NATO CIS Services Agency

NATO Information Assurance

A NATO view of the application of Information Assurance Techniques

5 June 2009 AFCEA TechNet Europe 2009

NATO UNCLASSIFIEDCONNECTING NATO 2

Outline

• NC3 Organization

• NCSA

• NATO Information Assurance

• Identity Management

NATO UNCLASSIFIEDCONNECTING NATO 3

NC3 Organization

NC3 Organisation

NATO C3 Agency (NC3A)

NATO C3 Agency (NC3A)

SACEURSACEURNATO C3 Board(NC3 Board)

NATO C3 Board(NC3 Board)

NC3 RepsNC3 Reps

NATO CISSERVICES AGENCY

(NCSA)

NATO UNCLASSIFIEDCONNECTING NATO 4

NCSA Mission

To ensure the provision of secure end-to-end information exchange services and information processing services required for NATO Consultation, Command and Control, using fielded Communications and Information Systems in the most cost effective manner.

NATO UNCLASSIFIEDCONNECTING NATO 5

Current NCSA Structure

NCISS

Latina

Brunssum

Sector

NorfolkSector

Mons Sector

Naples Sector

Lisbon Sector

Madrid Sector

Ramstein Sector

Izmir Sector

Heidelberg Sector

Northwood

Sector

NCSA HQ

MONS

1 NATO Signal BnMaastricht

2 NATO Signal BnNaples

Total PE: ~ 3300Deployable

NATO UNCLASSIFIEDCONNECTING NATO 6

NCSA Areas of Responsibility

US

CA

Norfolk Sector Mons Sector Brunssum Sector (includes CLD-B)Naples Sector (includes CLD-N)Northwood Sector Madrid SectorLisbon SectorIzmir Sector

Heidelberg Sector and Ramstein Sector without assigned AOR

SPPO

FR

BELux.

NL.

GEPL

CZ.

IT

GR

TU

HU

NO

UK

IC

SI

SZ

LHLG

EN

RO

BU

EUFOR KFOR ISAF IRAQ

NATO UNCLASSIFIEDCONNECTING NATO

INFOSEC -> IA

• NATO definition

• NNEC enabler

• Risk management

• Strong authentication

7

NATO UNCLASSIFIEDCONNECTING NATO

SMI Services• Identity management

• Credential management

• Attribute management

• Privilege management

• Digital policy mangement

8

NATO UNCLASSIFIEDCONNECTING NATO

SMI Services• IA configuration management

• Crypto key management

• IA metadata management

• IA audit managment

9

NATO UNCLASSIFIEDCONNECTING NATO

NATO Identity Management• EAPC(AC/322-SC/5-WG/5)WP(2009)0001

NATO Identity Management (NIdM)

• AC/322-D(2005)0044

INFOSEC Technical And Implementation Guidance On Identification and Authentication

• AC/322-D(2004)0024REV2

NATO Public Key Infrastructure (NPKI) Certificate Policy (CertP) Rev2

10

NATO UNCLASSIFIEDCONNECTING NATO

NATO Identity Management

• Passwords

• Tokens

• Biometrics

11

NATO UNCLASSIFIEDCONNECTING NATO

NPKI• Information sharing

• Effects-based approach

• Improved decision making

• Physical access control

12

NATO UNCLASSIFIEDCONNECTING NATO

NPKI Today

• Office Communication Suite (OCS)

• NATO Restricted (NR) network

• NEKMS

13

NATO UNCLASSIFIEDCONNECTING NATO 14

NATO Information Assurance• Email Content Checking

• Mail guards

• OS/applications security settings

• Forensic capability

• Security event management• IDS

• Firewalls

• Anti-virus software

NATO UNCLASSIFIEDCONNECTING NATO 15

IA Threats• Spam

• Malware

• Web defacements

• User indiscretions

• Targeted attacks

• Classified information leakage

• Vulnerabilities exposed by poor maintenance

• System privilege abuse

NATO UNCLASSIFIEDCONNECTING NATO 16

IA Future• Increased capacity

• Smarter tools

• Centralized management

• Consolidated IA picture

• Faster reaction

NATO UNCLASSIFIEDCONNECTING NATO 17

Conclusion• Speed up

• Cooperate closely

• Do not forget the human factor

• Flexibility and mobility

NATO UNCLASSIFIEDCONNECTING NATO

Questions?

18