IA Roadmap
http://www.military-information-technology.com/print_article.cfm?DocID=1027
NSA is developing an information assurance plan to ensure that security is
designed into networks from the beginning.
By Patrick Chisholm
To realize the Department of Defense¹s vision for the Global Information
Grid (GIG), information assurance (IA) requirements include robust identity,
authentication and privilege management, policy for dynamic access control,
security management, and ³persistence monitoring² or continual monitoring
throughout the network, according to Daniel G. Wolf, the director of
information assurance for the National Security Agency (NSA).
Protecting information across the entire GIG is a top priority of NSA, which
recently revised its IA roadmap for the GIG and continues to update it as
technology advances. In doing so, NSA is working with the military services
and DoD agencies to form alliances and validate the GIG IA program
requirements, budget requirements and implementation strategy based on the
architecture that NSA has proposed.
To be sure, implementing the roadmap is a long-term project: the
architectural plan for data sharing on the GIG is to be carried out over the
next 15 to 20 years.
The roadmap leverages the five tenets of IA: availability, integrity,
authentication, confidentiality and non-repudiation.
Essential components of the IA roadmap include:
* Maintaining availability in an end-to-end encrypted ³black core²
environment that is ³unforgeable² and ³unspoofable.²
* Identity management, specifying people, objects (data and
applications) and machines.
* Privilege management, laying out the rights and privileges of users.
* Dynamic access enforcement.
* Mediated access between and among people, objects and machines based
on identities and privileges.
* Assured information sharing.
* Underlying security management infrastructure.
Balancing Risk
NSA is responsible for specifying information security standards and
architectures for national security systems like those described in the GIG
roadmap. National security systems are not just those that process
classified information. NSA is also responsible for telecommunications or
information systems that are operated by the U.S. government, and that
involve: intelligence activities, cryptologic activities, weapons systems,
command and control of military forces, or activities that are critical to
the direct fulfillment of military or intelligence missions.
Procedures will be implemented regarding authentication, identification of
the users, what their privileges are, what they are allowed to access, and
what community of interest they are in. On the data side, determinants will
involve such things as the classification of the data and who should be
allowed to see it. A third component is security policy management.
³Our GIG IA document has some very interesting concepts in terms of how you
do that in a more open way, yet you¹re balancing the risk in terms of what
you¹re allowing people to access,² Wolf said.
Maintaining authentication and data integrity across the ³infoplex² is a
huge challenge, he said. There are threats to confidentiality, through
attacking the weakest walls. ³If everyone is now on your information
flank,¹ can you afford for them to make a poor IA risk decision?² he asked.
There are also threats in the form of defeating authentication by sneaking
in over the ³low walls.² And there is the potential for ³massive confusion
and possibly fratricide² as a result of attacks on internal data integrity
mechanisms. The most damaging impact is a systemic loss of confidence in the
system or network.
For the GIG, the key is to provide the right level of IA to protect the
enterprise, given the varying levels of trust of users, the varying levels
of trust of IT components, and the varying levels of sensitivity of
information and services.
Improving cybersecurity also involves finding and eliminating malicious code
in large software applications. It does not just involve handling coding
errors, but also uncovering software routines that morph and hide themselves
in critical applications.
One of the toughest challenges, explained Wolf, is in the assured
information sharing portion of the GIG, which covers how it can be secured
so that the right people have access to the data. In assured information
sharing, the Risk Adaptive Access Control (RAdAC) model is needed, which is
defined in the GIG documentation. It looks at who the user is, what the data
is and where the user is, and then does an evaluation in terms of what
information can be accessed at that point in time.
Traditionally, users were granted access to data based on the level of their
clearance; there was an access control list. The new modelfor the
need-to-share worldis more about how users are notified that certain
information is available, which they can search and retrieve. ³It means
there will be much more emphasis in determining the identity of the person
logging on to his or her computer, establishing their credentials and what
kind of restrictions, if any, they have in accessing the data,² said Wolf.
Wolf wants to ensure that IA is ³baked in.² That means the designers of
systems need to consider and implement IA requirements during the early
stages of development, so that when a system is finished and it is put into
operation, all the IA features are already thereas opposed to adding them
on after the system is designed.
The GIG IA documentation will be available to developers to ensure that,
even though those programs are independent, they will become part of the GIG
and bake in the IA up front.
With IA incorporated into the design of systems, not only will they be more
secure, but also efficiencies will be greatly enhanced. A goal is to
configure new systems to be network aware and have the ability to
reconfigure themselves automatically, with little pre-planning or operator
intervention. For example, it is anticipated that in the future, personnel
will be able to travel overseas without having to reset frequencies or swap
out cryptographic modules.
The roadmap does not just involve designing an IA architecture, but also
implementing new products and services. As part of its Cryptographic
Modernization program, for example, NSA is designing backbone encryptors for
the GIG with the capability to support multiple communities by employing
several cryptographic algorithm suites.
One suite is for the national security community, the high-grade classified
encryption algorithm. A second suite is for interacting with outside
agencies, such as federal and state homeland security communities. For that,
NSA is using the FIPS-approved (Federal Information Processing Standard)
algorithms, including the Advanced Encryption Standard.
For the high data rate backbone, NSA will be using 1 gigabyte encryptors.
