Special Report – Military Messaging and Secure Information Exchange Software by The Magazine Production Company

Special Report

Military Messaging and Secure Information Exchange Software Collaboration, Coalition and Interoperability The Fast Evolving Field of Secure Military Information Dynamic Information Security How Secure is Secure? The Role of Encryption A Secure Future?

Sponsored by

Published by Global Business Media

Published by Global Business Media Global Business Media Limited 62 The Street Ashtead Surrey KT21 1AT United Kingdom Switchboard: +44 (0)1737 850 939 Fax: +44 (0)1737 851 952 Email: info@globalbusinessmedia.org Website: www.globalbusinessmedia.org Publisher Kevin Bell Business Development Director Marie-Anne Brooks Editor Mary Dub Senior Project Manager Steve Banks Advertising Executives Michael McCarthy Abigail Coombes Production Manager Paul Davies For further information visit: www.globalbusinessmedia.org The opinions and views expressed in the editorial content in this publication are those of the authors alone and do not necessarily represent the views of any organisation with which they may be associated. Material in advertisements and promotional features may be considered to represent the views of the advertisers and promoters. The views and opinions expressed in this publication do not necessarily express the views of the Publishers or the Editor. While every care has been taken in the preparation of this publication, neither the Publishers nor the Editor are responsible for such opinions and views or for any inaccuracies in the articles.

© 2013. The entire contents of this publication are protected by copyright. Full details are available from the Publishers. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical photocopying, recording or otherwise, without the prior permission of the copyright owner.

Introduction Military and Intelligence Communications Systems Systems Evolution Future Direction Summary

The Fast Evolving Field of Secure Military Information 7 Mary Dub, Editor

The Security Legacy of 9/11 The Problem Impeding Good Intelligence Analysis Seven Years Later Significant Progress Has Been Achieved A Shift in Thinking About Encryption Losing Interoperability Through Leading From Too Far Ahead

Dynamic Information Security

Don McBarnet, Staff Writer

Software for Interoperability Incorporating Fourth Generation Collaborative Working into Network Centric Warfare Secure Collaborative Working Military Messaging: A Special Case

How Secure is Secure? The Role of Encryption

Mary Dub, Editor

Security Labeling Private and Public Keys The British Codification of ACP 123 (B) The Need for ‘CLEAR’ When Speed Overrides Security

A Secure Future?

Don McBarnet, Staff Writer

The Partnership Route to Synergy The Ministry of Defence in the UK Goes for Additional Security The Report by the British Comptroller and Auditor General The Operation of Moore’s Law and the Speed of the Commercial Marketplace

References 15

www.defenceindustryreports.com | 1

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

Foreword S

ecure information exchange within

coalition members, who need to align their software

armed forces and between coalition partners

and legacy hardware to concurrent systems in an

is a complex and highly political process. The

atmosphere of mutual trust and cooperation. The

fundamental concept of network centric warfare

speed and volume of the current threat is surprising

needs to be underpinned by the latest technique

and the modern and practical approach outlined by

in fourth generation collaborative working including

General Bowman is salutary.

portability of data, real time messaging and working together in an environment of trust.

The third piece looks at the codification systems agreed within NATO and some of their implications.

This Special Report opens with an article that

The fourth article looks at the knotty world of

looks at the importance of fast and unambiguous

encryption. While not having access to classified

communications to the success of military

information, it is almost impossible to make

organisations across the world and the role of

judgments on the processes currently used. It is left,

Military Messaging Handling Systems (MMHS) â&#x20AC;&#x201C;

however, to the Generals in command to lower levels

the infrastructure used to send and receive these

of encryption to enable greater access to needed

messages. The article goes on to describe the

information in the battlefield.

features of MMHS, which go beyond the normal

It is always taxing to look over the horizon in any field.

commercial requirements of Confidentiality, Integrity

To hazard a guess in the field of security is risky. What

and Availability. The US Department of Defense

is becoming clearer is that using COTS systems is a

led the way in adapting Commercial Off-The-Shelf

strong trend and that developing bespoke software

(COTS) messaging platforms, selecting Microsoft

in consortiums and partnerships, as always, can

Exchange servers for carrying military message

provide cost effective synergy. While the commercial

traffic. In turn, Microsoft engaged Boldon James

market moves forward at a punishing pace, the cash

to develop appropriate plug-ins to provide the user

strapped military market must endeavor to make the

experience needed by soldiers.

effort to keep pace and lower risk.

The 21st century threat environment in which military security must work is described in the second article. This environment is bedeviled by the need for clear and codified standards within forces and

Mary Dub Editor

Mary Dub has covered the defence field in the United States and the UK as a television broadcaster, journalist and conference manager.

