GSAW 2006 Information Assurance in Government Space Systems: From Art to Engineering Charles Lavine The Aerospace Corporation 310-336-1595 lavine@aero.org 1
Toward the Global Information Grid Toward the Global Information Grid and Net-Centric Operations And Network Centric Operations Past FY03-FY10 FY06-FY20 Graphics developed by DISA 2
Information Assurance is in Transition The Global Information Grid concept is changing the computing landscape DoD security policy and processes are changing Requirements (DoDI 8500.2) Certification and Accreditation Boundary Protection (Cross Domain Solutions) DoD IA for Space policy signed AFSPC/LC designated accreditor NSA changes (Space SPO) NSS Acquisition Management process has changed DoD 5000.2 NSS 03-01 NSS Engineering has evolved Systems Engineering Software Engineering 3
Moving NSS IA From Art to Engineering What do we need to have: Well-defined role in system acquisition processes Well-defined role in system engineering processes Consistent Certification and Accreditation process Identify Capabilities Reasonable cost models Understandable Requirements Express Architecture in system perspective Agreed to verification procedures Well-defined roles and responsibilities Contracting mechanisms to support engineering Research to support future directions Appropriate training and expertise 4
Topics Discussed at IA Workshop Roles And Responsibilities Contracting for IA IA Research Directions IA Cost Modeling Key Management Architectures IA Requirements Interpretations 5
C & A Roles, Responsibilities, and Relationships User Representative Represent mission needs Contractor Build, test and document system System requirements, MAC and confidentiality levels System and IA documents, test plans, results Program Manager Acquire system Contractor documents Certification Authority Appraise system IA (e.g., write SSAA, perform vulnerability scans) SSAA, Risk description, Readiness recommendation DAA Assess risk and authorize system operation Roles and Responsibilities 6
IA Acquisition and Engineering in National Security Space Systems Acquisition National Security Space Acquisition Policy 03-01 Certification and Accreditation Cross Domain Solutions DOD Information Assurance Policy Program Protection Engineering Capabilities Requirements Architecture Design Build Test Software and Systems Engineering Contracting 7
Research Challenges Software Assurance Dynamic Communities of Interest Cross-organization Network and system administration Dynamic, federated systems Trust management High assurance Higher assurance mechanisms needed for highly connected systems Security agility Respond to failures/attacks Confidentiality and integrity protection for data In transit and at rest Information availability Research 8
Network Security At What Cost? Establishing network defenses How much should you budget? Acquisitions? Labor? Licenses? Support? What are the cost tradeoffs? What would you do if you did not get enough money? Maintaining network defenses How much does it take to maintain your defenses? Acquisitions? Labor? Licenses? Support? How do you justify these costs in the POM? What would you do if you were short changed? Cost Models 9
Key Management Infrastructure (KMI) Support for GIG 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 COMSEC Material Control System (Physical Products) IOC Rel 3 EKMS Ph 4 IOC Ph 5 IOC KMI Client/AKP replaces LMD/KP OTNK Pilot KMI CI-2 IOC KMI CI-3 IOC IOC Transform Key Provisioning from human intensive operations to Net- Centric operations Support infrastructure changes to enable direct delivery of keying material to End Cryptographic Units. Support network management of key provisioning services via the net. Support new Crypto Modernization Algorithm Suite (JTRS, WIN-T, TC, etc) Provide Seamless Foreign Interoperability and Releasability to enable Cross Domain Solutions and Allied and Coalition sharing. Key Management Infrastructe 10 10
Backup Charts 11
Security is Policy driven 12