PROTECTION OF NATO INFORMATION Col. Augusto DEL …
Download
Report
Transcript PROTECTION OF NATO INFORMATION Col. Augusto DEL …
NATO
C3 Staff/ISB
PROTECTION OF NATO
INFORMATION
AND NATO CIS
Col. Augusto DEL PISTOIA
NHQC3S INFOSEC Branch Chief
+32 2 707 5534
[email protected]
NATO
C
3 Staff/ISB
•
•
•
•
•
•
CONTENT
NATO Policy
NATO CIS Overview
NATO CIS Implementation Pillars
Common Criteria
NATO Computer Incident Response Capability
NATO Public Key Infrastructure
NATO
C
3 Staff/ISB
NATO POLICY
• NATO Information Management Policy
• NATO Security Policy
• NATO CIS Policy
NATO CIS OVERVIEW
NATO
C
3 Staff/ISB
USER DOMAIN
NETWORK DOMAIN
SECURITY DOMAIN
Remote Site
PSTN
Security
Management
Center
StaticSite
NPKI
Infrastructure
NCN
Deployed
Site
NIDTS
Internet
Remote Site
NCIRC
NCN
NIDTS
PSTN
NPKI
NATO Computer Incident Response Capability
NATO Core Network
NATO Initial Data Transfer Service
Public Switched Telephone Network
NATO Public Key Infrastructure
NCIRC
NATO CIS OVERVIEW
NATO
C
3 Staff/ISB
User Domain
ISDN Terminals
Network Domain
NSIE
PSTN
ISPABX
BRI
VTC
NCS
PRI
TA
Non ISDN Terminals
AR
NICE
NS LAN
PKI-based security
services in the
User Domain
BME
BPD
NU LAN
BPD
AR – Access Router
BME – Bandwidth Management Equipment
BPD – Boundary Protection Device
BRI - Basic Rate Interface
DSE – Digital Switching Equipment
NSIE – NATO Secure ISDN Equipment
NICE – NATO IP Crypto Equipment
PRI - Primary Rate Interface
TA - Terminal Adapter
NATO
C3 Staff/ISB
NATO CIS IMPLEMENTATION
PILLARS
•
Adoption of Common Criteria
•
NATO Computer Incident Response
Capability (NCIRC)
•
NATO Public Key Infrastructure (NPKI)
NATO
C3 Staff/ISB
COMMON CRITERIA
NATO
C3 Staff/ISB
NATO AND COMMON CRITERIA
NC3S
Overarching
Architecture
Statement of
Statement of
Operational
Operational
Statement of
Requirements
Requirements
Operational
Requirement
CC concept
and terminology
POLICY
DIRECTIVES
GUIDELINES
NC3S
ReferenceNC3S
Architecture
Reference
NC3S
Architecture
Reference
Capability
Package
Security
Annex
Architecture
NC3S
TargetNC3S
ArchitectureTargetNC3S
ArchitectureTarget
Architecture
Type B Cost
Estimate
Type B Cost
(TBCE)
Estimate
(TBCE)
Security
Requirement
Statement
Invitation
For
Bid (IFB)
ISO/ National
NATO PP
Repositories
Evaluated
Products
Lists
NATO
C
3 Staff/ISB
•
•
•
•
NATO TRANSITION TO CC
Documentation
Process and Procedures for Protection
Profiles and Packages
NATO Protection Profiles and Packages
Repository
Registration of CC Evaluated Products
NATO
C
3 Staff/ISB
PROTECTION PROFILES
AND PACKAGES
•
Selection and/or Development
•
Evaluation and Certification
•
Repository
IT PRODUCTS
NATO
C3 Staff/ISB
SSA
PRODUCT
ENDORSEMENT
IDENTIFY
PRODUCT
NATO
PRODUCT LIST
NATIONAL
CC
REPOSITORY
VALIDATION
CERTIFICATION
DEVELOPMENT
PROCESS
NATIONAL
SPONSORED
PRODUCTS
NATO
PRODUCT
LIST
SECAN
EUSEC
NATO
NATION
NATO
C3 Staff/ISB
CURRENT SITUATION
• Transition phase
– Interim guidance
– IT Products, PPs, Packages Database
• Implementation Directive
– Under approval
• Objective: 2 Q 2003
NATO
C3 Staff/ISB
NATO COMPUTER
INCIDENT RESPONSE
CAPABILITY
NATO
C3 Staff/ISB
NCIRC
• Central Capability
• Incident Handling and Reporting
• Implementation Approach
NATO
C
3 Staff/ISB
NCIRC ORGANISATION
TIER 1
CO-ORDINATION CENTRE
TIER 2
TECHNICAL SUPPORT CENTRE
TIER 3
CIS OPERATING AUTHORITIES
NATO
C
3 Staff/ISB
CURRENT SITUATION
• NCIRC documentation
– NC3B Guidance and Direction
– CONOPs
– Handbook
• NCIRC activated on a limited scale
• Establishment of links with national
CERTs
NATO
C3 Staff/ISB
NATO PKI
NATO
C3 Staff/ISB
NATO PKI
• NPKI Goal
• NPKI Implementation Approach:
– Establish the governing Authority (NPMA)
– Field the Root CA
– Regulate the implementation of the other PKI
components
NATO
C
3 Staff/ISB
NPKI ORGANISATION
NPMA
TIER 1
ROOT CA
TIER 2
TIER 3
CERTIFICATION AUTHORITIES
SUBORDINATE CAs OR RAs
NPAC
NATO
C3 Staff/ISB
CURRENT SITUATION
• PKI documentation:
–
–
–
–
–
–
NPKI Legal Aspects
PKI Policy for NATO CIS
NPKI High Level Concept Of Operations
NPKI Certificate Policy
NPKI Security Architecture
NPKI Interoperability Strategy
• Fielding of NATO Messaging System
• First Root Certificate by 2 Q 2003
NATO
C3 Staff/ISB
•
•
•
•
•
•
CONCLUSIONS
NATO Policy
NATO CIS Overview
NATO CIS Implementation Pillars
Common Criteria
NATO Computer Incident Response Capability
NATO Public Key Infrastructure
NATO
C3 Staff/ISB
Questions?