 FIORANO CUSTOMER SOLUTION Commonwealth of Pennsylvania uses Fiorano s solution to enhance public safety in the State by enabling Real
More informationThe Modeling and Simulation Catalog for Discovery, Knowledge, and Reuse
The Modeling and Simulation Catalog for Discovery, Knowledge, and Reuse Stephen Hunt OSD CAPE Joint Data Support (SAIC) Stephen.Hunt.ctr@osd.mil The DoD Office of Security Review has cleared this report
More information10 Hidden IT Risks That Might Threaten Your Business
(Plus 1 Fast Way to Find Them) Your business depends on intelligence. But can you count on your technology? You may not be in the intelligence technology business, but it s probably impossible to imagine
More informationA metadata-driven process for handling statistical data end-to-end
A metadata-driven process for handling statistical data end-to-end Denis GROFILS Seconded National Expert Methodology and corporate architecture Content Context Approach Benefits Enablers Challenges Conclusions
More informationIdentität und Autorisierung als Grundlage für sichere Web-Services. Dr. Hannes P. Lubich IT Security Strategist
Identität und Autorisierung als Grundlage für sichere Web-Services Dr. Hannes P. Lubich IT Security Strategist The Web Services Temptation For every $1 spent on software $3 to $5 is spent on integration
More information2 The IBM Data Governance Unified Process
2 The IBM Data Governance Unified Process The benefits of a commitment to a comprehensive enterprise Data Governance initiative are many and varied, and so are the challenges to achieving strong Data Governance.
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationIBM SmartCloud Engage Security
White Paper March 2012 IBM SmartCloud Engage Security 2 IBM SmartCloud Engage Security Contents 3 Introduction 3 Security-rich Infrastructure 4 Policy Enforcement Points Provide Application Security 7
More informationService Interface Design RSVZ / INASTI 12 July 2006
Architectural Guidelines Service Interface Design RSVZ / INASTI 12 July 2006 Agenda > Mandatory standards > Web Service Styles and Usages > Service interface design > Service versioning > Securing Web
More informationSOA-20: The Role of Policy Enforcement in SOA Management
SOA-20: The Role of Policy Enforcement in SOA Management Phil Walston VP Product Management Layer 7 Technologies Overview Discuss policy in SOA, the role of Policy Enforcement Points and where this fits
More informationHIPAA Compliance Checklist
HIPAA Compliance Checklist Hospitals, clinics, and any other health care providers that manage private health information today must adhere to strict policies for ensuring that data is secure at all times.
More informationOverview. Requirements. Aims. Services and messages. Architecture overview. JBossESB. What are the aims behind JBossESB?
Overview JBossESB Dr Mark Little Director of Standards, Development Manager What are the aims behind JBossESB? Requirements Architecture Messages and services Interoperability Deployment realities What
More informationMicrosoft SharePoint Server 2013 Plan, Configure & Manage
Microsoft SharePoint Server 2013 Plan, Configure & Manage Course 20331-20332B 5 Days Instructor-led, Hands on Course Information This five day instructor-led course omits the overlap and redundancy that
More informationDynamic Service Discovery
Dynamic Service Discovery A position paper for the W3C Workshop on Web Services for Enterprise Computing, by Kinga Dziembowski of Gestalt-LLC. My position Service Discovery in the dynamic and transient
More informationMilitary Message Handling System
Military Message Handling System HFIA, KJELLER 8 SEP 2017 Bengt R. Kristiansen, Øyvind Jonsson www.thalesgroup.com MMHS used in HF networks www.thalesgroup.com Minimum Military Requirements Built-in support
More informationUSSTRATCOM Global C2. Mr Dave Gelenter USSTRATCOM/J86 Mar This Briefing is UNCLASSIFIED
USSTRATCOM Global C2 Mr Dave Gelenter USSTRATCOM/J86 Mar 2006 This Briefing is The Vision Our objective is a global, persistent, 24/7 collaborative environment-comprising people, systems, and tools. Our
More informationSentinet for Microsoft Azure SENTINET
Sentinet for Microsoft Azure SENTINET Sentinet for Microsoft Azure 1 Contents Introduction... 2 Customer Benefits... 2 Deployment Topologies... 3 Cloud Deployment Model... 3 Hybrid Deployment Model...
More informationShould You Use Liberty or Passport for Digital Identities?
