RSS feed Add to your Facebook page Watch us on Youtube

Activity title

FMN Cloud-based Coalition Security Architecture

Activity Reference

IST-171 (IWA)

Panel

Information Systems Technology

Security Classification

NATO UNCLASSIFIED

Status

Planning

Activity type

RTG

Start date

2018

End date

2021

Keywords

Cloud Based Security Services, Data Centric SecurityDCS, Federated Mission Networking Information Security Assurance, Functional Information Security ArchitectureFITSA, Multi Level Multi Domain Information and Cyber Security

Background

As stated in the DATA CENTRIC SECURITY VISION AND STRATEGY FOR THE ALLIANCE FEDERATION: “Transforming towards effective and efficient information sharing within the Alliance Federation will result in increased complexity for managing, maintaining and operating multiple networking infrastructures”. Current activities towards enabling DCS capabilities, based on existing standards (e.g. labelling/binding) and best practices within Federated Mission Networking (FMN), are progressing well and the approach is backed by good results achieved during CWIX risk reduction events. However these activities and technologies can and will not cover the emerging needs for a next generation of Cyber- and Information- Security- and Assurance covering cloud-based services and applications in a truly federated future mission environment. As of today neither scientifically proven methods nor field-proven commoditized technologies to do so are yet available as commoditized COTS/MOTS (e.g. use of Artificial Intelligence, Big Data Analytics, Block-Chain technologies, etc. to provide real-time monitoring, proactive/reactive enforcement plus assurance capabilities within an operational context).

Objectives

The activity is not aimed to provide TRL (Technical Readiness Level) as such for single technologies, but identify possible “candidates” to meet future needs by means of methods and technology categories, which have to be analysed in-depth and whenever possible demonstrated (TRL 2 and above) during follow-on activities. The activity, will include a CDT (Cooperative Demonstration of Technology) along with the spiral FMN development approach and risk reduction event (e.g. in combination with CWIX).

Topics

system-wide metadata labelling, policy-based, object-level protection in a service-oriented manner. The results of the ability to effectively protect information: - independent of location and transmission paths that are not always known preventing unauthorized access and uncontrolled usage - adaptable to changing operational requirements and which may vary over time or location - quickly and effectively adaptable to changing security conditions grants efficient and effective sharing of information within federated mission networks, which adapt to changing information exchange requirements, while maintaining adherence to the information security policies being enforced. This demands documentation of future operational requirements in order to deliver services and solutions while ensuring coherence with existing and planned capability developments. The activity will be synchronized with the ongoing work regarding a vision and strategy on DCS. However, it is not the task to define the operational requirements, but to support the feasibility-demonstration, enriched with subject matter expertise. Identification of study interoperability standards- and technologies for ubiquitous and trusted labelling of information in order to make information discoverable, accessible and exploitable while protecting the confidentiality, integrity and availability of information throughout its life-cycle. The goal is to identify and screen possibly existing candidates for interoperability standards and technologies for the following areas - formulation, validation and enforcement of DCS Policies within a mission network across different information/security domains - Identity and Access Management (IAM) capabilities for managing digital identities (e.g. person, service, device, information) and managing access to CIS resources throughout their life-cycle (in line with already ongoing initiatives) - cryptographic capabilities, such as Public Key Infrastructures (PKI), Electronic Key Management Systems, Transparent Content Encryption - secure and dynamic information/service access frontend and micro-service API-Management and provisioning technologies - CIS Security capabilities, including Cyber Defence and SMC (in line with already ongoing initiatives) Furthermore, the activity will support ongoing efforts regarding DCS Vision and Strategy from a scientific point of view.

Contact Panel Office