ebook img

Operationalizing Mutilevel Security aka: Guarding Solutions PDF

21 Pages·2002·0.44 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Operationalizing Mutilevel Security aka: Guarding Solutions

Operationalizing of Multi-Level Security aka. Guarding Solutions Cross-Domain Solutions Brian Hubbard Eighteenth ACSAC, Booz Allen Hamilton, Inc. Las Vegas, NV (410)684-6607 December 12, 2002 [email protected] U.S. Defense and Intelligence communities are undergoing a network-driven revolution in military affairs The Global Environment Is Changing the …Information Networks Nature of Conflict in Fundamental Ways … Are a Major Battlefield 4Wars Are Fought With Coalitions 4Intelligence Is Gathered Across Our Information superiority is Community of Allies In Real Time essential to winning the wars of 4Operations & Logistics are Dependent the 21st Century Upon the Network 4The Enemy Is Global Coalition Operations Evolving Attacks WE HAVE BET OUR FUTURE ON OUR INFORMATION SHARING CAPABILITIES Homeland Defense 2 Secure communication across security levels and domains is at the heart of enabling this transformation HHiigghh SSiiddee LLooww SSiiddee CCoonntteenntt CCoonntteenntt FFFFiiililltlttteeeerrrriiininnngggg PPPPrrrroooocccceeeessssssss HHiigghheerr LLoowweerr CCllaassssiiffiiccaattiioonn CCllaassssiiffiiccaattiioonn 4Connections between different security levels must fulfill three requirements – Provide warfighters with the information they need while… – Securing classified/sensitive data from access by unauthorized persons and… – Protecting networks from intended/unintended corruption by ‘malicious’ or hidden code 3 The Need For Cross-Domain Connections Is Pervasive A Cross-Domain Security ‘Problem’ Can Occur Every Time There is a Mission Need to Share Information With … – Trusted coalition partners (e.g., UK, Canada) – Less trusted coalition partners (e.g. Pakistan) – Civilian US agencies (e.g., FBI, IRS) – Many forward-deployed troops – Multiple IC Agencies – Government contractors, suppliers & vendors – Academic institutions – Internet & World Wide Web – VoIP, Chat, Streaming Video (e.g., CNN) CROSS-DOMAIN SECURITY PROBLEMS UNDERMINE OUR ABILITY TO EXECUTE MISSIONS & MANAGE RISK 4 A Cross-Domain Solution is comprised of technology, policy, and the threat environment in which it should be deployed 1 TTeecchhnnoollooggyy CC OO NN CC EE PPTT UU AA LL 4444 GpCGpCooououlmlaimaiccrrypdypdo o –n–neEeEnnxxtte e –c–cuuSSttetetaassnn sdsde e aacclulouornrniiteteyy High Side eeqquuiippmmeenntt tthhaatt ssuuppppoorrttss ((vviiaa ffuunnccttiioonnaalliittyy aanndd // oorr sseeccuurriittyy)) tthhee ssoolluuttiioonnss PPoolliiccyy mmiissssiioonn 44 GGuuiiddeelliinneess 2 44 RRuulleess Guard 44 PPrroocceesssseess Components 44 DDiirreeccttiivveess 44 IInnssttrruuccttiioonnss TThhrreeaatt EEnnvviirroonnmmeenntt 44 LLooww ssiiddee ppaarrttyy 3 Low Side –– HHiissttoorryy –– LLeevveell ooff ttrruusstt 44 RReeaacchh ooff llooww ssiiddee ccoonnnneeccttiivviittyy 44 PPhhyyssiiccaall eennvviirroonnmmeenntt 5 Many of the community's difficulties arise because few resources are committed to developing quality cross domain solutions CC oo nncceeppttuualal Current State Future State Development & Accreditation Deployment Support Support Development & Accreditation Deployment Support Support 44MMaajjoorriittyy ooff rreessoouurrcceess ccoonnssuummeedd iinn 44BBuullkk ooff eeffffoorrttss cceenntteerreedd aarroouunndd ssuuppppoorrttiinngg aaccccrreeddiittaattiioonn ––rreellaatteedd eennccoouurraaggiinngg aanndd mmaannaaggiinngg aaccttiivviittiieess ccoommmmuunniittyy--wwiiddee ddeevveellooppmmeenntt && ddeeppllooyymmeenntt 44VVeerryy lliittttllee ssoolluuttiioonn ddeevveellooppmmeenntt wwoorrkk ddoonnee,, ddeessppiittee ccoommmmuunniittyy 44RReedduucceedd nneeeedd ffoorr eexxtteennssiivvee mmaannddaattee rreegguullaattoorryy iinntteerrvveennttiioonn && ssuuppppoorrtt 6 The community is facing eight key challenges … Solution development not keeping pace with rapidly evolving needs and threats Multiple solution variants for well-established data types Insufficient global view of network interconnections and ability to assess risk n o i Customers not guided in selecting and implementing solutions, and preparing for t u c accreditation e x E Inability to systematically respond to high impact, high urgency needs Repetitious connections uploading redundant data Inconsistent deployment and management of solutions in the field u-n Accreditation processes are cumbersome, alienate customers, and may undermine go i Reat security l 7 … Each driving a strategic mission imperative Strategic Missions across CDS Value Chain Development Deployment Management Define Understand Design Integrate Install & Operation- Operate & Needs Needs & Comp- & Support Configure alize Support & Select Threats onents System System Solution Solution System Customer Mission Imperative 1:Build Mission Imperative 4: Mission Imperative 6: Toward the Future Support Solution Operate Consolidated Deployment Solutions Mission Imperative 2: Standardize Where Appropriate Mission Imperative 5: Mission Imperative 7: Develop Quick Manage Solutions Not Mission Imperative 3:Evaluate Response Capability Just Products Global Risk Mission Imperative 8:Certify & Accredit Efficiently 8 Building Toward The Future Current CDS R&D is Too Limited to Deliver Next Generation Solutions 4Lack of commercial market for high assurance tools depresses innovation – Solution set limited to most basic data types (e-mail, fixed format, etc.) – Virtually no high-assurance CDS R&D currently in process 4Research and development often fail to connect – Research is often not directed toward actual customer priorities – Research findings often never productized or deployed 4Key technology innovators are not engaged in the CDS space – Small innovative start-up companies – Large network and technology infrastructure firms 9 Building Toward The Future We Are Helping Our Client Develop a Structure and Function to Drive CDS Innovation uTake responsibility for addressing critical customer needs – Build direct relationships with customers to stay on the pulse of demand – Set primary organizational allegiance to a solution delivery function (versus a research function) vDrive innovation across the entire R&D value chain – Current R&D value chain involves multiple hand-offs between organizations – funding gaps allow valuable technology to ‘fall through the cracks’ – New architecture must be flexible enough to invest wherever the most value can be created wEngage new types of innovators – Innovative small to mid-sized companies as well as large technology firms are underrepresented – Government must develop a value proposition to engage these innovator types Principle Three Exhibit: CDS Innovation Function Principle Two Exhibit: CDS Innovation Function Engages with At Least Four Major Innovator Types Engages from Applied Research to Productization Large Technology Firms Basic Applied Prototype Product- Deploy- Government Small/Mid Research Research Dev. ization ment Research Tech and Community Start-ups CDS Innovation Function Traditional Government Contractors Please contact me or my team with your CDS innovation ideas! 10

Description:
A Cross-Domain Security 'Problem' Can Occur Every Time There is a . New architecture must be flexible enough to invest wherever the most value
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.