2 | www.defenceindustryreports.com

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

Collaboration, Coalition and Interoperability

Secure Information Exchange

Martin Sugden, CEO, Boldon James Secure Information Exchange between Defence and Civil Organisations

Introduction For the world’s military and Civil defence organisations, the last decade has been dominated by a series of major disasters, such as Hurricane Sandy, and the need to respond to the growth in Global Terrorism by coalitions of Defence forces and their associated Civil and Intelligence organisations. This heightened level of interoperability has meant that Warfighters and Intelligence experts have been faced with the difficulty of deciding what information they can safely share and then deploying systems that enable them to share it. As large corporates communicate efficiently around the globe every day, the uninitiated user sees such interoperability as a simple task. “Don’t they just use Outlook?” is a common misconception; but in practice, it is extremely complicated. This Paper will identify some of the key problems in providing Secure Information Exchange (SIE) and examine how these are being overcome.

Military and Intelligence Communications Systems Fast, unambiguous communication is critical to the success of military organisations across the

world and the infrastructure used to send and receive these messages is often referred to as a Military Messaging Handling System (MMHS). Military communication is a 24/7 process, where the sender and receiver (or list of recipients) often do not know each other. User communities are deployed across a variety of different operational environments, each with unique characteristics: for example Low Bandwidth or Radio Silence. Failure is not an option, so, as requirements developed in the late 90s and commercial systems were deemed not to be up-to-scratch, system architects responded by developing standards to enable interoperability based on tried and tested technology such as X400. For example: •N ATO standard STANAG 4406 covers standard military messaging •A llied Communications protocols 145 defines international communications between NATO defence organisations as an X400 communication In common with all IT systems, MMHS need to address data Confidentiality, Integrity and Availability; however an MMHS requires strengthened controls. Specifically, as a message is created, labels are applied to the message

Command Email The Modern MMHS COTS Products Modern Standards Modularity Interoperability

www.boldonjames.com

www.defenceindustryreports.com | 3

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

Military communication is a 24/7 process, where the sender and receiver (or list of recipients) often do not know each other.

based on the importance of the information being transferred and the speed with which the information needs to be actioned. Further descriptors are added providing details about the sender and the recipients. The system will then: • Prioritise delivery based on importance •M onitor response to high priority messages to ensure that they are dealt with promptly or redirect that message to the recipient’s alternate (known as Flash messaging) •S atisfy itself that the sender is allowed to send messages of that importance and that the recipient is also cleared to receive such information •C heck that the delivery mechanism has been accredited to the level of the data included in the message. This may often require encrypted networks to ensure that no outside party can read the message •D ecide if the data needs to be encrypted both in transit and whilst in the message store •E nsure, normally by using digital signatures, that the recipient can be certain that the message has not been tampered with in transit and the sender can be sure that the recipient has received and read the message and cannot claim that they did not (termed Non-repudiation) •A dapt the message to be communicated over the recipient’s system, for example a radio network or low bandwidth environment All of this system activity must take place without user intervention; it must be a true ‘Fire and Forget’ environment. As mentioned earlier, messages are usually addressed to a particular role rather than to a person, partly because, in a 24 hour operation, a role is carried out by more than one person, but also because, in an intelligence environment, the identity of the sender and recipient may be secret. The receiver must be comfortable that they can trust the information, even though they do not know how or in which operational environment the intelligence was gathered. As the sender and the receiver are disconnected, the system interrogates the message and decides which roles in the receiving organisation should receive that information. This is referred to as Profiling.

Systems Evolution Given this background, many countries historically chose to build bespoke solutions based on the traditional standards, but then quickly realised that the cost of maintaining and upgrading oneoff solutions was prohibitive. In comparison, as commercial offerings (such as Microsoft Outlook) gained market share, their costs reduced and the functionality they provided expanded. Messaging 4 | www.defenceindustryreports.com

systems became specialised with dedicated communications centres and little integration with day-to-day business. Interoperability between bespoke solutions both inside an organisation and to other militaries or government departments required significant investment to convert data from one stove-pipe communications mechanism to another. The US Department of Defence led the way in adopting Commercial Off-The -Shelf (COTS) messaging platforms, selecting Microsoft in preference to Lotus Notes as Microsoft Exchange servers provided the baseline X400 interoperability required for carrying military message traffic. Microsoft engaged Boldon James to develop appropriate plug-ins to give the user experience that soldiers needed. By 2004, military users could have a COTS solution that gave them the ability to carry out their normal business activities and send and receive military messages from the same desktop client Standards setters have responded: NATO STANAG 4406, Annex F and the UK Defence standards (JSP457) require MMHS solutions to provide a graduated range of secure messaging sophistication, low to high, and in recent initiatives accreditors have allowed different grades of service on a common framework, assisting interoperability and helping to reduce costs. There is still the need to communicate in an agreed protocol (and that remains X400) but this requirement has been moved to the boundary of organisations and is carried out by Gateway devices that operate at the industrial speed required. Inside the organisation, users are really “just using Outlook”. The benefits of this change are that: •T otal Cost of Ownership (TCO) is minimised and reliability and robustness not available in bespoke solutions is achieved. Commonlyavailable applications such as Microsoft Outlook and Exchange server provide a rich vein of readily-available user and administrator knowledge and these systems can then be customised (with value-added 3rd party components) with minimal training for users and administrators. With defence programmes spanning 5-10 years, upgrade

