Coalition Network Defence Common Operational Picture
Post on 02-Jan-2016
29 Views
Preview:
DESCRIPTION
Transcript
Coalition Network DefenceCommon Operational Picture
Josef Kaderka
University of Defence, Brno
The Czech Republic
Josef.Kaderka@unob.cz
Brno, The Czech Republic2 – 4 May 2007
Terms Computer networks role under
coalition conditions Some related activities and projectsSome related activities and projects Today and close futureToday and close future ConclusionConclusion
AgendaAgenda
Only non-classified sources were used and non-classified information is published
Information superiority as a matter of successful future coalition operation
Widely accepted idea … Everybody talks/works on it Not only pros, but also cons
Technically, there are similar issues like in business - but we deal with lifes
NATO Network Enabled Capability NATO Network Enabled Capability
Common Operational Picture (COP)Common Operational Picture (COP)A single identical display of relevant information shared by more than one command. A common operational picture facilitates collaborative planning and assists all echelons to achieve situational awareness.
− US Joint Force Common Glossary− Free Dictionary− Wikipedia
• Situational Awareness (SA) as a COP result
Common Operational Picture and Common Operational Picture and Situational AwarenessSituational Awareness
Vital importance Coalition interconnecting aspects
Sensitive information sharingIT asymmetry (USA, …, the rest)De facto partial infrastructure sharingFirewalls, IDSs, Safeguard etc.
Computer networks as a battlefield Need to be defended - on the coalition
level
Computer networksComputer networks
No line of contact No safe distance as a security
guarantee No relation with unit geographical
deployment Correct recognition of real attack (false
positive/negative) Extremely rapid attack expansion even from
the depth Massive concurrent and selective attack
against discovered vulnerabilities All this in the coalition environment !
Cyberbattle specifics/possibilitiesCyberbattle specifics/possibilities
Operational Capability Requirements equal to the IT services
„Force“ commander shouldUnderstand the new threatsConsider proactive measures, ...
„Network“ Commander shouldUnderstand the force commander
intention, ...Many new specific duties
Both should share the same approach
Forces and NetworksForces and Networks
Some related activities and projectsSome related activities and projects NATO Multilateral Interoperability Program (MIP) The Technical Cooperation Program (TTCP)
Aus, Ca, NZ, UK, US, (five eyes nations ) Combined Enterprise Regional Information
Exchange System (CENTRIXS) Coalition Secure Management and Operations
System (COSMOS) FGAN/FKIE *
Ge NATO RTO IST ET
*) Forschungsgesellschaft für Angewandte Naturwissenschaften Forschungsinstitut für Kommunikation, Informationsverarbeitung und Ergonomie
Objective to shareSituational AwarenessPlans and OrdersNBC alerts and critical messages
Common Interface SpecificationMessage Exchange Mechanisms
(AdapP-3)Data Exchange automatic push Land Command and Control
Information Exchange Data Model Nations’ interface on a secure LAN
MIP
US-led, multinational information sharing networks
Core collaboration services E-mail with and without attachmentsWeb-browser-based data accessFile sharingSecure VoIP
Next extensionsCOP (Tactical), CIP (Intelligence)Near-real-time data access etc.
CENTRIXS
Preliminary steps High tactical and operational level coalition
information sharing among coalition partners known to each other
Advantage of a well defined and internationally agreed to „information language se“ designed for C2 interoperability
Enforce the discrete dissemination (Protected Sharing) of released information „need to know“ based
Focused toward a single Secret High Releasable to coalition network
COSMOS
Graph clustering-based anomaly detector
Modified star connected IDS network with central Meta-IDS server
Modifications to hierarchical IDS Information sanitization while exiting
local domain Data reduction & predefined correlation
rules to manage data flow MITE - MANET Intrusion Detection for
Tactical Environments
FGAN/FKIE
2005 – 2006 (Ca, Cz, UK, US) Coalition Network Defence Common
Operational Picture (CNet-D COP)(formerly Coalition Information Assurance – CIA – COP)
Technical and political approaches to the problem of developing and demonstrating a coordinated IA posture
Collecting, displaying, fusing, and securely sharing network security-related status data, ..
NATO RTO IST ET 041
Today and close future of theToday and close future of theCNet-D COPCNet-D COP
Models needed (secure information sharing)Conceptual, DataJoint C3 Information Exchange Data Model
(JC3IEDM) already existsAdvanced national research in Canada
Standardization (in coalition environment)Computer attack early warningAttack correlations among partners, ...IETF Intrusion Detection Message Exchange
Format (IDMEF) draft, ...
Example of CNet-D Security Example of CNet-D Security Architecture Model (DRDC Ottawa)Architecture Model (DRDC Ottawa)
CriticalResources
SystemDescription
Defensive PostureExposed Critical Res
Ops Capability Req(IT Services)
Pr<1Risk
IT Svc impact(-delta Service)
Threat Pr<1(Threat Vector)
Vulnerabilities
Force Commander
ITI(resource model)
Exploits
Threat Pr=1(Threat Vector)
Pr=1Incidents
IT Svc Impacted(-delta Service)
Force Commander
events
alarms
DefensivePosture
Intel on Threat Pr<1(Threat Vector)
Safeguards
Threat VectorsPr=0
Threat Pr=1(Threat Vector)
Impact as-delta onIT Servicesnow & future
1
2
3
4
5
6
7
Possible Possible CNCNetet-D COP architecture-D COP architecture (DRDC Ottawa) (DRDC Ottawa)
COP
CA
GuardIACOP
COP
US
GuardIACOP
COP
UK
GuardIACOP
COP
CZ
Guard IACOP
CoalitionWAN
What to discuss/doWhat to discuss/do
Security architecture Single/common view of coalition
networks security status ... Impact Assessment [tools] ... Practical realization, testing ...
The Research Task Group (RTG) proposal agreedSent to appropriate body
Items to solve specification Basic documents prepared
Technical Activity Proposal Programme of Work (PoW)
Some Some ET 041 results results
Future RTG Future RTG Work ItemsWork Items
Plan overall activities of the RTG Agreeing on an underlying set of definitions to be
used for CNet-D SA (Situational Awareness) Agreeing on the conceptual model for CNet-D SA Defining a detailed data model and data
specifications Promote the data model and necessary
definitions, etc.
Thank youThank you
top related