Upload
others
View
0
Download
0
Embed Size (px)
Citation preview
ANNEX G - PADR SECURITY CLASSIFICATION GUIDE
Security Classification Guide
Version 3.0 14 March 2019
PADR SCG V3.0 – 14 March 2019
2
Table of Contents
IMPORTANT NOTICE
This document aims at assisting national experts with the security scrutiny of PADR
proposals, informing applicants on how information will be EU-classified and helping
Commission staff to decide about the sensitivity of their calls for proposals.
This guidance concerns solely measures to be taken to protect the classified information in
PADR research projects. Other aspects (e.g. data protection, ethical issues, confidentiality
etc.) are covered in other parts of the evaluation procedure.
PADR SCG V3.0 – 14 March 2019
3
HISTORY OF CHANGES
Version Publication
Date Change
1.0 18.12.2017 Initial version
2.0 15.09.2018 Addition of categories for 2018 topics
3.0 14.03.2019 Addition of categories for 2019 topics
TABLE OF CONTENTS
1. When and for how long must information be classified? .............................................. 4
2. Classification levels ...................................................................................................... 4
3. How to classify information? ........................................................................................ 4
Annex to the SCG.............................................................................................................. 6
PADR SCG V3.0 – 14 March 2019
4
1. When and for how long must information be classified?
Under the Commission Decision 2015/4441, information must be classified if its
unauthorised disclosure could adversely impact the interests of the EU or of
one (or more) of its Member States.
To minimise costs and restrictions caused by classifying project information, the
information items will be classified for a limited time — after which their classification
will be reviewed and possibly downgraded, withdrawn (i.e. items declassified) or
extended.
2. Classification levels
There are four levels of classification:2
TRES SECRET UE/EU TOP SECRET: information and material the unauthorised
disclosure of which could cause exceptionally grave prejudice to the essential
interests of the European Union or of one or more of the Member States. TRÈS
SECRET UE/EU TOP-SECRET is NOT used for the security scrutiny of research
proposals.
SECRET UE/EU SECRET: information and material the unauthorised disclosure
of which could seriously harm the essential interests of the European Union
or of one or more of the Member States. (S-UE/EU-S)
CONFIDENTIEL UE/EU CONFIDENTIAL: information and material the
unauthorised disclosure of which could harm the essential interests of the
European Union or of one or more of the Member States. (C-UE/EU-C)
RESTREINT UE/EU RESTRICTED: information and material the unauthorised
disclosure of which could be disadvantageous to the interests of the European
Union or of one or more of the Member States. (R-UE/EU-R)
3. How to classify information?
The classification of information produced by research projects will normally depend
on two parameters: the subject matter of the research and the type of the information. The subject matter of the research is defined in the annual work programmes of the PADR. Regarding the type of the information the following
general categories3 could be applied:
1 See Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting EU
classified information (OJ L 72, 17.3.2015, p.53.) 2 See. Commission Decision (EU, Euratom) 2015/444 of 13 March 2015 on the security rules for protecting
EU classified information (OJ L 72, 17.3.2015, p.53.)
3 These categories may overlap regarding specific items of information.
PADR SCG V3.0 – 14 March 2019
5
threat assessments (estimation of the likelihood of an act against an asset, with particular reference to factors such as intention, capacity and potential
impact)
vulnerability assessments (description of gaps or weaknesses in networks, services, systems, assets, materials, equipment, operations or processes which
can be exploited and often contain suggestions to eliminate or diminish these
weaknesses)
specifications (exact guidelines on the design, composition, manufacture, maintenance or operation of substances, equipment, components, technologies,
systems and procedures)
capability assessments (description of the ability of an asset, system, network, service or authority to fulfil its intended role — and in particular the capacity of
units, installations, systems, technologies, equipment, substances and personnel
to carry these out successfully)
incidents/scenarios (detailed information on real-life incidents and potential
threat scenarios:
on past incidents (often including details not otherwise publicly available,
demonstrating the real-life effects of particular attack methods or gaps
which have since been addressed)
on devised scenarios (commonly derived directly from existing vulnerabilities, but normally with a lower level of detail, particularly of the
attack preparation phase).