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

Secure Information Exchange

paths and solution ‘future proofing’ become far simpler, helping realise significant savings over a project’s lifespan • I ntegration with other desirable technologies such as Digital Rights Management, Electronic Document and Records Management Systems and Document Management Systems such as SharePoint can be more easily achieved •W hen all users operate in a single environment, with device controls that ensure that secret information is not shared with lower grade staff, the whole organisation can benefit from the enhanced management control achieved from labelling data.

As the user goes about their day-today business, archiving and data loss prevention tools can be configured to apply automatically the approved business rules. As a result, the organisation produces far less unstructured data. One by-product of this move to COTS is that commercial and other government organisations have started to realise that adopting protective marking as part of their Data Management capability has reduced their costs and reduced their risk of Data Loss. The same plug-ins that help the military achieve their objectives are configured to help large commercial organisations apply their business processes.

Future Direction Global austerity measures imposed in NATO countries mean IT systems are likely to have to do more for less for the foreseeable future. Part of the solution is sharing infrastructure and IT resources between organisations and departments whilst maintaining data security. Networks Stove-pipe military networks will be subsumed into a Network of Networks. Examples are already materialising in the UK such as U.K. Public Services Network (PSN – http://www.cabinetoffice.gov.uk/content/public-services-network). Network Protocols MMHS systems will fully adopt the SMTP protocol plus extensions described in RFC6477: ‘Registration of Military Message Handling System (MMHS) Header Fields for Use in Internet Mail’, resulting in a COTS SMTP based messaging backbone (readily supported by COTS email servers e.g. Microsoft Exchange Server). Instant Messaging and chat systems will be utilised within an MMHS context. However, whilst technologies will evolve, security requirements will not; mobility requirements and features will also create additional challenges. Authentication and Access Control Authentication and authorisation systems will support user access from any terminal, anywhere, on an approved network, possibly the Internet. Depending on level of assurance authentication,

EMAIL LABELLING Modular architecture High, Medium & Basic Grade Messaging Supports the latest Microsoft platforms Integrates with EDRMS systems Supports conformance to formal 'High Grade' military messaging standards

www.boldonjames.com www.defenceindustryreports.com | 5

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

The receiver must be comfortable that they can trust the information, even though they do not know how or in which operational environment the intelligence was gathered.

Attribute based Access Controls (ABAC) will determine what a warfighter can see based on credentials, location and access device. From a low side, network with a simple username/password combination will provide one view on the MMHS. A smartcard, from a coalition network will provide an enhanced view. Biometric devices may be used. Consolidated Systems Warfighters will have a single “dashboard” representing Command and Control (C2) systems, MMHS inboxes, EDRM systems, Instant Messaging chatrooms and conversations, all geo-location aware. It will be possible to search across all systems and they will ‘know’ about each other. For example, a Medical Evacuation request received via the messaging system will automatically update the Common Operational Picture with the location. An Emergency Responder not at their desk will receive an alert on their mobile devices. Such an approach is described in the Gartner Report – “The Emergence of Fourth Generation Collaboration Services” (http://www.gartnerinfo.com/pcc8lg/).

Summary As noted in a recent Armed Forces Communications and Electronics Association (AFCEA) article (see http://www.afcea.org/content/?q=node/10191), the emerging ‘digital natives’ are expecting to use mobile devices with all communication using “Everything over IP (EoIP)”. Stove-pipe MMHS systems will continue for some time and non-government organisations and other government departments are likely to have no alternative communication capabilities available to them. These constraints are breaking down and MMHS are becoming far more integrated with, and based on, COTS pan-government messaging systems. These systems will provide all the inherent commercial and functional benefits thereof, and thus open the door to much closer integration with the C4ISTAR systems.

