Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service

advertisement
Protective Measures at
NATO Headquarters
Ian Davis
Head, Information Systems Service
NATO Headquarters
Brussels, Belgium
The Prime Directive - I
NATO information…
…shall be managed as
a corporate resource
to support NATO [business]…
… throughout its life-cycle...
Extract from NATO Information Management Policy
The Prime Directive - II
NATO information…
…shall be protected…
…to ensure its confidentiality,
integrity and availability
throughout its life-cycle...
Extract from NATO Information Management Policy
What is NATO?




An alliance of 19 nations...
...and EAPC, PJC & NUC
The forum for consultation and
decisions on security matters
A facility for co-operation in other
matters
NATO HQ Activities
POLITICAL
CONSULTATION
COORDINATION OF
ACTIVITIES
CONSULTATION
PROGRAMME
MANAGEMENT
HEADQUARTERS
ADMINISTRATION
The Consultation Process
CONSULTATION
AGENDAS
requires
DOCUMENTS
NOTES
DECISION SHEETS
INFORMATION
MEETING
NATO HQ
requires
ATTENDEES:
STAFF:
INFORMATION MANAGEMENT
CREATE,
CREATE,
REVIEW,
COLLATE,
requires
APPROVE
MANAGE
DOCUMENTS
INFORMATION
SECURITY
COMMENTS
Transformation of NATO
since 1989

Political


Information Technology


NATO > EAPC > OTHERS
Mainframe > LAN > WAN [> Internet]
Security

Confidentiality > Integrity & Availability
NATO HQ Organisation
NATIONAL/
PARTNER
DELEGATIONS
NAC
EAPC
INTERNATIONAL
STAFF
MILITARY
REPRESENTATIONS
MILITARY
COMMITTEE
INTERNATIONAL
MILITARY STAFF
Security Domains
NATO DOMAIN
MEMBER
NATIONS
MILITARY
COMMANDS
DELEGATIONS
NATO
AGENCIES
NATO HQ
MILREPS
INTERNATIONAL STAFFS
PARTNER MISSIONS
INTERNATIONAL ORGANISATIONS
PARTNER
NATIONS
INDUSTRY
ACADEME
OTHER NATIONS
EAPC DOMAIN
MEDIA
GENERAL PUBLIC
EXTERNAL DOMAIN
NATO HQ Approach to
Security

Separate regime for each domain

Same process:

Adherence to NATO Policy

Structure

Objectives

Principles

Countermeasures
Structure

Formality:




separation of functions
documentation
Security as system functionality:

design

development

testing
Managed throughout life-cycle

configuration management
Separation of Roles
Security Accreditation Authority
accreditation
inspections
Operating Authority
system development
system installation
system operation
system maintenance
Security Authority
risk analysis
security SOPs
equipment approval
audits
Documentation

Security requirements statement

Security operating procedures

Interconnection agreements
Objectives

Protecting NATO information against
loss of:




Confidentiality
Integrity
Availability
By either accidental or deliberate act
Definitions

Confidentiality


Integrity


disclosure of information to
unauthorised parties
modification of information
Availability


destruction of data
denial of service (access to data)
Principles - I

Risk management

Minimality

Least privilege

Self-protecting nodes

Defence-in-depth

Implementation verification
Risk Management

Use of approved methodology

Analysis of:


Threats
Vulnerabilities

Risk Assessment

Countermeasures

Residual Risk
Risk Management
Threats & Vulnerabilities
Requirements
Risk Analysis
Cost
Risk assessment
Countermeasures
Residual Risk
Residual Risk
RISK
COVERED
RISK IDENTIFIED
BY
BY RISK
ASSESSMENT
COUNTER
MEASURES
Residual Risk: Risk accepted due to
cost/difficulty of countermeasures
Principles - I

Risk management

Minimality

Least privilege

Self-protecting nodes

Defence-in-depth

Implementation verification
Principles - II

Minimality


Least privilege


only enable those services required
users only given functions &
authorizations they need
COTS software must be managed
Principles - III

Self-protecting nodes



Defence-in-depth


each network node protects itself
regards other nodes as untrusted
no reliance on one single measure
Implementation verification


regular review of security posture
change/configuration management
Countermeasures
PHYSICAL
PERSONNEL
PROCEDURAL
TECHNICAL
Countermeasures - I

Physical




separation of domains
restrict access to information stores
data redundancy
Personnel



careful selection of staff
education
beware the “insider” threat
Countermeasures - II

Procedural





standard operating procedures
need-to-know separation
inspections & reviews
configuration management
Technical




certified products
access controls & audit tools
firewalls & filters
anti-virus software
Conclusions


Information systems are critical to
operations
Security:




is an integral part of the overall
system
must be managed throughout entire
life-cycle
requires structure & method
requires a balanced mix of a wide
variety of techniques
Outgoing
Traffic (Web)
Denial of Service Attack
(flooding line)
Maximum
Line Capacity
Incoming
Traffic (email)
Download