Mr. Mark S. Loepker Colonel Enrico Bologna SC/4 Co-Chairmen

NATO UNCLASSIFIED

NATO Consultation, Command & Control BoardINFOSEC Subcommittee

“Protection of Information”SC/4 Perspectives

4 May 2005

Mr. Mark S. LoepkerColonel Enrico Bologna

SC/4 Co-Chairmen

NATO UNCLASSIFIED 2

NATO

C3Staff/IB

ProtectingInformation

ProtectingInformation

INFOSEC

Subcommittee

SC/4

NOS

MultipleBodies

NATO UNCLASSIFIED 3

NATO

C3Staff/IB Overview

• INFOSEC Subcommittee - SC/4

• Role of SC/4

• Achievements & Activities

• Areas of Interest

NATO UNCLASSIFIED 4

NATO

C3Staff/IB Mission Statement

The primary mission of the INFOSEC SC is to support the NATO C3 Board (NC3B) in achieving the fundamental security objectives of confidentiality, integrity and availability in relation to NATO information stored, processed or transmitted in C3 systems and, as appropriate, in relation to the supporting C3 systems infrastructure. The INFOSEC SC also supports the Military Committee (MC) and the NATO Security Committee (NSC) by responding on urgent matters of an operational or a security policy nature.

NATO UNCLASSIFIED 5

NATO

C3Staff/IB SC/4 Composition

• 26 Member National Representatives • Strategic Commands & Agencies:

– Supreme Headquarters Allied Powers Europe (SHAPE) / ACO – Supreme Allied Command Transformation (SACT)– NATO Office of Security (NOS)– NATO CIS Support Agency (NCSA)– NATO C3 Agency (NC3A)– NATO ACCS Management Agency (NACMA)– SECAN, DACAN, EUSEC, EUDAC

• Secretariat: – Co-Chairmen (Staff and Nationally Elected)– Secretary

NATO UNCLASSIFIED 6

NATO

C3Staff/IB

SECANMilitary Committee Communications and Information Systems Security and Evaluation Agency - US Staffed and Operated

EUSECMilitary Committee European Communications Security and Evaluation Agency - UK Staffed and Operated

DACANMilitary Committee Distribution and Accounting AgencyUS Staffed and Operated

EUDACMilitary Committee European Distribution and Accounting AgencyUK Staffed and Operated

The Agencies

NATO UNCLASSIFIED 7

NATO

C3Staff/IB

NAC

NATO SECURITY COMMITTEE

NATO C3 BOARDMILITARY

COMMITTEE

SC/8Naviga-

tion

PROVIDES INFOSEC TECHNICAL AND IMPLEMENTATION DIRECTIVES AND GUIDANCE

SC/4INFOSEC

SC/2Inter-

operability

SC/3Frequency

Management

SC/5Information

Systems

SC/6Communications

Network

SC/7Identi-fication

WG/1ADP SECURITY

SC/1Joint Requirements

and Concepts

Relationships

NATO UNCLASSIFIED 8

NATO

C3Staff/IB Relationships

RequirementsSACT

SHAPE / ACOSC/4

INFOSEC

NATO C3 BOARDMILITARY

COMMITTEE

SECAN

DACAN

EUSEC

EUDAC

NC3A

NCSA

NACMA

Provides technical support, as needed

NATO UNCLASSIFIED 9

NATO

C3Staff/IB

Ad Hoc Working Groups

INFOSEC SCAC/322 (SC/4)

INFOSEC SCAC/322 (SC/4)

INTERCONNECTION OFNETWORKS(ICN)AHWG/4

Chairman: Mr. Jim OBALSec: Cdr. Bernd FÜSER

INTERCONNECTION OFNETWORKS(ICN)AHWG/4

Chairman: Mr. Jim OBALSec: Cdr. Bernd FÜSER

SCIP AHWG/6Chairman: Antony MARTIN

Sec: Maj. Fred JORDAN

SCIP AHWG/6Chairman: Antony MARTIN

Sec: Maj. Fred JORDAN

COMMON CRITERIAAHWG/10

Chairman: Mr. David MARTINSec: LTC Mike RICHARDSON

COMMON CRITERIAAHWG/10

Chairman: Mr. David MARTINSec: LTC Mike RICHARDSON

NATO/NON-NATO CO-OPERATION AHWG/11

Chairman: Cdr. Bernd FÜSER

NATO/NON-NATO CO-OPERATION AHWG/11

Chairman: Cdr. Bernd FÜSER

Staff co-ChairmanCol. Enrico BOLOGNA

National co-ChairmanMr. Mark Loepker

INFOSEC ARCHITECTURES

AHWG/13Chairman: CDR Wolfgang KÖHLER

Sec: Maj. Giordano EUSEPI

INFOSEC ARCHITECTURES

AHWG/13Chairman: CDR Wolfgang KÖHLER


CRYPTOGRAPHICDOCUMENTATION

AHWG/14Chairman: Mrs. Debby WALLNER


CRYPTOGRAPHICDOCUMENTATION

AHWG/14Chairman: Mrs. Debby WALLNER


TECHNICAL INFOSECDOCUMENTATION

AHWG/15Chairman: Mr. Kjell W. BERGAN

Sec: LTC Mike Richardson

TECHNICAL INFOSECDOCUMENTATION

AHWG/15Chairman: Mr. Kjell W. BERGAN

Sec: LTC Mike Richardson

ISDN AHWG/3Dormant

Chairman: VACANT

ISDN AHWG/3Dormant

Chairman: VACANT

LTC Mike RichardsonSecretary:

CRYPTOGRAPHIC MODERNISATION AHWG/16

Chairman: LTC Robert LOGSDONSec: Col Enrico BOLOGNA

CRYPTOGRAPHIC MODERNISATION AHWG/16

Chairman: LTC Robert LOGSDONSec: Col Enrico BOLOGNA

NATO UNCLASSIFIED 10

NATO

C3Staff/IB Role of SC/4

• Develop Technical and Implementation Directives and Guidance Based on Security Policy

• Assist in Identification and Formulation of INFOSEC Requirements

• Promote Interoperability Between NATO and NATO Nations, Non-NATO Nations and International Organizations


NATO

C3Staff/IB Role of SC/4 (Continued)

• Recommend Improvements to Operations, Materials, and Facilities

• Contribute to the Identification of Vulnerabilities

• Provide a Forum for Exchange of Information and Ideas


NATO

C3Staff/IB Role of SC/4 (Continued)

• Maintain Technological Awareness of Developments That May Affect Security

• Advise the NATO Security Council on Implications for NATO Security Policy

• Monitor and Assess the INFOSEC Projects Within the NC3A


NATO

C3Staff/IB 2004 Achievements

• Requirement for, Selection, Approval and Implementation of, Security Tools

• Electronic Labelling of NATO Information

• Consistent Marking of NATO Information in C3 Systems

• Intrusion Detection • Support of PKI Cryptographic Aspects


NATO

C3Staff/IB 2004 Achievements (Continued)

• Education and Training Requirements for INFOSEC Personnel

• Criteria for NNN Structures, Rules and Procedures

• Strategy on Non-NATO Cryptographic Confidentiality Issues – Implementation Plan

• INFOSEC Course for NNN and IO• NATO Public Key Infrastructure Reference

Architecture


NATO

C3Staff/IB 2005 Planned Activities

• Cryptographic Security and Cryptographic Mechanisms

• Protecting NATO Information Over the Internet

• Network Centric Environment• Guidance on Common Criteria• Technical Characteristics for Primary

Rate Interface


NATO

C3Staff/IB2005 Planned Activities

(Continued)

• Secure Communications Interoperability Protocol

• Comprehensive Cryptographic Modernisation Roadmap

• INFOSEC Training and Awareness Programme

• Plenary Session in EAPC Format • INFOSEC Day with Industry


NATO

C3Staff/IB


NATO

C3Staff/IBINFOSEC Capability

Package

• Reference Architectures

• Strategic Commands Input

• Statement of Requirements

• Provides Nations Insight for INFOSEC Product Development


NATO

C3Staff/IBCrypto Selection and

Procurement

• CSP Task Force– IS, IMS, Nations, SC, Agencies– Agreed That Synchronisation Will Reduce

Procurement Delay

• NICE & NSIE Initial Review– Separate Serial Processes - Caused

Delays– Change to Integrated Parallel Approach


NATO

C3Staff/IBCyber Defence and

NCIRC

• Central Capability

• Incident Handling and Reporting

• Establish Links With National CIRCs

• NATO Computer Incident Response Capability (NCIRC) IOC Declared on 16 Dec 04

• IDS 17 Sites/2 Sensors Each by End 05


NATO

C3Staff/IBNATO Public Key

Infrastructure

• Governed by NATO PKI Management Authority (NPMA)

• Ensure Interoperability Across NATO, NATO Nations and its Partners

• Provides Identification, Authenticity and Integrity

• Provides Protection of NATO Information up to NATO Restricted

• Must have Public Key Enabled Applications


NATO

C3Staff/IBNATO Network Enabled

Capability (NNEC)

• Support to Political and Military

• Strategic Framework – Late 2005

• INFOSEC Aspects– Operational Requirements– Security Policy– Network Interconnections– Risk Management


NATO

C3Staff/IB Road Map

• NOS Developed– Support NSC and NC3B

• Web based collection of NATO Security Policies, Directives, and Guidance for the protection of NATO Information on Communication and Information Systems (CIS)

• In Final Development


NATO

C3Staff/IB Summary

• Protecting Information is Complex

• Policy, Directives, Guidance and Oversight Provide Common Agreed Methods for Protection

• Collaborative Process Between NATO Bodies and NATO Nations

• Requires Constance Vigilance

Documents

Mr. Mark S. Loepker Colonel Enrico Bologna SC/4 Co-Chairmen