Contact: Boldon James 1 Westmere Court Westmere Drive Crewe Business Park Crewe, Cheshire CW1 6ZE United Kingdom Tel: +44 (0) 1270 507800 Fax: +44 (0) 1270 507801 http://www.boldonjames.com/

6 | www.defenceindustryreports.com

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

The Fast Evolving Field of Secure Military Information

Secure Information Exchange

Mary Dub, Editor

“Threats in cyberspace are anything but static, and a useful defensive strategy or capability existing one moment may be ineffective mere seconds later, and improved relationships and technical capabilities allow us to better understand the dynamic cyber environment. Gaining this awareness and then acting quickly and effectively requires improving the complex interagency and international relationships; we must constantly evaluate relationships and operational constructs to address constantly evolving threats”. General C. Robert Kehler, USAF, Commander, U.S. Strategic Command1

he cyber threat to 21st century secure information is dynamic and fast changing as the quote from General Kehler illustrates. And there are other threats on the web. Opposing forces use commercially available Internet services and protocols to further their own interests. Extremists can and do use chat rooms, dedicated servers and websites. They use social networking tools as propaganda machines or as a means of recruitment and organization. And of course, the Internet is used for significant fund-raising through cybercrime. These websites and other Internet services are run by international terrorist groups, transnational cybercrime organizations, or individual extremists.2

The Security Legacy of 9/11 These cyber threats are taking place in the context of significant changes in thinking about information security engendered by the 9/11 Commission. The review of evidence and weaknesses in the American security establishment advocated the replacing of the “need-to-know” information culture with a “need-to-share” culture. In order to transition to an intelligence information environment that emphasized the “need-to-share,” development of new procedures had to be matched with the development of a technical infrastructure that enabled actual information sharing.3 The commission took the concept further and pressured the President to take measures to improve information security handling. “The president should lead the government-wide effort to bring the major national security institutions into the information revolution. He should coordinate

the resolution of the legal, policy, and technical issues across agencies to create a ‘trusted information network.’”

The Problem Impeding Good Intelligence Analysis The purpose of secure information exchange was effective war fighting and critically, good intelligence analysis to defeat potential threats. So the 9/11 Commission highlighted what it considered to be significant impediments to comprehensive intelligence analysis: the “‘needto-know’ culture of information protection,” rather than the need to share. What the commission highlighted was an organizational culture, prevalent across agencies, that supports disincentives to information sharing. As the report stated: “There are no punishments for not sharing information.” Finally, the report highlighted that the emphasis on security had led to the “over classification and excessive compartmentalization of information among agencies.”

Seven Years Later Significant Progress Has Been Achieved “This is not the same J-64 that existed before,” said Maj. Gen. Mark S. Bowman, USA, director

LABELLING FOR OUTLOOK WEB APP Enforce information assurance policies Raise user awareness of security policies Enhance data loss prevention (DLP) measures Prevent internal and external data leakage High level of browser compatibility

www.boldonjames.com

www.defenceindustryreports.com | 7

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

The review of evidence and weaknesses in the American security establishment advocated the replacing of the “need-to-know” information culture with a “need-to-share” culture.

of command, control, communications and computers (C4), J-6, and chief information officer (CIO), the Joint Staff. “It is very different.”5 What has changed? Interoperability is the general’s top priority, both across the services and among coalition partners. At the heart of this effort is the Joint Information Enterprise (JIE) program, which General Bowman says is making significant strides. “It’s not something that’s nice to have; it’s something we must have,” he declared. “We have to have interoperability baked in from the beginning in what we do.” How is this going to happen? The enterprise effort will see an increased emphasis on commercial off-the-shelf (COTS) equipment “that is interoperable from the get-go,” Gen. Bowman declared. “We have to be willing to accept 80 percent solutions today, implement them today, and then gradually evolve them over time, and we will end up with capabilities that we never dreamed of in the past.”

A Shift in Thinking About Encryption General Bowman agrees that different degrees of encryption may provide the best security for the fully interoperable coalition network. He points out that significant moves have been made to establish network security where not everything is given Type 1 encryption. For example, the general said commercial encryption may be good enough for perishable data. “If I get a call for fire or a

8 | www.defenceindustryreports.com

troops-in-contact report, why would commercial encryption not be good enough there?” he asks. “It’s all perishable data. If the bad guy is able to decrypt it in two weeks and figure out what the request was, that mission is long over [by then]. Whereas, the true benefit of commercial encryption is that we can give a radio to one of our coalition partners going out on a mission ... and we can coordinate intelligence as we go through an operation with a coalition partner. If we receive intelligence that changes the situation on a battlefield, we can get that information to partners so that they can change the way they are going to approach their particular operation.”

Losing Interoperability Through Leading From Too Far Ahead An important issue with coalition interoperability is for the United States not to modernise and therefore exclude coalition allies with less up-to-date equipment and smaller modernisation budgets. General Bowman’s approach is to include the interoperability idea from the beginning: standard setting must be done carefully, the general warns. “If we decide a standard, and coalition partners procure equipment [accordingly] to be interoperable, and then we decide to change the standard tomorrow, that causes us not to be interoperable and [a partner country] to have to play catchup with a much smaller budget and a much longer reaction time.”