Select Q&A, J. Pescatore, A. Litan Research Note 12 August 2003 Should You Use Liberty or Passport for Digital Identities? Federated digital identities, such as from the Liberty Alliance and Microsoft
More informationSparta Systems TrackWise Solution
Systems Solution 21 CFR Part 11 and Annex 11 Assessment October 2017 Systems Solution Introduction The purpose of this document is to outline the roles and responsibilities for compliance with the FDA
More informationBrian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos
Brian Russell, Chair Secure IoT WG & Chief Engineer Cyber Security Solutions, Leidos Cloud Security Alliance, 2015 Agenda 1. Defining the IoT 2. New Challenges introduced by the IoT 3. IoT Privacy Threats
More informationCISCO SHIELDED OPTICAL NETWORKING
CISCO SHIELDED OPTICAL NETWORKING Dr. Gaurav Kumar Jain Regional College For Education, Research and Technology Email: gaurav.rinkujain.jain@gmail.com Tarun Kumawat JECRC,UDML,College of Engineering Purabi
More informationAVAYA FABRIC CONNECT SOLUTION WITH SENETAS ETHERNET ENCRYPTORS
AVAYA FABRIC CONNECT SOLUTION WITH SENETAS ETHERNET ENCRYPTORS This document describes government certified Ethernet encryption solutions for networks incorporating Avaya s IEEE 802.1aq (SPB) Fabric Connect
More informationDepartment of Defense INSTRUCTION
Department of Defense INSTRUCTION NUMBER 8551.1 August 13, 2004 ASD(NII)/DoD CIO SUBJECT: Ports, Protocols, and Services Management (PPSM) References: (a) DoD Directive 8500.1, "Information Assurance (IA),"
More informationiscsi Technology: A Convergence of Networking and Storage
HP Industry Standard Servers April 2003 iscsi Technology: A Convergence of Networking and Storage technology brief TC030402TB Table of Contents Abstract... 2 Introduction... 2 The Changing Storage Environment...
More informationLinking ITSM and SOA a synergetic fusion
Linking ITSM and SOA a synergetic fusion Dimitris Dranidis dranidis@city.academic.gr CITY College, Computer Science Department South East European Research Centre (SEERC) CITY College CITY College Founded
More informationInformation Sharing in the GIG Environment and the C2 Perspective
Information Sharing in the GIG Environment and the C2 Perspective 24 April 07 Precision Strike Conference People throughout the trusted, dependable and ubiquitous network are empowered by their ability
More informationMNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationFrench-American Foundation Conference on cyber issues. Opening remarks. 25 October 2017
French-American Foundation Conference on cyber issues Opening remarks 25 October 2017 Général d armée aérienne Denis MERCIER 1 Ladies and gentlemen, It is a great honour and a personal pleasure for me
More informationDoD Common Access Card Convergence of Technology Access/E-Commerce/Biometrics
DoD Common Access Card Convergence of Technology Access/E-Commerce/Biometrics IDENTITY Mary Dixon February 12, 2003 1 A Short Review and Update 2 DoD is issuing 4 million smart cards to: Active Duty Military
More informationImplementing a Ground Service- Oriented Architecture (SOA) March 28, 2006
Implementing a Ground Service- Oriented Architecture (SOA) March 28, 2006 John Hohwald Slide 1 Definitions and Terminology What is SOA? SOA is an architectural style whose goal is to achieve loose coupling
More informationSecurity Readiness Assessment
Security Readiness Assessment Jackson Thomas Senior Manager, Sales Consulting Copyright 2015 Oracle and/or its affiliates. All rights reserved. Cloud Era Requires Identity-Centric Security SaaS PaaS IaaS
More informationPolicy Based Security
BSTTech Consulting Pty Ltd Policy Based Security The implementation of ABAC Security through trusted business processes (policy) and enforced metadata for people, systems and information. Bruce Talbot
More informationPKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures
Public Key Infrastructures Public Key Infrastructure Definition and Description Functions Components Certificates 1 2 PKI Services Security Between Strangers Encryption Integrity Non-repudiation Key establishment
More informationNational Cybersecurity Center of Excellence (NCCoE) Mobile Application Single Sign
This document is scheduled to be published in the Federal Register on 11/29/2016 and available online at https://federalregister.gov/d/2016-28627, and on FDsys.gov Billing Code: 3510-13 DEPARTMENT OF COMMERCE
More informationwhite paper SMS Authentication: 10 Things to Know Before You Buy
white paper SMS Authentication: 10 Things to Know Before You Buy SMS Authentication white paper Introduction Delivering instant remote access is no longer just about remote employees. It s about enabling
