1.01k likes | 1.15k Views
Information Sharing and Security in Dynamic Coalitions. Steven A. Demurjian Computer Science & Engineering Department 371 Fairfield Road, Box U-2155 The University of Connecticut Storrs, Connecticut 06269-2155 http://www.engr.uconn.edu/~steve steve@engr.uconn.edu.
E N D
Information Sharing and Security in Dynamic Coalitions Steven A. Demurjian Computer Science & Engineering Department 371 Fairfield Road, Box U-2155 The University of Connecticut Storrs, Connecticut 06269-2155 http://www.engr.uconn.edu/~steve steve@engr.uconn.edu
Overview of Presentation • The Dynamic Coalition Problem • Civilian Organizations • Military Involvement/GCCS • Information Sharing and Security • Federating Resources • Data Integrity • Access Control (RBAC,DAC and MAC) • Other Critical Security Issues • Stepping Back • Security Issues for Distributed and Component-Based Applications • Conclusions and Future Work
Crisis and Coalitions • A Crisis is Any Situation Requiring National or International Attention as Determined by the President of the United States or UN • A Coalition is an Alliance of Organizations: Military, Civilian, International or any Combination • A Dynamic Coalition is Formed in a Crisis and Changes as Crisis Develops, with the Key Concern Being the Most Effective way to Solve the Crisis • Dynamic Coalition Problem (DCP) is the Inherent Security, Resource, and/or Information Sharing Risks that Occur as a Result of the Coalition Being Formed Quickly
Near Simultaneous Crises Crisis Point BOSNIA (NATO) NATO Hq KOSOVO (US,UK) Olympic Games Earthquake (United Nations) Ship Wreck (UK,SP)
Crises in 2005 • Tidal Wave in Southeast Asia • Hurricanes in US • Katrina – Louisiana and Mississippi • Rita – Texas and Louisiana • Mudslides in Guatemala • Earthquake in Pakistan/India • Mayalsia Airlines Flight 370 • Key Questions • How do we React to Such Crises? • What is Potential Role for Computer Scientists and Engineers in Process? • Can we Automate the Interactions Required for the Critical Computing Infrastructure?
Coalitions re. Health Care? • What Health Situations would Lead to Coalitions? • Flu Epidemic? • Tic-Borne Disease? • Food Recall (e-coli)? • When are Health Coalitions Needed? • Any Natural Disaster? • Hurricane, Tornado, Blackout, ??? • Any Man-Made Disasters? • Nuclear Melt-Down (Japan)? • Terrorist Attached??? • Malaysia Flight 370 – Ships and Satilletes
Emergent Need for Coalitions • “Coalitions must be flexible and no one coalition is or has the answer to all situations.” • Secretary of Defense, Donald Rumsfeld • “Whenever possible we must seek to operate alongside alliance or coalition forces, integrating their capabilities and capitalizing on their strengths.” • U.S. National Security Strategy • “Currently, there is no automated capability for passing command and control information and situational awareness information between nations except by liaison officer, fax, telephone, or loaning equipment.” • Undersecretary of Defense for Advanced Technology
The Dynamic Coalition Problem (DCP) • Dynamic Coalition Problem (DCP) is the Inherent Security, Resource, and/or Information Sharing Risks that Occur as a Result of the Coalition Being Formed Quickly • Private Organizations (PVO) • Doctors Without Boarders • Red Cross • Non-Government Organizations (NGO) • State and Local Government • Press Corps • Government Agencies • FBI, CIA, FEMA, CDC, etc. • Military (International)
Supporting Advanced ApplicationsDCP Objectives for Crisis • Federate Users Quickly and Dynamically • Bring Together Resources (Legacy, COTs, GOTs, DBs, etc.) Without Modification • Dynamically Realize/Manage Simultaneous Crises • Identify Users by Roles to Finely Tune Access • Authorize, Authenticate, and Enforce a Scalable Security Policy that is Flexible in Response to Collation Needs • Provide a Security Solution that is Portable, Extensible, and Redundant for Survivability • Include Management/Introspection Capabilities to Track and Monitor System Behavior • How Does this Slide Relate to Healthcare?
Healthcare Role in Coalitions? • Federate Users Quickly and Dynamically • Medical Professionals and Support Personnel (EMTs, etc.) • From Across a Region • Span Many Health Care Organizations • Bring Together Resources (Legacy, COTs, GOTs, DBs, etc.) Without Modification • Bring Together HIT systems • Broad HIE across HIT systems • Dynamically Realize/Manage Simultaneous Crises • Hurricane Irene – One Crisis Multiple Locations • Federal Must Support Multiple Coalitions
Healthcare Role in Coalitions? • Identify Users by Roles to Finely Tune Access • Define in Advance Roles for all Stakeholders • Know Users in a Region/No Excuse not to be Prepared • Authorize, Authenticate, and Enforce a Scalable Security Policy that is Flexible in Response to Collation Needs • Do we relax Security rules? • Allow Patient Data access in Emergent Case? • Would you say yes or no?