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

Dynamic Information Security Don McBarnet, Staff Writer

“The current situation, where DOD computers receive some 6 million threatening probes each day, is like a missile being fired into U.S. airspace with no radars to see it. Today, we are in the forensics mode. When an attack occurs, we are told about it after the fact.” Army Gen. Keith B. Alexander, Director, National Security Agency (DIRNSA),

Secure Information Exchange

Chief, Central Security Service (CHCSS) and Commander, United States Cyber Command (December 2012)6

ATO standard agreements, STANAGs, have been developed to confront the daily need to maintain security against a vigorous cyber attack, yet ensure interoperability with coalition partners. They are regularly updated. STANAG 4406 is the NATO Standard for formal military messaging, replacing the older ACP 127 specification. Used for both Strategic and Tactical messaging, STANAG 4406 has a number of special protocols to support tactical messaging, in particular to support very low bandwidth links such as HF radio (STANAG 4406 Annex E) and to support receivers in Emission Control (EMCON) mode who can receive but not send data7. Some of the leading providers of STANAG 4406 compliant equipment and software partner to produce both secure, but interoperable COTS-based equipment for maximum interoperability and security and ease of application across coalition partners. For example, Isode recommends the SAFEmail.mil MM-UA product from its partner Boldon James, which is based on Microsoft Outlook. This product includes an X.400 P7 plug-in for Outlook, which enables it to connect directly to M-Store X.400, and function according to the STANAG 4406 architecture. The Boldon James Outlook client solution also includes Enterprise Address Book, which enables secure client access over LDAP to data Isode’s ACP 133 directory.

Software for Interoperability The market for software and systems to ensure interoperability and security across recent installed, but not current systems is robust. National variants on the ACP (Allied Communications Publication) 123 and STANAG 4406 specifications have led to a situation where interoperability between national MMHS

(Military Message Handling Systems) systems is not guaranteed. ACP 145 has been defined in order to overcome this problem, and is a complete protocol definition for international inter-working. The ACP 145 specification has led to a requirement for “ACP 145 gateways”, which convert between the national variants of MMHS and ACP 145. M-Switch can be deployed as an ACP 145 Gateway, including support for Security Labels and Message Digital Signatures. Isode’s ACP 145 solution can also be deployed in conjunction with MIXER, to enable a national network using SMTP and S/MIME to be connected using ACP 145.

Incorporating Fourth Generation Collaborative Working into Network Centric Warfare The military adoption of fourth generation onlinenetworked collaborative working is a natural communication environment for today’s younger soldiers, though perhaps not for the senior officer corps. What does this mean for network centric warfare? Using over simplistic language, everything is connected to enable all players to communicate and share information. A wide mix of technologies and components is involved. High-speed data links are utilized where possible. Many applications are used, from core traditional components such as formal messaging and situational awareness, to new applications such as Video Teleconferencing, Voice over IP, Instant Messaging and Presence. Most significant is the move to IP (Internet Protocol), which is used everywhere. IP is the single network technology to be used throughout.

Secure Collaborative Working A strong example of secure collaborative working is the use of multi user chat rooms (MUC) and federated multi user (FMUC) rooms. These allow

SHAREPOINT LABELLING Classify any type of ﬁle or document Raise user awareness of security responsibilities Enforce information assurance policies Improve data loss prevention (DLP) measures

www.boldonjames.com

www.defenceindustryreports.com | 9

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

With ordinary email there is a very low level of assurance that a message has been received whereas in military messaging that level of assurance is much higher and often needs to be guaranteed.

instant messaging between platforms in theatre where other modes of information exchange are slow or outdated. The core FMUC works in a completely symmetrical and distributed manner, which is highly efficient and supports operation over network breaks. One consequence of this is that MUC users in different locations may see messages arrive in a different order. Where FMUC is deployed over fast reliable networks, it can be operated in a “Single Master” mode, where one FMUC node is treated as the master. All messages must flow to the master and then back to the other nodes. This mode increases traffic and prevents disconnected operation. However, the single master enables message ordering such that all clients will see messages in the same order. This mode of operation may be preferable for some deployments over fast networks.8

Military Messaging: A Special Case Military messaging has many parallels to civilian operations, but the safeguards required are of a higher order and therefore more formal. The New Zealand procurement of a new system