Two such encryptors have been certified recently: the General Dynamics
KG-175A, and L-3 Communications¹ KG-245. Wolf said these are needed in the
near term to satisfy a number number of the activities that are associated
with the GIG, such as the GIG-Bandwidth Expansion project.
Of the 1.3 million cryptographic devices in the U.S. inventory, more than 70
percent are to be replaced over the next 10 to 15 years.
The agency is also working on a trusted microelectronics capability to
ensure that state-of-the-art hardware devices will always be available from
certified and trusted U.S. sources for use in critical military and
intelligence systems.
Industry Partnerships
DoD and NSA have established a software assurance ³tiger team² working
group, and NSA is also working with the Department of Homeland Security.
Wolf anticipates that NSA will be named the executive agent for software
assurance, which will build the tools and techniques and also be able to
provide best practices and provide architectural guidance.
NSA is also partnering and sharing architectural guidance with industry.
This is necessary, explained Wolf, because DoD and other agencies are
increasingly using commercial technology in their efforts to continually
upgrade to state-of-the-art solutions developed in the private sector due to
cost concerns. NSA is working with operating system vendors such as
Microsoft in an effort to develop high-security products designed
specifically for the national security community.
The increasing complexity of software programs and the skyrocketing number
of lines of code with each new release introduces new vulnerabilities in the
code that are difficult to locate, including the possibility of malicious
code. So the GIG specific software programs will be scaled down versions of
popular products without many of the added features.
³There are also DoD business environments where the larger packages are
needed, and in those cases the goal is to outfit them to contain stricter
access control to data, better identity management, accountability and
secure communication,² said Wolf.
NSA has developed tools to improve the quality and trustworthiness of
software code, and is working with vendors in an effort to reduce the number
of buffer overflows, which are a perennial security headache. ³We¹re also
looking at some code analysis tools. Some of them, even some quite exciting
commercial packages that we¹ve seen, have a lot of promise. So we¹re looking
at how we can leverage some of the commercial work that¹s out there, and add
some of our expertise at some of our intellectual property to improve the
quality of the code.²
Through the National Information Assurance Partnership (NIAP), NSA works
with the National Institute of Standards and Technology to promote the
development of technically sound security requirements for IT products and
systems. NIAP ensures that certified third-party laboratories are available
to perform evaluation of commercial products, Wolf noted. The long-term goal
of NIAP is to help increase the level of trust in their information systems
and networks through security testing, evaluation and validation programs.
A challenge is finding the right balance between commercial products and the
government-developed component. There may be specific items that DoD needs
in the GIG environment that may not be needed in the commercial world.
³As we look at the structure of the architecture of the GIG, where are those
areas in the GIG that you want to put that extra effort and have that extra
level of security? That could be something that might be hardware or
software, it maybe a wrapper that goes around a piece of software that you
may not totally trust, but you have to use it because that¹s the only thing
that¹s available. Maybe, some sort of checking software. It may be a
redundant activity so that you can do some comparisons between what the
commercial product and government product does,² Wolf explained.
NSA is also partnering academic institutions67 centers across 27 states and
the District of Columbia. Much of that stems from an effort to get young
software programmers to take IA into account to a greater extent. For
example, if the next generation of software programmers was trained not to
allow buffer overflows, major bugs and vulnerabilities in software would be
reduced, explained Wolf.
Policy and Governance
In the policy/governance area, recent NSA IA activities include:
* Issuance of national acquisition policy (NSTISSP No.11).
* Release of ³IA Products and Services to Non-Federal Entities² (CNSS
14).
* Release of ³National Policy on the Use of the Advanced Encryption
Standard to Protect National Security Systems and National Security
Information Committee for National Security Systems² (CNSS 15).
NSA is devising a national governing structure in an effort to achieve
assured information sharing. It consists of programs and research
initiatives to ensure the information integrity of the GIG. Decision makers
will need complete IA threat and vulnerability visibility.
IA governance, and coordinating that governance across a broad spectrum of
agencies within the national security community, is a key aspect of the
information sharing vision.
³There is the GIG, and then Homeland Security, and add in local law
enforcement,² Wolf said. ³When you start connecting all those together
because you want to share information, who defines the information assurance
policies or the architectures? A risk taken by one is assumed by all.
³If I make a local decision on my own network, and then I connect to your
network, then you¹re now assuming the risks that I have. So it becomes very
important that as we connect these networks together, we have a common set
of high principles in terms of IA policies and architectures. That¹s very
important, and we really don¹t have that sort of integrated governance
process in place today.²
Wolf encourages other agencies to adopt practices similar to those that NSA
is implementing. The agency¹s internal steps include ensuring that its
devices are ³network aware,² which enables tasks such as over-the-air keying
of cryptologic devices and changing algorithms.
³The owners of other networks should take a look at some of the work that
NSA does. It¹s not to say that they have to adopt our plan exactly, but
there¹s a lot of good guidance there,² he urged
Designing the IA roadmap is an ongoing project. As technology advances and
new information comes to light, the roadmap will be upgrade to reflect those
advances. ³So what we have is a very living document,² said Wolf.
You are a subscribed member of the infowarrior list. Visit
www.infowarrior.org for list information or to unsubscribe. This message
may be redistributed freely in its entirety. Any and all copyrights
appearing in list messages are maintained by their respective owners.