Healthcare Role in Coalitions? • Provide a Security Solution that is Portable, Extensible, and Redundant for Survivability • Lifetime both before and after Crisis • Allow for Medical Organizations to Cover/Backup one Another • How would mobile computing help? • Secure Mobile Devices for Healthcare data • Provide unfettered access in Crisis • Include Management/Introspection Capabilities to Track and Monitor System Behavior • Be able to understand what works, what didn’t • Collect data on all Aspects of Use for future Mining and Learning/Revising
DCP: Coalition Architecture Clients Using Services Resources Provide Services NATO SYS Federal Agencies (FEMA, FBI, CIA, etc.) Client COTS U.S. Army LFCS (Canada) Client U.S. Navy SICF (France) Client French Air Force Client HEROS (Germany) U.S. Legacy System SIACCON (Italy) NATO Database Client NGO/PVO Resource German NGO/PVO (Red Cross, NYPD, etc.) Client GCCS (US) COTS Client
DCPJoint and Combined Information Flow GCCS GCCS-A CORPS ABCS MCS XX DIV FAADC2I MCS CSSCS AFATDS ASAS X BDE BSA TOC MCS X X | | | | BN BN | | MCS MCS CO FBCB2 Common Operating Environment Combined: Many Countries ARMY Joint Task Force Adjacent Marines Navy Coalition Partners Air Force GCCS-M GCCS-N GCCS-AF NATO Systems TCO JMCIS TBMCS Coalition Systems Joint - Marines, Navy, Air Force, Army
DCP: Combined Information Flow Logistics GCCS - Joint/Coalition - Maneuver Air Defense/Air Operations Fire Support Combined Database Intelligence Network and Resource Management
DCP: Coalition Artifacts and Information Flow – Military Engagement U.S. Global C2 Systems Air Force Navy Joint Command System Battle Management System NGO/ PVO GCCS U.N. Army Battle Command System Combat Operations System NATO U.S.A Army Marine Corps Dynamic Coalition AFATDS FADD GOAL: Leverage information in a fluid, dynamic environment ASAS GCCS-A ABCS CSSCS MCS Other Army C2
DCP: Coalition Artifacts and Information Flow – Civilian Engagement Red Cross Pharma. Companies Govt. MDs w/o Borders EMTs RNs MDs State Health Other Transportation Military Medics Govt. Local Health Care CDC ISSUES: Privacy vs. Availability in Medical Records Support Life-Threatening Situations via Availability of Patient Data on Demand
DCP: Global Command and Control System GCCS Provides: - Horizontal and Vertical Integration of Information to Produce a Common Picture of the Battlefield - 20 separate automated systems - 625 locations worldwide - private network Situational Awareness GLOBAL C2 SYSTEMS MOBILE SUBSCRIBER EQUIPMENT DATA RADIO SATELLITE MISSION PLANNING MET SUPPORT INTEL SATCOM MANEUVER CONTROL X X AIR DEFENCE ARTY TOPO Client/Server MET MISSION PLANNING AIR DEFENCE SUPPORT INTEL X MANEUVER CONTROL Client/Server SATCOM ARTY TOPO Company AIR DEFENCE FBCB2 /EBC SUPPORT INTEL Platoon Client/Server ARTY Tactical Internet MANEUVER CONTROL BATTLEFIELD C2 SYSTEM EMBEDDED BATTLE COMMAND SATCOM FBCB2 /EBC Squad MOBILE SUBSCRIBER EQUIPMENT
DCP:Global Command and Control System Joint Services : a.k.a Weather METOC Video Teleconference TLCF Joint Operations Planning and Execution System JOPES Common Operational Picture COP Transportation Flow Analysis JFAST Logistics Planning Tool LOGSAFE Defense Message System DMS NATO Message System CRONOS Component Services : Army Battle Command System ABCS Air Force Battle Management System TBMCS Marine Combat Operations System TCO JMCIS Navy Command System
DCP: Healthcare Coalition • What are the Possible Services? • How Broad is Access to Patient Data? • Is Access Constrained to Duration of Crisis? • How do we Federate Healthcare Data? • Is Cloud Computing Answer? • Do we have Replicated Repositories? • How is Access Provided? • How do we Deal with Loss of Infrastructure? • No Power for 1 week? • Non-Solar Powered Cell Towers Stop Working? • What are other Possible Issues?