10 | www.defenceindustryreports.com

makes the point. Defence forces use Military Message Handling Systems for a number of reasons. Military Messaging is a more formal communications process than email and with it comes a higher service element. For example, with ordinary email there is a very low level of assurance that a message has been received whereas in military messaging that level of assurance is much higher and often needs to be guaranteed. Military Message Handling Systems are used for correspondence between allied countries, in both operational (deployed) and non-operational environments. Squadron Leader Paul Drysdale, Project Manager for the Military Messaging System said, “The solution which Fujitsu presented was exactly what we were looking for. Fujitsu re-located personnel from the UK, who had worked on the UK Ministry of Defence project, to architect the system and train staff locally.”9 As Major Paul Foster (UK) makes clear in his codification of ACP123 (B) a formal military message is a message sent on behalf of an organization, in the name of that organization, that establishes a formal commitment on the part of that organization, and that has been formally released in accordance with the policies of the originating nation. This has a number of additional consequences where there are requirements for Non-receipt Notification Request Indication. This MM (Military Message) element of service allows the originator to ask, on a per-recipient basis, for notification if the message is deemed unreceivable. It is also necessary to convey the level of military precedence of a message. For example, commonly used categories are deferred (0) routine (1) priority (2) immediate (3) flash and (4) override (5).

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

How Secure is Secure? The Role of Encryption Mary Dub, Editor

he concept of security is both nebulous and relative. The balance between security and access has to be negotiated. As the 9/11 Commission pointed, out there are costs in terms of access and analysis of intelligence to excessive inappropriate security and, as Gen Bowman10 points out, there is value in the battlefield, to using simple commercial encryption methods for time-restricted data that only needs limited encryption. The military has its own standard ISO/IEC 27001. This standard requires that organisations systematically examine their information security risks, taking account of the threats, vulnerabilities, and impacts. It also designs and implements a coherent and comprehensive suite of information security controls and other forms of risk treatment (such as risk avoidance or risk transfer) to address those risks that are deemed unacceptable.

where information is cleared for several countries (indicated in the label) and a user needs to be cleared for at least one of these. Finally, there is the informative category. The information in the label is made available to the user, but is not checked against clearance. Of course the security policy defines how security labels are matched against security clearance. Security policy is defined by two standards. These standards are: X.841.”Security techniques – Security information objects for access control”, published by the ITU (International Telecommunications Union). There is also SDN.801. “Access control concept and mechanisms”, published by the US National Security Agency. These two standards have broadly similar capabilities, but are not compatible. The benefit of using a standardized SPIF (Security Policy Information File) is that it enables Security Policy information to be shared between implementations from different vendors.

Security Labeling

Private and Public Keys

Writing as a generalist in a complex and classified area, some of the information used in this article may be simplified or reflective of the recent past. Many encryption systems employ a process of access control using security labels and security clearance. How does this work? The basic mechanism of security labels is familiar. Documents are labeled with a classification, such as “Confidential”, “Secret”, or “Top Secret”. This security label will be clearly visible on the document. People are given a clearance, using the same scheme. For example, someone may be cleared to “Secret” level, meaning that they can read documents “Secret”, but not a document labeled “Top Secret”. Security labels on documents are just one aspect of the model, as a security label can apply to any information. In discussions, generic information such as the role of a person can be labeled as “Secret”. Security labeling is a practical scheme. There are three types of labeling: restrictive, where the user must have clearance for all values of the category set in the label. This is useful to apply a number of additional controls. Secondly, there is permissive, where the user must have a clearance for one of the categories set in the label. This could be used

As a generalist writer working in the field of encryption, it would be a mistake to talk in specific terms about how encryption works. But I can note a technique called “asymmetric cryptography”. The central components of asymmetric cryptography are public and private keys. The key pair system comprises a ‘public key’ and a ‘private key’, which are both very large numbers. The key pair is generated using special techniques from two very large randomly generated prime numbers. There can be a high level of confidence that every key pair is unique. A private key can be used by the owner to create digital signatures that are unique to the owner of the private key. A private key can also be used (typically employing a complex mechanism) to decrypt documents, and it can be guaranteed that only the holder of the private key can decrypt the document. The public key can be published and shared widely. There is no requirement to keep it secret. This is the unique and useful property of asymmetric cryptography. A public key is used to verify the digital signature created by the associated private key. A public key can also be used by anyone to encrypt a document, such that only the holder of the private key can

Secure Information Exchange

STANAG 4406 COMPLIANT MESSAGING Role Based Fire & Forget: Assured email delivery Proven in military environments worldwide Extends to low bandwidth SMTP and /or X400

www.boldonjames.com

www.defenceindustryreports.com | 11

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

Secure Information Exchange

decrypt it. Underpinning the whole debate about encryption and security and related also to the private and public key debate is the looming issue of trust. Trust is integral to any type of joint and coalition warfare, but under stress is often marked by its absence. Trust between established allies for example, the English speaking nations of Canada, the United States, the United Kingdom, Australia and New Zealand is frequently more pronounced and practiced than among the newer NATO members who may bring language difficulties and Soviet legacy equipment into the trust and encryption balance.

