Coalition Network Defence Common Operational Picture

1
Coalition Network DefenceCommon Operational
Picture
Brno, The Czech Republic2 4 May 2007
Josef Kaderka University of Defence, Brno The
Czech Republic Josef.Kaderka_at_unob.cz
2
Agenda

• Terms
• Computer networks role under coalition conditions
• Some related activities and projects
• Today and close future
• Conclusion

Only non-classified sources were used and
non-classified information is published
3
NATO Network Enabled Capability

• Information superiority as a matter of successful
  future coalition operation
• Widely accepted idea
• Everybody talks/works on it
• Not only pros, but also cons
• Technically, there are similar issues like in
  business - but we deal with lifes

4
Common Operational Picture and Situational
Awareness

• Common Operational Picture (COP)
• A single identical display of relevant
  information shared by more than one command. A
  common operational picture facilitates
  collaborative planning and assists all echelons
  to achieve situational awareness.
• US Joint Force Common Glossary
• Free Dictionary
• Wikipedia
• Situational Awareness (SA) as a COP result

5
Computer networks

• Vital importance
• Coalition interconnecting aspects
• Sensitive information sharing
• IT asymmetry (USA, , the rest)
• De facto partial infrastructure sharing
• Firewalls, IDSs, Safeguard etc.
• Computer networks as a battlefield
• Need to be defended - on the coalition level

6
Cyberbattle specifics/possibilities

• No line of contact
• No safe distance as a security guarantee
• No relation with unit geographical deployment
• Correct recognition of real attack (false
  positive/negative)
• Extremely rapid attack expansion even from the
  depth
• Massive concurrent and selective attack against
  discovered vulnerabilities
• All this in the coalition environment !

7
Forces and Networks

• Operational Capability Requirements equal to the
  IT services
• Force commander should
• Understand the new threats
• Consider proactive measures, ...
• Network Commander should
• Understand the force commander intention, ...
• Many new specific duties
• Both should share the same approach

8
Some related activities and projects

• NATO Multilateral Interoperability Program (MIP)
• The Technical Cooperation Program (TTCP)
• Aus, Ca, NZ, UK, US, (five eyes nations ?)
• Combined Enterprise Regional Information Exchange
  System (CENTRIXS)
• Coalition Secure Management and Operations System
  (COSMOS)
• FGAN/FKIE
• Ge
• NATO RTO IST ET

) Forschungsgesellschaft für Angewandte
Naturwissenschaften Forschungsinstitut für
Kommunikation, Informationsverarbeitung und
Ergonomie
9
MIP

• Objective to share
• Situational Awareness
• Plans and Orders
• NBC alerts and critical messages
• Common Interface Specification
• Message Exchange Mechanisms (AdapP-3)
• Data Exchange automatic push
• Land Command and Control Information Exchange
  Data Model
• Nations interface on a secure LAN

10
CENTRIXS

• US-led, multinational information sharing
  networks
• Core collaboration services
• E-mail with and without attachments
• Web-browser-based data access
• File sharing
• Secure VoIP
• Next extensions
• COP (Tactical), CIP (Intelligence)
• Near-real-time data access etc.

11
COSMOS

• Preliminary steps
• High tactical and operational level coalition
  information sharing among coalition partners
  known to each other
• Advantage of a well defined and internationally
  agreed to information language se designed for
  C2 interoperability
• Enforce the discrete dissemination (Protected
  Sharing) of released information need to know
  based
• Focused toward a single Secret High Releasable to
  coalition network

12
FGAN/FKIE

• Graph clustering-based anomaly detector
• Modified star connected IDS network with central
  Meta-IDS server
• Modifications to hierarchical IDS
• Information sanitization while exiting local
  domain
• Data reduction predefined correlation rules to
  manage data flow
• MITE - MANET Intrusion Detection for Tactical
  Environments

13
NATO RTO IST ET 041

• 2005 2006 (Ca, Cz, UK, US)
• Coalition Network Defence Common Operational
  Picture (CNet-D COP)
• (formerly Coalition Information Assurance CIA
  COP)
• Technical and political approaches to the problem
  of developing and demonstrating a coordinated IA
  posture
• Collecting, displaying, fusing, and securely
  sharing network security-related status data, ..

14
Today and close future of theCNet-D COP

• Models needed (secure information sharing)
• Conceptual, Data
• Joint C3 Information Exchange Data Model
  (JC3IEDM) already exists
• Advanced national research in Canada
• Standardization (in coalition environment)
• Computer attack early warning
• Attack correlations among partners, ...
• IETF Intrusion Detection Message Exchange Format
  (IDMEF) draft, ...

15
Example of CNet-D Security Architecture Model
(DRDC Ottawa)
16
Possible CNet-D COP architecture (DRDC Ottawa)
17
What to discuss/do

• Security architecture
• Single/common view of coalition networks security
  status
• ...
• Impact Assessment tools
• ...
• Practical realization, testing ...

18
Some ET 041 results

• The Research Task Group (RTG) proposal agreed
• Sent to appropriate body
• Items to solve specification
• Basic documents prepared
• Technical Activity Proposal
• Programme of Work (PoW)

19
Future RTG Work Items

• Plan overall activities of the RTG
• Agreeing on an underlying set of definitions to
  be used for CNet-D SA (Situational Awareness)
• Agreeing on the conceptual model for CNet-D SA
• Defining a detailed data model and data
  specifications
• Promote the data model and necessary definitions,
  etc.

20
(No Transcript)
21
Thank you