More informationWeb Services in Cincom VisualWorks. WHITE PAPER Cincom In-depth Analysis and Review
Web Services in Cincom VisualWorks WHITE PAPER Cincom In-depth Analysis and Review Web Services in Cincom VisualWorks Table of Contents Web Services in VisualWorks....................... 1 Web Services
More informationMAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013
MAESON MAHERRY 3 Factor Authentication and what it means to business. Date: 21/10/2013 Concept of identity Access Control User Self-Service Identity and Access Management Authoritive Identity Source User
More informationOpen Source s Role in CONNECTing the Nation s Healthcare Community. Lauren Thompson, PhD Director, Federal Health Architecture
Open Source s Role in CONNECTing the Nation s Healthcare Community Lauren Thompson, PhD Director, Federal Health Architecture Federal Health Architecture: Advancing National Health IT Federal Health Architecture
More informationEntering the World of Ubiquitous Media. Mikko Rusama, Chief Digital Yle February 15th, 2018
Entering the World of Ubiquitous Media Mikko Rusama, Chief Digital Officer @ Yle February 15th, 2018 Yle milestones 1926 Radio 1958 TV 2004 2007 Revolution of user interfaces Over 35m smart speakers
More informationCERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS
CERTIFIED IN THE GOVERNANCE OF ENTERPRISE IT CGEIT AFFIRM YOUR STRATEGIC VALUE AND CAREER SUCCESS Good IT governance is a key element of a well-performing enterprise. Enterprises need qualified information
More informationWeb Conferencing Service (WCS)
Web Conferencing Service (WCS) The EIS Web Conferencing Service (WCS) helps an agency eliminate the time and costs associated with traveling to different locations for meetings. WCS enables personnel to
More informationSolving the Enterprise Data Dilemma
Solving the Enterprise Data Dilemma Harmonizing Data Management and Data Governance to Accelerate Actionable Insights Learn More at erwin.com Is Our Company Realizing Value from Our Data? If your business
More informationSentinet for BizTalk Server VERSION 2.2
for BizTalk Server VERSION 2.2 for BizTalk Server 1 Contents Introduction... 2 SOA Repository... 2 Security... 3 Mediation and Virtualization... 3 Authentication and Authorization... 4 Monitoring, Recording
More informationWHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help
WHITE PAPER The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help ii Contents Personal Data Defined... 1 Why the GDPR Is Such a Big Deal... 2 Are You Ready?...
More informationTB+ 1.5 Billion+ The OnBase Cloud by Hyland 600,000,000+ content stored. pages stored
the onbase cloud ONBASE CLOUD // Experience Matters The OnBase Cloud by Hyland When it comes to cloud deployments, experience matters. With experience comes more functionality, an established history of
More informationMetadata Framework for Resource Discovery
Submitted by: Metadata Strategy Catalytic Initiative 2006-05-01 Page 1 Section 1 Metadata Framework for Resource Discovery Overview We must find new ways to organize and describe our extraordinary information
More informationLeveraging HSPD-12 to Meet E-authentication E
Leveraging HSPD-12 to Meet E-authentication E Policy and an update on PIV Interoperability for Non-Federal Issuers December 2, 2008 Chris Louden IAB 1 Leveraging HSPD-12 to Meet E-Authentication E Policy
More informationData Security at Smart Assessor
Data Security at Smart Assessor Page 1 Contents Data Security...3 Hardware...3 Software...4 Data Backups...4 Personnel...5 Web Application Security...5 Encryption of web application traffic...5 User authentication...5
More informationWorld s Most Secure Government IT Solution
SOLUTION BRIEF World s Most Secure Government IT Solution Secure and control highly-classified data access with Teradici PCoIP Solutions Government organizations worldwide depend on PCoIP remote desktops
More informationPublic Key Establishment
Public Key Establishment Bart Preneel Katholieke Universiteit Leuven February 2007 Thanks to Paul van Oorschot How to establish public keys? point-to-point on a trusted channel mail business card, phone
More informationAudience(s) : IT Professionals Level : 300 Technology : Microsoft System Center Configuration Manager Delivery Method : Instructor-led (Classroom)
[MS10748]: Planning and Deploying System Center 2012 Configuration Length : 3 Days Audience(s) : IT Professionals Level : 300 Technology : System Center Configuration Delivery Method : Instructor-led (Classroom)
More information