The British Codification of ACP 123 (B) Major Paul Foster in his descriptive codification of ACP 123(B) makes the system clearer. He describes how the system works: “This Military Message element of service allows the originator to indicate to the recipient that a particular body part of the message being sent has been encrypted…Bilateral agreements concerning the algorithm used for encryption and decryption must be agreed upon by the originator and recipient(s) before this service is used. Support for originating the encrypted indication shall be optional. However, if the indication is present, it shall be displayed to the recipient.”

The Need for ‘CLEAR’ When Speed Overrides Security

Command Email The Modern MMHS COTS Products Modern Standards Modularity Interoperability

The value “CLEAR” in the privacy-mark field of a MM (Military Message), in conjunction with an appropriate military value in the securitypolicy-identifier field, is used to represent the clear service. The clear service is defined to be messages of any classification except TOP SECRET. This is of value in tactical operations, where the speed of delivery is so essential that time cannot be spared for encryption and the transmitted information cannot be acted upon by the enemy in time to influence current operations. In such cases, transmission ‘in the clear’ must be authorized separately for each message.

www.boldonjames.com 12 | www.defenceindustryreports.com

A public key is used to verify the digital signature created by the associated private key. A public key can also be used by anyone to encrypt a document, such that only the holder of the private key can decrypt it.

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

A Secure Future? Don McBarnet, Staff Writer

Secure Information Exchange

ooking over the horizon in the field of military software is hazardous. It would be a mistake to underestimate the dynamism and level of complexity involved in constantly updating software to meet the latest challenges of 21st century network security. Coalition military messaging security is subject to rapid change in the face of alterations in theatre or the nature of operations. An operation offering humanitarian assistance requires speed and access to good communications where there may be lack of access to the Internet, but where High Frequency radio is available. Conversely operations in Afghanistan or south Asia may require no emissions of messages, but the intelligence information may need to be secure. Software in an age of austerity has to be bought and used in an environment where cost effectiveness is a key priority and well tested commercial systems are preferred, rather than bespoke systems with long lead times and high potential acquisition costs and fail rates. The ubiquitous Microsoft Windows system, for example, which is the standard in much business life, has also become the standard in military communications, because it reduces training time for soldiers and offers easy access to all coalition partners with useful additional bespoke features added by specialist military security partnerships.

The Partnership Route to Synergy For example, in late December 2012, Boldon James and Egress Software Technologies announced a strategic partnership to address the problem of how to ease access to classified information and provide the relevant level of security to data when exchanged with third parties. Neither the classification nor data encryption concepts were new. However the challenge was to sidestep the issues of interoperability and ease the process of use. How might this work? The new classifier ensures users think about the value of information they manage by requesting that users classify data at the point of creation or send and the classifier adds metadata to documents and/or emails that are created within the organisation. Once data has been classified it is much easier for an organisation to understand the levels of security required when sharing it with third parties.

The Ministry of Defence in the UK Goes for Additional Security The Ministry of Defence in the UK has 300,000 users using over 500 separate software applications. It has recently extended its licence to Boldon Jamesâ&#x20AC;&#x2122; SAFE mail for secure information exchange solutions that have been in use over 10 years by the British MoD. The MoD has now extended this capability to cover the

www.boldonjames.com

www.defenceindustryreports.com | 13

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

The speed of

whole of the secure network developed for them by the ATLAS Consortium as part of the Defence Information Infrastructure (DII).

generational change in

The Report by the British Comptroller and Auditor General

the commercial world is punishing and it is now an acknowledged truism that insurgents are using cheaply available systems and high quality innovative software and skills rather than the

While secure information is being provided in one part of the British MoD, more rigid thinking about the role of new software and fourth generation collaborative systems is still a hallmark of thinking in various Whitehall ‘silos’. The House of Commons Comptroller and Auditor General Report on “Information and Communications Technology in government”11 illustrates how many leading thinkers in the British Whitehall do not yet understand the dynamic and fast changing nature of the use of the internet and fourth generation collaborative applications. “The ICT profession across both private and public sectors is immature in comparison to traditional professions such as medicine, law or accountancy. There is no core set of recognised qualifications and a very wide variety of entry points into the profession. This has made it harder for those in the senior civil service without ICT experience to understand the full value that the profession can deliver. The Cabinet Office has faced difficulties in professionalising ICT. The introduction of the Skills Framework for the Information Age has been a helpful step forward, but there has been no clear mandate to implement it. Progress has therefore been slow. The lack of management information on the real status, capability and capacity of the government ICT workforce has not helped to develop the case for change.” The pointed phrasing and the distrust and misunderstanding about the nature and use of collaborative Internet applications are glaring.

more complex systems.

