NATO C 3 Staff/ISB PROTECTION OF NATO INFORMATION AND NATO CIS Col. Augusto DEL PISTOIA NHQC3S INFOSEC Branch Chief +32 2 707 5534 [email protected]
Dec 23, 2015
NATO
C3Staff/ISB
PROTECTION OF NATO INFORMATIONAND NATO CIS
Col. Augusto DEL PISTOIANHQC3S INFOSEC Branch Chief
+32 2 707 [email protected]
NATO
C3Staff/ISB CONTENT
• NATO Policy• NATO CIS Overview• NATO CIS Implementation Pillars• Common Criteria• NATO Computer Incident Response Capability• NATO Public Key Infrastructure
NATO
C3Staff/ISBNATO POLICY
• NATO Information Management Policy
• NATO Security Policy
• NATO CIS Policy
NATO
C3Staff/ISB NATO CIS OVERVIEW
PSTN
NCN
Infrastructure
SECURITY DOMAINNETWORK DOMAIN
Remote Site
Static Site
NCIRC
SecurityManagement
Center
InternetRemote Site
DeployedSite
NIDTS
USER DOMAIN
NCIRC NATO Computer Incident Response CapabilityNCN NATO Core NetworkNIDTS NATO Initial Data Transfer ServicePSTN Public Switched Telephone Network
NPKI
NPKI NATO Public Key Infrastructure
NATO
C3Staff/ISB NATO CIS OVERVIEW
AR – Access RouterBME – Bandwidth Management EquipmentBPD – Boundary Protection DeviceBRI - Basic Rate InterfaceDSE – Digital Switching EquipmentNSIE – NATO Secure ISDN EquipmentNICE – NATO IP Crypto EquipmentPRI - Primary Rate InterfaceTA - Terminal Adapter
BRI
PRI
PSTN
NCS
ISDN Terminals
TA
Non ISDN Terminals
Network DomainUser Domain
VTC
BPD
AR
NU LAN
NS LAN
BPD
IS-PABX
PKI-based securityservices in theUser Domain
NSIE
NICE
BME
NATO
C3Staff/ISBNATO CIS IMPLEMENTATION
PILLARS
• Adoption of Common Criteria
• NATO Computer Incident Response Capability (NCIRC)
• NATO Public Key Infrastructure (NPKI)
NATO
C3Staff/ISB
COMMON CRITERIA
NATO
C3Staff/ISBNATO AND COMMON CRITERIA
NC3S
NC3SOverarchingArchitecture
Statement ofOperational
Requirements
Statement ofOperational
RequirementsStatement ofOperational
Requirement
POLICY
DIRECTIVES
GUIDELINES
ISO/ NationalNATO PP
Repositories
EvaluatedProducts
Lists
TargetArchitecture
NC3STarget
ArchitectureNC3S
TargetArchitecture
Type B CostEstimate(TBCE)Type B Cost
Estimate(TBCE)
SecurityRequirement
Statement
Invitation For
Bid (IFB)
ReferenceArchitecture
NC3SReference
ArchitectureNC3S
ReferenceArchitecture
NC3S
SecurityAnnex
CapabilityPackage
CC conceptand terminology
NATO
C3Staff/ISBNATO TRANSITION TO CC
• Documentation • Process and Procedures for Protection
Profiles and Packages• NATO Protection Profiles and
Packages Repository• Registration of CC Evaluated Products
NATO
C3Staff/ISBPROTECTION PROFILES
AND PACKAGES
• Selection and/or Development
• Evaluation and Certification
• Repository
NATO
C3Staff/ISB IT PRODUCTS
DEVELOPMENTPROCESS
NATIONAL SPONSOREDPRODUCTS
VALIDATIONCERTIFICATION
SECANEUSEC
NATONATION
IDENTIFY
PRODUCT
NATIONAL CC
REPOSITORY
NATOPRODUCT LIST
PRODUCT
ENDORSEMENT
NATOPRODUCT
LIST
SSA
NATO
C3Staff/ISB CURRENT SITUATION
• Transition phase– Interim guidance– IT Products, PPs, Packages Database
• Implementation Directive – Under approval
• Objective: 2 Q 2003
NATO
C3Staff/ISB
NATO COMPUTER INCIDENT RESPONSE
CAPABILITY
NATO
C3Staff/ISB NCIRC
• Central Capability
• Incident Handling and Reporting
• Implementation Approach
NATO
C3Staff/ISB NCIRC ORGANISATION
CO-ORDINATION CENTRETIER 1
TECHNICAL SUPPORT CENTRETIER 2
CIS OPERATING AUTHORITIESTIER 3
NATO
C3Staff/ISB CURRENT SITUATION
• NCIRC documentation– NC3B Guidance and Direction– CONOPs– Handbook
• NCIRC activated on a limited scale• Establishment of links with national
CERTs
NATO
C3Staff/ISB
NATO PKI
NATO
C3Staff/ISB NATO PKI
• NPKI Goal
• NPKI Implementation Approach:– Establish the governing Authority (NPMA)– Field the Root CA– Regulate the implementation of the other PKI
components
NATO
C3Staff/ISB NPKI ORGANISATION
CERTIFICATION AUTHORITIESTIER 2
NPMATIER 1
ROOT CA
NPAC
SUBORDINATE CAs OR RAs TIER 3
NATO
C3Staff/ISB CURRENT SITUATION
• PKI documentation:– NPKI Legal Aspects– PKI Policy for NATO CIS– NPKI High Level Concept Of Operations – NPKI Certificate Policy – NPKI Security Architecture– NPKI Interoperability Strategy
• Fielding of NATO Messaging System• First Root Certificate by 2 Q 2003
NATO
C3Staff/ISB CONCLUSIONS
• NATO Policy• NATO CIS Overview• NATO CIS Implementation Pillars• Common Criteria• NATO Computer Incident Response Capability• NATO Public Key Infrastructure
NATO
C3Staff/ISB
Questions?