United States – nato information Sharing (unis) Technical Exchange Meeting (tem) 6 1-3 December 2009 Introduction Site

Download 117.9 Kb.

Page	2/3
Date	07.05.2017
Size	117.9 Kb.
	#17527

1 2 3

1.2 Comments and Discussion:

A main challenge with communication architectures is the need to feed all information to one level, but to control its flow downward. There is no current solution to this problem.
We need to agree on a roadmap on the subject of protected core networking.

1.3 Collaboration Opportunities and/or Action Items:

NC3A (CAT 9) will contact Dr Reilly for further exchange of information.
Specific areas of possible collaboration include:
- QoS for Applications
- Assured Service for IP
The Interoperability package for nations (architecture, roadmap, interfaces, service catalogue, QoS, SMC) that NATO is working on needs to be coordinated with U.S. material.

2. DTCS

Presenter: Mr. Igor Marchosky, NSWCDL

2.1 Topics Covered:

Distributed Tactical Communications System (DTCS) is a communications program wrapped around a commercial service from Iridium, which has communications devices in use in Afghanistan. This is a change from a telephony-based to a packet-based network system, completed over a 3 month trial. This is a push-to-talk system scalable up to 250 nets and has commercial AES-256 encryption.
Some of the new features of DTCS include:
- Report Physical Location (PLI) – additional application on new handset - does not require ground infrastructure;
- Sensor data dissemination
- Very simple radio, delivered March 09, using Lithium CR123 battery.
- 5 nets available on radio: primary channel to talk + capability to monitor all other channels;
The DTCS goal is to reduce combat load, improve usability and to integrate sensors.
Future radios will incorporate data management models so that the correct level of loading can be put into place for a predetermined service.

2.2 Collaboration Opportunities and Action Items:

U.S. invited NC3A to do a controlled evaluation of the new capability in 2010;
- Do an assessment in a different environment (e.g. no evaluation has been done above 45 degrees Latitude);
- No cost for experiments & evaluation;
- 30 to 40 handsets do the evaluation;
- timeframe for evaluation: 1H2010
To perform evaluation, NC3A would require
- proper access for training to the people that will operate the handsets (8h of training on handset)
- guidance one use of data collection

3. U.S. NATO Information Assurance Discussion

Presenter: Col. Sean Broderick, NII

3.1 Topics Covered:

The goal of the ASD (NII) International IA Program (IIAP) is to protect U.S. networks by engaging with all partners. The US cannot be protected effectively if it does not learn from NATO. The IIAP has an information sharing agreement with NATO.
Policy is evolving on both the US and NATO sides and there is still interest in collaborative development of capabilities. USEUCOM acts as the liaison between OSD and partners, and contacting USEUCOM is the correct communication path for these issues.
Military MOUs already exist between the U.S. and NATO on the subject of IA including, for example, Watchcenter-to-watchcenter operations.
- Coalition Information Assurance Teams (CIAT) could be revitalized to allow for sharing of best practices?

3.2 Comments and Discussion:

TRUST is key in Information Assurance and Security. Trust is built by maintaining direct and regular contact with your counterparts.
One of the first steps completed to build trust was to set up a mailguard.
The operational community has been sharing information for a long time. If there are two domains touching, it is wise to watch the traffic between the two. This is only a paradigm shift for communicators; this has long existed for the operators.
There are a number of coalition networks all working at the same level, but there is not much coordination between those networks.
- It is difficult to share tactical IA information because of classification and releaseability issues.
The US is beginning to work on development of PKI bridges to complete handshakes between PKI authorities, as users are continuously receiving multiple PKI accounts. There is a desire to bridge PKI implementations with partners, but there is additional coordination needed.
While MOUs and MOAs exist, it is often difficult in executing the agreements because not all necessary organizations exist and not all nations have the same focus of level of investment in IA
There is no framework for IA doctrine

Collaboration Opportunities and/or Action Items:

NC3A plans to share Col. Broderick’s briefing with its Information Assurance team (CAT 8) to explore potential synergie
- NII is the U.S. entry point for international IA for NATO (and others)
GTRI has invited NC3A to participate in the next Military Open Source Software (Mil-OSS) working group to explore mutual cyber defense collaboration
NATO has invited GTRI to get involved in the NATO Research and Technology Organization IST-091 Panel on Information Assurance and Cyber Defense

4. Identity Management

Presenters: Dr. Sven Kuehne, NC3A; Ms. Jackie Huff, Ms. Trish Janssen, DISA

4.1 Topics Covered:

Identity Management (IdM) is ambiguous. It can include a number of ideas, including identity employment and identity assurance. The value in having a PKI certificate is the vetting behind the issuance of the certificate.
U.S. is moving from access control lists to a more dynamic (policy based) access control.
- Imperative that applications must evolve to this new concept. This is a lot of work, and we have so many Commercial Off The Shelf (COTS) products – how can we influence COTS vendors to buy in to providing this new paradigm of access control?
NATO is interested in learning how IdM is handled in different organizations and the possibilities for other Nations sharing with NATO.
NATO has two different dimensions: it is an enterprise, but it is also an alliance
NATO is currently working on defining an IdM Framework and a set of use cases. NC3A will start an IdM test campaign centered on these use cases in 2010. Initially, the certificate authorities will manually talk to each other.
The U.S. is moving towards a self-service model, where users use different mechanisms for access. Basic access will be given without a Common Access Card (CAC), but as users delve deeper, they will need to have a CAC.

4.2 Comments and Discussion:

NATO is going to have to consider data level and access checking based on the number of users that will have access to NATO systems.

4.3 Collaboration Opportunities and/or Action Items:

The US completed cross enclave access control experimentation at Empire Challenge. It may be possible for NATO to build on this scenario.
NATO would like to complete experimentation with other nations regarding IdM. The NC3A CES/NNEC testbed provides an infrastructure for complex IdM validation to be performed with Alliance partners. Currently this can only occur over the internet, but NATO is willing to work with partners to accommodate classification needs.
- NATO issued an invitation to the U.S. to join NC3A test campaign for Federated Identity Management using CES/NNEC Testbed
NC3A (Kuehne) will distribute IdM use cases to interested parties.
The US has stood up an Authorization and Attribute Tiger team (AATT), while NATO has an Identity Management Ad-hoc workshop, which should coordinate together.
NC3A has a good working relationship with Microsoft; the concept of providing products that fit into a more dynamic access control model should be raised at the next NATO-Microsoft Executive Briefing Conference in 2010.

5. IEGs and CDS: Migration path for IEG and ICN work

Presenters: Ms. Sherry Burs-Howard, MITRE supporting DISA; Dr. Leon Schenkels, NC3A

5.1 Topics Covered:

The Information Exchange Gateway (IEG) manages and secures information services in between NATO and external organizations (supports multiple interoperability scenarios)
DISA has the challenge of taking the U.S. IEG device and reliably scaling the device to function in an enterprise environment. During FY10, the IEG capabilities will scale to include email, images, and Office files. There are currently pilots that include delivery protocols and SMTP, as well as numerous types of flow.
In 2010 there will be more than 120 servers encompassing more than 12 systems, with the number still growing.
- DISA is planning a DECC in Europe, this could be opportunity to use as an IEG host with NATO.
To get started with the U.S. IEG, contact the DISA Cross Domain and your Cross-Domain Solution Office.
There are two NATO IEG approaches: A&B.
- IEG Scenario A (NS <--> NS (enclave)) is going through National site surveys and will have final acceptance test in 4Q10.
- IEG Scenario B (NS <--> NATO Nation Secret) is currently going through validation of the technical solution.