Depending on the specific subject matter, each type of information may need to take
different level of classification. For the purpose of this document a table with
suggested level of classification for the topics of the work programme of 2017,
2018 and 2019 is found in appendix. Classification levels should be applied taking
into account both the need to protect information and the need to avoid unnecessary
obstruction to the use of research information and results.
PADR SCG V3.0 – 14 March 2019
6
Appendix to the SCG
SECRET UE/EU SECRET: S-UE/EU-S
CONFIDENTIEL UE/EU CONFIDENTIAL: C-UE/EU-C
RESTREINT UE/EU RESTRICTED: R-UE/EU-R
UNCLASSIFIED: UNCL
SCG TABLE
Research topic Type of Information
Threat Vulnerability Specifications Capability Inc/Scen4 Remarks
Technological demonstrator for
enhanced situational awareness in military operations in a maritime environment
Unmanned platform
Ability to be launched and recovered from manned platforms
R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
Autonomous Guidance, Navigation and Control (including collision avoidance and decision making)
R-UE/EU-R C-UE/EU-C C-UE/EU-C R-UE/EU-R R-UE/EU-R
Self-Protection and electronic warfare (incl. NAVWAR5)
R-UE/EU-R C-UE/EU-C S-UE/EU-S C-UE/EU-C R-UE/EU-R
4 Incidents/Scenarios
5 Navigation Warfare
PADR SCG V3.0 – 14 March 2019
7
Secure data links for command and control
R-UE/EU-R C-UE/EU-C S-UE/EU-S C-UE/EU-C R-UE/EU-R
Low-observability R-UE/EU-R C-UE/EU-C C-UE/EU-C C-UE/EU-C R-UE/EU-R
Mission Payload
On-board sensors C-UE/EU-C C-UE/EU-C S-UE/EU-S C-UE/EU-C R-UE/EU-R
On-board data processing and decision making
UNCL C-UE/EU-C C-UE/EU-C C-UE/EU-C R-UE/EU-R
Anti-mine warfare C-UE/EU-C C-UE/EU-C S-UE/EU-S C-UE/EU-C C-UE/EU-C
Anti-submarine warfare C-UE/EU-C S-UE/EU-S S-UE/EU-S S-UE/EU-S S-UE/EU-S
Anti-air warfare capability R-UE/EU-R C-UE/EU-C S-UE/EU-S C-UE/EU-C R-UE/EU-R
Anti-jamming and anti-spoofing protection
R-UE/EU-R C-UE/EU-C S-UE/EU-S C-UE/EU-C R-UE/EU-R
Detectors performance (incl. optical, radar, IR signatures)
R-UE/EU-R C-UE/EU-C S-UE/EU-S C-UE/EU-C R-UE/EU-R
Global system integration
Multi systems EMC management R-UE/EU-R C-UE/EU-C C-UE/EU-C C-UE/EU-C R-UE/EU-R
Secure high-speed mission data exchange
R-UE/EU-R C-UE/EU-C S-UE/EU-S C-UE/EU-C R-UE/EU-R
Global data processing within C4ISTAR (including data fusion and decision making)
R-UE/EU-R C-UE/EU-C C-UE/EU-C C-UE/EU-C R-UE/EU-R
Information Security management R-UE/EU-R C-UE/EU-C S-UE/EU-S C-UE/EU-C R-UE/EU-R
PADR SCG V3.0 – 14 March 2019
8
Protection against cyber attacks R-UE/EU-R S-UE/EU-S C-UE/EU-C C-UE/EU-C R-UE/EU-R
Cooperation between heterogeneous vehicles (including swarming)
R-UE/EU-R C-UE/EU-C C-UE/EU-C C-UE/EU-C R-UE/EU-R
Force protection and advanced soldier systems beyond current programmes
Generic open soldier systems architecture
UNCL R-UE/EU-R C-UE/EU-C R-UE/EU-R R-UE/EU-R
Tailor-made blast and ballistic protection of military personnel
CBRN aspects R-UE/EU-R R-UE/EU-R C-UE/EU-C R-UE/EU-R R-UE/EU-R
Adaptive camouflage
Signatures UNCL C-UE/EU-C R-UE/EU-R C-UE/EU-C R-UE/EU-R
Strategic Technology Foresight
Short-medium term UNCL R-UE/EU-R UNCL UNCL UNCL
Long term UNCL UNCL UNCL UNCL UNCL
Recommendations/Key Conclusions UNCL UNCL R-UE/EU-R R-UE/EU-R UNCL
Mapping of non-EU sourced components subject to export restrictions
UNCL R-UE/EU-R UNCL R-UE/EU-R UNCL
PADR SCG V3.0 – 14 March 2019
9