14 | www.defenceindustryreports.com

Similarly, the generation gap between socalled ‘digital natives’ or Generation Y and the non-digital natives who have thought leadership positions in Whitehall is paralyzing. As the report so aptly puts it:”The right balance between wider strategic and business skills, and specialist commercial skills or purely technological knowledge, may not have been achieved. This has affected government’s performance as an intelligent customer of complex ICT systems.”

The Operation of Moore’s Law and the Speed of the Commercial Marketplace For any military procurer of ICT systems or software, it is imperative to keep one eye firmly on the commercial market, with the other on the wallet. The speed of generational change in the commercial world is punishing and it is now an acknowledged truism that insurgents are using cheaply available systems and high quality innovative software and skills rather than the more complex systems. As a recent Gartner report on Fourth Generation computing highlights12 the characteristics of Gen4 services include the mixing of consumer and business collaboration services; the ability to combine premises-based and cloud-based resources; an emphasis on real-time collaboration; the use of social network analysis tools; inherent mobility services; a mixing of personal and business activities; an emphasis on open integration; intra enterprise collaboration; and data portability. This is quite an intimidating list for a non digital native, but for people for whom life is lived on the move with their smart phone, this kind of capability can only enhance the concept inherent in network centric warfare in a radically faster and more immediate way.

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

References: Witnesses at the Senate Armed Services Committee

http://www.iwar.org.uk/cgi-bin/dada/mail.cgi/archive/infocon/20120327214328/Mon Dec 31 18:29:46 2012 CRS Report for Congress Received through the CRS Web ‘Information Sharing for Homeland Security: A Brief Overview Updated January 10, 2005’ Harold C. Relyea Specialist in American National Government and Finance Division, Jeffrey W. Seifert Analyst in Information Science and Technology Policy Resources, Science, and Industry Division

CRS Report for Congress Received through the CRS Web Information Sharing for Homeland Security: A Brief Overview Updated January 10, 2005 Harold C. Relyea Specialist in American National Government and Finance Division Jeffrey W. Seifert Analyst in Information Science and Technology Policy Resources, Science, and Industry Division

J-6 is the Directorate for Command, Control, Communications and Computer Systems

http://www.afcea.org/content/?q=node/10191 Not Your  Father’s J-6 October 1, 2012 by Robert K. Ackerman

Witness before the Senate Armed Services Committee

http://www.iwar.org.uk/cgi-bin/dada/mail.cgi/archive/infocon/20120327214328/

Mon Dec 31 18:29:46 2012

ISODE website

Fujitsu New Zealand http://www.fujitsu.com/nz/interaction/archives/2006/200605-03.html

MAJOR GENERAL MARK S. BOWMAN, USA, DIRECTOR, COMMAND, CONTROL, COMMUNICATIONS AND COMPUTERS, JOINT STAFF, J6

Report by the Comptroller and Auditor General HC 757 Session 2010–2011

17 February 2011 Information and Communications Technology in government (http://www.gartnerinfo.com/pcc8lg/). The Emergence of Fourth-Generation Collaboration Services inby Matthew W. Cain

www.defenceindustryreports.com | 15

SPECIAL REPORT: MILITARY MESSAGING AND SECURE INFORMATION EXCHANGE SOFTWARE

Defence Industry Reports… the Defence Industry Reports….the leading specialist combined leading specialist online research andcombined networking online research and networking resource for senior military and resource for senior military and defence industry professionals. defence industry professionals.

•

•p toUpthe U minute Industry News other content available to the minute Industryand and Technology Technology News andand other content available to to allallsite users on a free of charge, open access basis. site users on a free of charge, open access basis.

•

•ualified Q signed upupmembers abletoto access premium content Qualified signed members are are able access premium content SpecialSpecial Reports andand interact with usinga variety a variety of advanced Reports interact withtheir their peers peers using of advanced onlineonline networking tools. networking tools.

•

Designed to help usersidentify identify new solutions, understand the the •esigned D to help users newtechnical technical solutions, understand implications of differenttechnical technical choices select the the bestbest solutions implications of different choicesand and select solutions available. available.

•

Thought Leadership Advice and from internationally recognised •hought T Leadership – -Advice andguidance guidance from internationally recognised defence industry key opinion leaders. leaders defence industry key opinion

•

Input - Contributions from senior military personnel and defence industry •eerPeer P Input – Contributions from senior military personnel and defence professionals industry professionals.

•

I ndependent Editorial Content – Expert and authoritative analysis from winning journalists and leading industry commentators award winning journalists and leading industry commentators.

•

Unbiased Supplier Provided Content.

•

Designed debate. • Writtento tofacilitate the highest professional standards

•

Written to the highest professional standards.

•

Independent Editorial Content - Expert and authoritative analysis from award

•

Unbiased Supplier Provided Content

•

Designed to facilitate debate

Visit: www.defenceindustryreports.com

16 | www.defenceindustryreports.com