Comments and Discussion:

DISA CDES is trying to remove headache of individually owned systems into a carrier-class situation so they can provide fewer attack points and more cost-effective solutions.
The best method for the International Community to begin to get involved with the U.S. IEGs is to start with the CDES. CDES will help once the CDO identifies what they need to do.
The NATO C2 development strategies normally focus on server and blind and they typically forget they have to do an implementation for the guards

6. Enterprise Services

Presenters: Mr. John Hale, DISA; Mr. Jim Busch, NC3A;

6.1 Topics Covered:

Net Centric Enterprise Services (NCES) are provided by the DoD’s net-centric enterprise group. NCES is a set of loosely-coupled common net-centric services on SIPRNet and NIPRNet that facilitate information sharing and interoperability within and across the warfighter, business, and intelligence mission areas.
There are 11 services included within NCES.
IOC of the first four services of NCES occurred in May 2009.
- Included Collaboration, Metadata Discovery, Content Delivery, User Access
Fielding Decision 1 will occur in December 2009
- Covers the Service Discovery service
NATO is developing specifications for its own common, loosely-coupled Core Enterprise Services (CES)
- Multiple Nations – not just the U.S. – are developing their own Core Enterprise Service specifications
- The 12 NATO CES will provide NATO with foundational SOA capability, as well as bridge with the various National implementations (including the U.S.)
- First step is the CES Framework (the “what” of CES) published by the NATO C3 Board in spring 2009, endorsed by all 28 nations (including U.S.)
- Next step is more detailed specs (the “how” of CES), currently under development
NC3A is performing cross-domain interoperability testing of CES with Nations.

6.2 Comments and Discussion:

There are many lessons learned from the NCES experience. Within the next year, there will be a better capability for getting information from the warfighter to the decision-maker.
The U.S. Enterprise Services Engineering Review Board (ESERB) develops the standards for all of the NCES. It may be possible to release these standards to NATO, as they are all available within a DoD public space.
Once FOC for NCES is reached in 2010, it will become a Category 3 program, which will give the program more flexibility. In true enterprise environment, how can he set it up so that a Dutch group to have a chat in DCO without worrying about persons from another group in the room?
The biggest struggle within NCES development is the definition of ‘E’ in enterprise. To make enterprise services work, there needs to be a culture shift within the DoD and most likely NATO.
The NNEC Service Maturity Levels are published within a document that can be made available. However, these Maturity Levels have not been tied into National and NRF assessments.

6.3 Collaboration Opportunities and/or Action Items:

NATO invited the U.S. to participate in the cross-domain interoperability experimentation on SOA services being run via NC3A’s CES/NNEC Testbed
NATO invited the U.S. – specifically the NCES program – to be a more active participant in the NATO Core Enterprise Services Working Group (CESWG)
U.S. will explore if NATO can get involved in the U.S. ESERB
U.S. will explore the release of detailed standards, specs of the NCES program to NATO
- Might there be an opportunity for NATO to leverage what the U.S. has already procured – via the NCES program – for the ISAF “service bus” project?
NATO will share lessons learned on ESB federation with the U.S.
NATO interested in learning more about the U.S. use of Akamai – does this have potential for NATO in operational scenarios where networks have limited bandwidths?

7. Enhanced Information Sharing Capability

Presenters: Col Brian Hermann, DISA; Mr. Einar Thorsen, NC3A; Mr. Bill Barlow, DoD CIO; Mr. Bill Cryan, USJFCOM; CDR Gregg Sleppy, JS

