210 likes | 336 Views
Coalition Network Defence Common Operational Picture. Brno, The Czech Republic 2 – 4 May 200 7. Josef Kaderka University of Defence, Brno The Czech Republic Josef.Kaderka@unob.cz. Agenda. Terms Computer networks role under coalition conditions Some related activities and projects
E N D
Coalition Network DefenceCommon Operational Picture Brno, The Czech Republic2 – 4May 2007 Josef Kaderka University of Defence, Brno The Czech Republic Josef.Kaderka@unob.cz
Agenda • Terms • Computer networks role under coalition conditions • Some related activities and projects • Today and close future • Conclusion Only non-classified sources were usedandnon-classified information is published
NATO Network Enabled Capability • Information superiority as a matter of successful future coalition operation • Widely accepted idea • … • Everybody talks/works on it • Not only pros, but also cons • Technically, there are similar issues like in business - but we deal with lifes
Common Operational Picture and Situational Awareness • Common Operational Picture (COP) A single identical display of relevant information shared by more than one command. A common operational picture facilitates collaborative planning and assists all echelons to achieve situational awareness. • US Joint Force Common Glossary • Free Dictionary • Wikipedia • Situational Awareness (SA) as a COP result
Computer networks • Vital importance • Coalition interconnecting aspects • Sensitive information sharing • IT asymmetry (USA, …, the rest) • De facto partial infrastructure sharing • Firewalls, IDSs, Safeguard etc. • Computer networks as a battlefield • Need to be defended - on the coalition level
Cyberbattle specifics/possibilities • No line of contact • No safe distance as a security guarantee • No relation with unit geographical deployment • Correct recognitionof real attack (false positive/negative) • Extremely rapid attack expansion even from the depth • Massive concurrent and selective attack against discovered vulnerabilities • All this in the coalition environment !
Forces and Networks • Operational Capability Requirements equal to the IT services • „Force“ commander should • Understand the new threats • Consider proactive measures, ... • „Network“ Commander should • Understand the force commander intention, ... • Many new specific duties • Both should share the same approach
Some related activities and projects • NATO Multilateral Interoperability Program (MIP) • The Technical Cooperation Program (TTCP) • Aus, Ca, NZ, UK, US, (five eyes nations ) • Combined Enterprise Regional Information Exchange System (CENTRIXS) • Coalition Secure Management and Operations System (COSMOS) • FGAN/FKIE * • Ge • NATO RTO IST ET *) Forschungsgesellschaft für Angewandte NaturwissenschaftenForschungsinstitut für Kommunikation, Informationsverarbeitung und Ergonomie
MIP • Objective to share • Situational Awareness • Plans and Orders • NBC alerts and critical messages • Common Interface Specification • Message Exchange Mechanisms (AdapP-3) • Data Exchange automatic push • Land Command and Control Information Exchange Data Model • Nations’ interface on a secure LAN
CENTRIXS • US-led, multinational information sharing networks • Core collaboration services • E-mail with and without attachments • Web-browser-based data access • File sharing • Secure VoIP • Next extensions • COP (Tactical), CIP (Intelligence) • Near-real-time data access etc.
COSMOS • Preliminary steps • High tactical and operational level coalition information sharing among coalition partners known to each other • Advantage of a well defined and internationally agreed to „information language se“ designed for C2 interoperability • Enforce the discrete dissemination (Protected Sharing) of released information „need to know“ based • Focused toward a single Secret High Releasable to coalition network
FGAN/FKIE • Graph clustering-based anomaly detector • Modified star connected IDS network with central Meta-IDS server • Modifications to hierarchical IDS • Information sanitization while exiting local domain • Data reduction & predefined correlation rules to manage data flow • MITE - MANET Intrusion Detection for Tactical Environments
NATO RTO IST ET 041 • 2005 – 2006 (Ca, Cz, UK, US) • Coalition Network Defence Common Operational Picture (CNet-D COP) (formerly Coalition Information Assurance – CIA – COP) • Technical and political approaches to the problem of developing and demonstrating a coordinated IA posture • Collecting, displaying, fusing, and securely sharing network security-related status data, ..
Today and close future of theCNet-D COP • Models needed (secure information sharing) • Conceptual, Data • Joint C3 Information Exchange Data Model (JC3IEDM) already exists • Advanced national research in Canada • Standardization (in coalition environment) • Computer attack early warning • Attack correlations among partners, ... • IETF Intrusion Detection Message Exchange Format (IDMEF) draft, ...
What to discuss/do • Security architecture • Single/common view of coalition networks security status • ... • Impact Assessment [tools] • ... • Practical realization, testing ...
Some ET 041 results • The Research Task Group (RTG) proposal agreed • Sent to appropriate body • Items to solve specification • Basic documents prepared • Technical Activity Proposal • Programme of Work (PoW)
Future RTG Work Items • Plan overall activities of the RTG • Agreeing on an underlying set of definitions tobe used for CNet-D SA (Situational Awareness) • Agreeing on the conceptual model for CNet-D SA • Defining a detailed data model and data specifications • Promote the data model and necessary definitions, etc.