S.ICZ

Frantisek Vosejpkafrantisek.vosejpka@i.cz

The enforcement of NATO INFOSEC requirements

into the policy and architecture of CISs

CATE 2003Brno, 28.-30. April 2003

2

1. The objectives

To sum up the breaches that have caused that some Czech government CISs have not reached the required functionality and failed their certification process.

General INFOSEC requirements of:- Czech Act No 148/1998, and- revised NATO Security Policy.

Possible „Target CIS INFOSEC architecture“ and migration steps.

3

2. The limitations of this presentation

The content of this article is unclassified and limited by quite weak access of a civil firm (even with industrial security clearance) to the whole suite of NATO Security Policy documents.

4

3. NATO INFOSEC Policy within the national conditions

sets out the policy and minimum standards for the protection of NATO classified information, supporting system services, and resources;

addresses:- the activities in system life cycle,- security principles,- INFOSEC responsibilities, and- system interconnection requirements.

5

continuation

NATO INFOSEC policy is: mandatory whenever the NATO CIS or its

node is deployed within national conditions,

recommended and very useful in many other cases within national CISs.

NATO INFOSEC policy and the documents on INFOSEC Architecture contributes to compatibility and interoperability.

6

continuation

NATO INFOSEC policy is applicable to MoD, MFA and other organizations, whose CISs should be connected to a CIS of the European Union.

The Security Arrangements: All NATO classified information that is released

to WEU is for official use only. It will be disseminated to individuals in WEU on a Need-To-Know basis;

WEU security regulations are based on NATO regulations;

NATO Unclassified information is only for official use and should be appropriately protected.

7

4. Current state of CISs within the CZ gov. organizations Some government organizations currently

have a large deployed base of problem-oriented CISs: designed to different standards and

are not interoperable, information protection at its specific

classification level, use of different confidentiality algorithms.

The need to develop an integrated CIS of the entire organization has arisen.

8

5. Problems of integration

Diversity of CISs leads to difficulty in systems integration:

Broad diversity of technology; Multiplicity of databases, mail and other

common services; High project investment needs and their

low efficiency; High operation and maintenance;

requirements, lack of IT specialists; High requirements on communication

infrastructure;

9

continuation

… difficulty in systems integration: Failure to meet user requirements on the

operability and information availability from a single workstation;

Failure to meet security requirements necessary for issue of “Approval to Operate” classified information (the certificate);

Inability to fulfil security requirements simultaneously in all sites leads to operation limited to unclassified information;

“Approval to Operate” limited at one or several sites also causes failure to meet operational requirements.

10

LANVLAN

Workstation

Workstation

Workstation

Policy A:Classification: RestrictedMode of operation: DedicatedStandards: X, local net

LANVLAN

Policy B:Classification: RestrictedMode of operation: System HighStandards: Y, local net

LANVLAN

Policy C:Classification: UnclassifiedMode of operation: NoneStandards: Z, distributed

Policy DStandalone WS

User

Higher classification level ???Internet ???

Multiple managements, policies and standards

Complicated communication infrastructure and security

Private WANAccessRouter

The user access fails from one computer

11

6. Way to integrate …

The analysis and design of the INFOSEC Architecture of the Target CIS Core Services; Functional Applications.

Projection of a Migration Plan Definition of the Community Security

Requirement Statement (CSRS); Migration of CISs into the common

network of the future “Target CIS“; Smooth migration IT to common

standards.

12

LAN / VLANs / Domains

Standards: X Standards: Y Standards: Z

User

Policy:Classification: Restricted

Mode of operation: System High

IP-Crypto WANAccessRouter

Centralized management, CSRS based policies, multiple standards

Common communication infrastructure and environment

The CISs integrated within the frame of CSRS

13

The IT integrated within the common standards

Policy:Classification: RestrictedMode of operation: System High

User

Core Services

SERVICES

Appl1

Appl2

Appl3

IP-Crypto

WANAccessRouter

Centralized management, unified policy or CSRS based policies

Common standards, core services, communication infrastructure and environment

14

7. Policy, classification level, and security mode of operation

Requirements: Operational requirements; Classified information of different levels.

Limitations Commercial Off-The-Shelf (COTS) IT; Security environment (physical, personnel); Security mode of operation; Need-to-know and other security principles.

15

The CISs integrated within the frame of CSRS

CONFIDENTIALCIS

DMZ

SECRETCIS

Mission Remote WSs

SECRETCIS

SECRETCIS

Government Organization Other Government OrganizationNATO / EU organization

RestrictedCIS

RestrictedCIS

One way Flow?

RestrictedCIS

PublicINTERNET

Private Intranetwith domain for

Unclassified

One way Flow?

One way Flow?Public Domain

DMZDMZ

DMZDMZ

DMZ

PrivateUnclassified

SecurityAgreement

SecurityAgreement

SecurityAgreement

16

9. ConclusionsCZ CISs that handle classified information: have to invoke minimum security

requirement of Czech Act No 148/1998; should follow NATO Security Policy

Directives and NATO INFOSEC Architecture to implement the detailed: security principles and minimum standards, life cycle requirements, risk evaluation and vulnerability reports, risk management procedures, security operational procedures, etc.