DCP:Global Command and Control System Common Picture Common Operational Picture
DCP: Critical Requirements • Difficult to Establish Roles • Requires Host Administrator • Not Separate Roles • No Time Controllable Access • Time Limits on Users • Time Limits on Resource Availability • Time Limits on Roles • No Value Constraints • Unlimited Common Operational Picture • Unlimited Access to Movement Information • Difficult to Federate Users and Resources • U.S. Only system • Private Network (Not Multi-Level Secure)
GCCS Shortfalls: User Roles • Currently, GCCS Users have Static Profile Based on Position/Supervisor/Clearance Level • Granularity Gives “Too Much Access” • Profile Changes are Difficult to Make - Changes Done by System Admin. Not Security Officer • What Can User Roles Offer to GCCS? • User Roles are Valuable Since They Allow Privileges to be Based on Responsibilities • Security Officer Controls Requirements • Support for Dynamic Changes in Privileges • Towards Least Privilege
Non-Military Crisis: User Roles • Emergent Crisis (Katrina) Requires a Response • Some Critical Issues • Who’s in Charge? • Who is Allowed to do What? • Who can Mobilize Governmental Resources? • Roles can Help: • Role for Crisis Commander • Roles for Crisis Participants • Roles Dictate Control over Resources • For Katrina: Lack of Leadership & Defined Roles • Army Corps of Engineers Only Allowed to Repair Levees – Not Upgrade and Change • Malaysia Flight 370 Recovery Been Organized?
GCCS Shortfalls: Time Controlled Access • Currently, in GCCS, User Profiles are Indefinite with Respect to Time • Longer than a Single Crisis • Difficult to Distinguish in Multiple Crises • No Time Controllable Access on Users or GCCS Resources • What can Time Constrained Access offer GCCS? • Junior Planners - Air Movements of Equipment Weeks before Deployment • Senior Planners - Adjustment in Air Movements Near and During Deployment • Similar Actions are Constrained by Time Based on Role
Non-Military Crisis: Time Controlled Access • Multiple Crisis Require Ability to Distinguish Between Roles Based on Time and Crisis • Occurrence of Rita (one Crisis) Impacted the Ongoing Crisis (Katrina) • Need to Manage Simultaneous Crisis w.r.t. Time • Different Roles Available at Different Times within Different Crises • Role Might be “Finishing” in one Crisis (e.g., First Response Role) and “Starting” in Another • Individual May Play Different Roles in Different Crisis • Individual May Play Same Role with Different Duration in Time w.r.t. its Activation
GCCS Shortfalls: Value Based Access • Currently, in GCCS, Controlled Access Based on Information Values Difficult to Achieve • Unlimited Viewing of Common Operational Picture (COP) • Unlimited Access to Movement Information • Attempts to Constrain would have to be Programmatic - which is Problematic! • What can Value-Based Access Offer to GCCS? • In COP • Constrain Display of Friendly and Enemy Positions • Limit Map Coordinates Displayed • Limit Tier of Display (Deployment, Weather, etc.)
Non-Military Crisis: Value Based Access • In Katrina/Rita, What People can See and Do May be Limited Based on Role • Katrina Responders Limited to Katrina Data • Rita Responders Limited to Rita Data • Some Responders (Army Corps Engineers) May Need Both to Coordinate Activities • Within Each Crisis, Information Also Limited • Some Katrina Roles (Commander, Emergency Responders, etc.) see All Data • Other Katrina Roles Limited (Security Deployment Plans Not Available to All • Again – Customization is Critical • How Effectively is Sharing in Flight 370?
Healthcare Crisis: Value Based Access • Consider Nuclear Crisis in Japan in 2011 • Tsunami Inundated Nuclear Plan • Meltdown Followed • What are Short and Long Term Issues? • Short-term (During Crisis) Similar Roles as for the Katrina Case • When Crisis Passes, How to Track Health for: • Displaced Individuals Exposed to Radiation • Displaced Individuals with Medical Problems • Long-Term– Coalition Continues • 2+ years later – is Cancer’s tied to Event? • How Do we Track Long-term • What are Long term Health Issues?
GCCS Shortfalls: Federation Needs • Currently, GCCS is Difficult to Use for DCP • Difficult to Federate Users and Resources • U.S. Only system • Incompatibility in Joint and Common Contexts • Private Network (Not Multi-Level Secure) • What are Security/Federation Needs for GCCS? • Quick Admin. While Still Constraining US and Non-US Access • Employ Middleware for Flexibility/Robustness • Security Definition/Enforcement Framework • Extend GCCS for Coalition Compatibility that Respects Coalition and US Security Policies
Non-Military Crisis: Federation Needs • Crisis May Dictate Federation Capabilities • Katrina • Devastated Basic Communication at All Levels • There was No Need to Federate Computing Systems at Crisis Location with No Power, etc. • Rita • Crisis Known Well in Advance • However, Didn’t Prevent • Disorganized Evacuation • 10+ Hour Highway Waits • Running out of Fuel • Federation Must Coordinate Critical Resources