7.1 Topics Covered:

The main components of U.S. Defense Connect Online (DCO) are site access, web conferencing (using Adobe Connect Pro) and Chat (Jabber). There are 60k users on SIPR and 194k users on NIPR. Recent and near-future enhancements have included sponsored accounts, SIPR registration, a COOP solution and an upcoming upgrade to Connect 7.5
DCO challenges include identifying mission partners versus (foreign) guests and chat room protection.
It is possible to federate two DCO servers, but there needs to be work on policy and governance. Collaboration gateways will only federate with other collaboration gateways.
The desktop collaboration and room-based video teleconferencing capability will supplant the need to have dedicated hardware for video in the next five years – will migrate to Integrated Services.
The word “Enterprise” is not uniformly understood across large organizations. Military Services, COCOMs, Departments, etc. all have their definition of what they consider “The Enterprise.” Resultantly, SOAs are developed based those definitions. In order to promote interoperability between SOAs, reference architecture must be considered.
There are many collaboration opportunities within NATO, including working groups who report to subcommittees, who then report to the NATO board.
The NATO RTO promotes and conducts cooperative scientific research and exchange of technical information amongst 28 NATO nations and 38 NATO partners. Directors of research labs have a national seat on the RTO. For more information on the RTO, please see http://rto.nato.int.
Within the DoD culture, there is a huge challenge in changing to a mentality that you are to be rewarded for sharing rather than protecting. Organizational cultures and stovepipes impede process. NGOs are concerned about neutrality and co-options.
TISC enables information sharing with external mission partners via the internet in support of stability operations, humanitarian emergencies and reconstruction activities. The stakeholders of this system are USEUCOM, USSOUTHCOM, DISA, DUSD Advance Science and Concepts, OASD (NII)/IIS. There needs to be future collaboration in order to share this with NATO.
HARMONIE is Humanitarian Assistance Information Environment. This system is helping with collaboration between the DoD and a variety of partners, including non-DoD entities. There is a significant need for secure sharing, and this tool is helping to bring it. The end state of HARMONIEWeb is one enterprise solution for DoD unclassified internet-based collaboration.
An example of using HARMONIE is within Afghanistan. Pages can be configured to support bandwidth challenged users and it can connect to a mobile version of a site using a handheld device. The system is fully customizable and based off of MOSS 2007 portal. There are currently 8000 users from 200+ organizations.
APAN brings collaboration without borders. It is a non .mil site and deals with the non-classified arena. Discovered in USPACOM as the first web 2.0 tool used in this arena. Has also received other funding which has allowed its fast development
APAN is laid out as a web 2.0 type page similar to a wiki or blog. It uses a portal to ask questions and sets up groups for users. There is geospatial capability available.
The UNIS TEM co-chairs are encouraging all UNIS members to create an APAN account (community.apan.org).

7.2 Collaboration/Action Items

NC3A (Thorsen) has offered to provide attendees with contact information to the U.S. rep within the IST Panel for further collaboration efforts
NATO strongly encouraged additional U.S. participation in NATO committees
- Supported by U.S. rep to SC/1 (Sleppy) and U.S. rep to SC/5 (Alvarez)

Regarding DOD Information Sharing Implementation Plan (ISIP) Focus Area 6: Anyone interested in joining with this – would like to get some NATO participation in it (contact Barlow – his info is at the end of the slide presentation)
Group has agreed to explore APAN as a U.S. – NATO Information Sharing portal
- USDC3FO to investigate (Ms. Julia Packer)
- Note that APAN will also begin to be used as the collaboration platform for CFBLNet
For the next TEM, NATO would be interested in briefing the U.S. about the NATO Virtual Silk Highway (SILK) project as an example of scientific coordination with underprivileged area. This project is working to expand broadband Internet connectivity for higher education throughout the provinces in Afghanistan.

BREAKOUT SESSION B

(COI) Services & Applications
1. Coherent Military Messaging and ACP 145 solutions

Presenters: Dr. Leon Schenkels, NC3A; Mr. Dan White, DISA

Topics Covered:

Based on discussion during UNIS TEM 3, the U.S. and NATO began testing on the ACP 145 Messaging model. The current messaging system between the U.S. and NATO is provided by legacy message switching systems provided by the NATO AIFS and the U.S. National Gateway Centers. This testing was completed between NATO and U.S. labs over the Internet using VPN. The U.S. used the operational CommPower U.S. ACP 145 used on the U.S.-UK gateway and NATO used the ClearSwift Deep-Secure ACP 145 system.
The results of the testing found that the NATO and U.S. Gateways were successfully able to replicate and use their partner nation PKI directory. There is a need to continue working on issues such as Security labels and Address Lists between the U.S. and NATO. The Alliance Replication Hub directory concept has been explored and appears to be viable and scalable.

