Title: Boeing have not started'
1 Boeing have not started.
Transglobal Secure Collaboration Program (TSCP)
Jim Cisneros Deputy CIO, Future Combat
Systems The Boeing Company May 20, 2009
2Ongoing Information Security Challenges
Hacking Internet Backbones - It's Easier Than You
Think Network backbone technologies used to
route traffic over large corporate networks are
vulnerable to large-scale hijacking attacks,
according to two researchers who released freely
available software on Thursday to prove their
point. Source Dan Goodin, The Register, NETCOM
G-2 Digest April 20
The Fog of Cyberwar NATO military strategists
are waking up to the threat from online attacks.
Source Evgeny Morozov, Newsweek, NETCOM G-2
Digest April 20
Cyber Terrorism
Viruses
Environmental
Threats
Industrial Espionage
Social Networks 10 Times as Effective for
Hackers, Malware. That hackers are using sites
such as Facebook, LinkedIn and MySpace to launch
attacks is no revelation. In its "Malware
Evolution 2008" report, Kaspersky Lab revealed
that malicious code distributed via social
networking sites has a success rate of 10 percent
in terms of infections, making it 10 times more
potent than malware distributed via e-mail.
Date 13 May 2009 Source NETCOM G-2 Digest 14
May 2009
Natural Disasters
Unintended results (The OOPS factor)
FBI used spyware to catch cable-cutting
extortionist The FBI used spyware to catch a
Massachusetts man who tried to extort Verizon and
Comcast by cutting 18 data- and voice-carrying
cables in 2005, documents obtained under the
Freedom of Information Act by Wired.com have
revealed. Date 18 April 2009 Source
Goal Getting the right information -securely-
to the right people in a timely manner
3A Holistic Approach to Protecting Information
The Regulations
The Threats
The Risks
If not Addressed in this Manner The Results can
be Costly
4Transglobal Secure Collaboration Program
Objectives
AD industry government working together
toward common solutions
Export Control Regulations
KEY DRIVERS
Privacy
Company Policies
Areas of Common Challenge
ITAR, Export Control Act
Company-specific policies
Privacy Act of 1974, Data Protection Act
Areas of TSCP Attention
Solution Space
CORE PRACTICES
Identity Access Management HSPD-12
Information Management FARS/DFARS
Secure Electronic Exchange Document sharing Web
authentication Secure e-mail
SUPPORTING PRACTICES
5Benefits of TSCP Involvement
- Common approaches among participants leverages
investments and maximizes expertise. - Common solutions across all programs facilitate
trusted information sharing resulting in lower
costs. - United industry and government influence on
vendor product directions.
FORWARD
6Boeing TSCP
TSCP Collaborative Focus Areas
Boeing Internal Collaborative Efforts
Emerging solutions compliant with TSCP
specifications directions
- Identity Management
- Web authentication
- Completed JITC testing
- In production use on Future Combat Systems
(accessing ALTESS.mil web site) - Successful early pilot with AKO/DKO web site
Targeted Collaborative Capabilities (TCCs)
Boeing contributed LDAP Proxy software
.mil Web Authentication - authentication strength
- Secure e-mail
- Completing internal infrastructure
- Initial deployment to DIB partners and current
programs
- Secure e-mail
- In Pre-Pilot testing
- Production readiness expected for UK MOD and
industry partners in 2009
Boeing completing class 3 infrastructure
- Document Sharing Using
- Identify Federation (DSIF)
- Establish Common Operating Rules (COR)
- Trusted Document Sharing
- Working with Rolls Royce on a SharePoint pilot
using Federation
Working w/ TSCP partners to pilot progress
forward
- Information Asset Protection (IAP)
- Working with IDS Bus Dev team to
- address document marking and
- export challenges
Information Asset Protection (IAP) Perform
proof-of-Concept how information assets can be
protected when identified with marking such as
Export Control
Collecting export reqs from non-US Boeing sites
7Influence on Vendor Products
- TSCP members represent a sizable consumer
community. - TSCP members combine their need for
standards-based solutions with their buying power
to influence vendors to address TSCP identity and
security requirements. - Example Microsoft is addressing an
authentication gap in their product in an
upcoming release. Individual companies had not - been successful in obtaining this change.
8(No Transcript)
9Backup slides