Criticality analysis R-UE/EU-R C-UE/EU-C C-UE/EU-C C-UE/EU-C R-UE/EU-R
European high-performance, trustable (re)configurable system-
on-a-chip or system-in-package for defence applications
Hardware R-UE/EU-R C-UE/EU-C R-UE/EU-R R-UE/EU-R R-UE/EU-R
Software R-UE/EU-R C-UE/EU-C R-UE/EU-R R-UE/EU-R R-UE/EU-R
Encryption R-UE/EU-R S-UE/EU-S S-UE/EU-S C-UE/EU-C R-UE/EU-R
Design R-UE/EU-R C-UE/EU-C R-UE/EU-R R-UE/EU-R R-UE/EU-R
Manufacturing UNCL R-UE/EU-R UNCL UNCL UNCL
Anti-tampering R-UE/EU-R S-UE/EU-S S-UE/EU-S C-UE/EU-C R-UE/EU-R
High power laser effector
R&D assessment R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
Technology roadmap R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
PADR SCG V3.0 – 14 March 2019
10
Measurements aspects R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
Requirements for the overall laser system R-UE/EU-R C-UE/EU-C C-UE/EU-C C-UE/EU-C R-UE/EU-R
Concepts of employment and use R-UE/EU-R S-UE/EU-S S-UE/EU-S S-UE/EU-S R-UE/EU-R
Criticality Mapping R-UE/EU-R C-UE/EU-C C-UE/EU-C C-UE/EU-C R-UE/EU-R
R&T activities R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
Key Performance Indicators UNCL R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
Combined radar, communications, and electronic warfare AESA system
R&D assessment R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
Technology roadmap R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
System definition R-UE/EU-R C-UE/EU-C S-UE/EU-S S-UE/EU-S R-UE/EU-R
Architecture R-UE/EU-R R-UE/EU-R S-UE/EU-S S-UE/EU-S R-UE/EU-R
Functional specification R-UE/EU-R C-UE/EU-C S-UE/EU-S S-UE/EU-S R-UE/EU-R
Criticality Mapping(CM)
PADR SCG V3.0 – 14 March 2019
11
CM: Materials and components R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
CM: R&D capacity R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
CM: Industrial capacity R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
Concepts of employment and use R-UE/EU-R S-UE/EU-S S-UE/EU-S S-UE/EU-S R-UE/EU-R
R&T activities (RT)
RT system: antenna array R-UE/EU-R C-UE/EU-C S-UE/EU-S S-UE/EU-S R-UE/EU-R
RT system: beamforming R-UE/EU-R C-UE/EU-C S-UE/EU-S S-UE/EU-S R-UE/EU-R
RT system: resource manager R-UE/EU-R C-UE/EU-C C-UE/EU-C C-UE/EU-C R-UE/EU-R
RT system: key performance indicators R-UE/EU-R R-UE/EU-R S-UE/EU-S R-UE/EU-R R-UE/EU-R
RT system: measurement methodology R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
RT components: design R-UE/EU-R R-UE/EU-R C-UE/EU-C C-UE/EU-C R-UE/EU-R
RT components: fabrication R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
RT components: key performance indicators
R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
RT components: measurement methodology
UNCL UNCL UNCL UNCL UNCL
PADR SCG V3.0 – 14 March 2019
12
Future Disruptive Defence
Technologies (FDDT)
FDDT OPEN R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
FDDT EMERGING: Positioning, Navigation
and Timing R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
FDDT EMERGING: Artificial Intelligence R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
FDDT EMERGING: Quantum technologies R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
FDDT EMERGING: Long-range effects R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
FDDT EMERGING: Augmenting soldier
capacity R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R R-UE/EU-R
Interoperability standards for military unmanned systems
UNCL UNCL UNCL UNCL UNCL