Comments and Discussion:

The transition from DMS is going to take many years, and there continues to be concern regarding what the replacement military messaging system will be. It is doubtful that messaging is going to close by 2012. The Joint Staff is no longer sending messages, and is trying to promote the use of web and email capabilities, however the Services and COCOMS continue to express concern regarding messaging being retired.

Collaboration Opportunities and/or Action Items:

The U.S. and NATO need to continue ACP 145 interoperability testing to include legacy messaging transition and legacy conversion gateways.

2. Tactical Data Link Interoperability

Presenters: Mr. Ferhat Yalcin, NC3A; Mr. James Eaton, DISA

2.1 Topics Covered:

Tactical Data Links (TDLs) enable critical tactical missions and are tailored to operate in combat environments. TDL standards are technical in nature, but operational in focus, and offer the potential for interoperability.
NC3A has developed for NATO a prototype solution for cross domain information exchange for TDLs called IEG – Functional Services. TDL information (Link11, Link 16, OTG and AdatP-3) can be exchanged between different classified domains; for example between NATO and a nation domain (sanitizing classified fields form the message).
NC3A has a number of TDL-in, TDL-out (TITO) based prototypes, an application that programmers can interface with which can be used by third party applications to receive the data fields of the data links and to allow applications to generate STANAG-compliant tactical data link messages from their data. The system automatically generates HTML documentation of a STANAG. Online Analyzer for Network TDLs (OANT) viewer is the tool used to verify and validate TDL output of different systems’ compliance with STANAGS. NC3A is also working on several SOA-based prototypes, including TITO Information Exchange Service (TIES), a method of accessing information available from NIRIS TITO through web services.
There are a number of U.S.-NATO trials related to TDL, including: TDL Interoperability Testing Syndicate (TDLITS), Multi-Sensor Aerospace-ground Joint ISR Interoperability Coalition (MAJIIC), Integrated Command and Control (ICC) – Theater Battle Management Control System (TBMCS) Message Text Format (MTF), and Link 16 shared early warning information exchange through Joint Range Extension Applications Protocol (JREAP) US- Overhead Non-Imaging Infrared (ONIR) system.
Within the U.S., implementation of TDL is left up to business. There are a wide variety of platforms with need to adhere to standards; however, companies are free to have independence.
Major themes for TDL in 2010 within the U.S. are: Transformation to TDES/NTDES, XML adoption, iSMART integration and continued standards development.
Several challenges exist within the NATO-US TDL community. The alignment of U.S. and NATO xTDL efforts is necessary. The issue of covering STANAG CM procedures holding back the introduction of VMF and JREAP needs to be resolved, specifically distribution constraints. The custodianship of standards remains an ongoing challenge

Comments and Discussion:

Within the U.S., the technical design of TDLs is governed by MIL-STDs; however, services, platforms and industries have significant independence regarding TDL implementation details and timing.
Implementations are the second key component of TDL interoperability.
The average life of the TDL standards development and management process within the U.S. is approximately 2 years, depending on the documentation and ICPs required.

Collaboration Opportunities and/or Action Items:

NC3A (Mr. Yalcin) has TDL software ready for demonstration. Based on prototypes and capabilities, NC3A very interested in working with the U.S.
NC3A will contact various U.S. POC – including Mr. James Eaton (DISA) and Mr. Fred Wright (GTRI) – to pursue collaboration opportunities

Download 117.9 Kb.

Share with your friends:

1 2 3