1-3 December 2009 Introduction Site: The MITRE Corporation, McLean, Virginia, USA
The MITRE Corporation
U.S. Air Force
U.S. Joint Staff
U.S. Mission to NATO
The UNIS TEM series is based on an initiative sponsored by the ASD(NII) Director for International Coordination for the U.S. (represented by the U.S. Defense C3 Field Office (USDC3FO) and by NATO (represented by the NATO C3 Agency (NC3A)).
This is the sixth TEM in the series. TEMs 1, 2, and 3 focused on the following objectives:
Enable ongoing routine dialogue between respective subject matter experts
Establish relationships for further dialogue outside the TEM construct
Identify collaborative focus areas for continued discussion
Share awareness into NATO and U.S. C4ISR initiatives
Identify accountable points of contact (POCs).
TEMs 4 and 5 were designed to focus on key subject areas for U.S.-NATO Information Sharing, with TEM 4 focused specifically on emerging ISAF requirements, while TEM 5 focused on U.S. and NATO Network Operations (NetOps) and Cyber Defense.
TEM 6 consisted of a plenary session for one day and the following two tracks spanning 1 ½ days:
Networking and Information Infrastructure (NII)
Community of Interest (COI) Services & Applications.
TEM 6 highlighted U.S. and NATO efforts, raised awareness of ongoing initiatives and stimulated discussion on pertinent technical issues, with a specific concentration on developments and exercises supporting current operations.
Presenters: Mr. Ray Haller, Senior Vice President, MITRE C3I FFRDC; Ms. Pat Gamble, Director for International Coordination ASD (NII); Mr. Einar Thorsen, Deputy Chief Technology Officer (CTO), NC3A
MITRE is pleased to be hosting the second UNIS TEM to be held at MITRE, as the topic of information sharing is at the core of the MITRE work program. The UNIS initiative remains a priority for both NC3A and ASD (NII) and the current TEM construct is an invaluable forum for addressing interoperability priorities between U.S. and NATO. All involved organizations are working towards a common goal of information sharing for U.S. and NATO operations for both combat and relief operations, focusing on the immediate support to ISAF. This initiative brings the potential for further coordination activities and interoperability testing. The U.S. and NATO can no longer operate in two independent worlds and there is a significant amount of information we must share.
Presenters: Ms. Pat Gamble, Director for International Coordination ASD(NII); Mr. Steve Pitcher, Chief, Information Sharing Branch Joint Chiefs of Staff (J65); Ms. Jada Breegle, Chief, DISA Strategy and Policy Division; Mr. Steve Ewell, USUSEUCOM Exec Director J6; LTC Duane Kristensen, System Management Division NCSA; Mr. Einar Thorsen, Deputy CTO NC3A.
ASD (NII): There is an increasing awareness of the importance of information and protecting the information and its infrastructure are issues of national importance. The DISA Campaign Plan is still under review, but will have an emphasis on sharing with Afghan national forces, as well as interagency interactions with the State Department. Federated networks with make it easier to share information, but there is a need for safeguards to protect the network, such as Identity Management. There may be restructuring of the NATO Consultation, Command and Control Board (NC3B), based off of discussion at the previous meeting.
Joint Staff: The U.S. is integrating the CENTRIXS networks to complete mission planning with our closest allies and mission execution with all participants. The U.S. has been moving towards a mission secret network since 1991. There needs to be a focus on moving towards an enterprise solution, including training on Combined Federated Battle Laboratories Network (CFBLNet). The U.S. should have a move away from joint assessment criteria and toward criteria based on how technology is employed in a mission secret environment. CCER is a multi-level security information broker with multi-level secure environment. Some members of the alliance are able to connect to U.S. networks with good authentication.
DISA: DISA has a campaign plan with priorities, tasks, and actions which should be signed soon. This includes enterprise information, command and control, and information sharing. DISA provides the infrastructure for the Department of Defense (DoD) at the enterprise level and wants to provide networks for everything over IP.
USEUCOM: We need to be interoperable to avoid accidents and misfires in the field, and we have to want to share. Non-traditional interoperability is focused across partners. USEUCOM can be an advocate for interoperability and international standards. The end state we are trying to get to is “Collect and Collaborate.” The historical focus has been on systems not sharing, and we need to create cross domain enterprise solutions rather than continue to build on different networks. CENTRIXS-ISAF is a model for the future, and although we have the technology, we need the CONOPS to develop additional capabilities of this type.
NCSA: NCSA is the NATO service provider and provides information processing services for NATO and provides static CIS operations and systems management in ten major locations. NCSA is moving towards a smarter way of doing business. NATO is planning on bringing all NATO networks together under NCSA on a standard platform. This should be completed by 2011, but not for all networks.
NC3A: The NC3A mission is to produce unbiased C4ISR capabilities for NATO, focusing on architectures (focusing on interoperability) and technical design. NC3A completes both acquisition and implementation. Strategic development pillars include an overarching standardized architecture framework, a services framework, fundamental acquisitions reform and federated networked validation and verification.
Releasability will continue to be a problem until we standardize labeling.
CENTRIXS – ISAF: Strategic Objectives; Technical Challenges; Enduring Value to the Alliance
Presenters: LTC Mark Hoyt, USCENTCOM J6; LTC David Wills, USCENTCOM J6; Mr. Jesse Scott, NC3A; LTC Duane Kristensen, NCSA
A CENTRIXS-GCTF cross domain gateway between ISAF Mission Secret (ISAF-Secret) and GCTF was set up in 2006. The United Kingdom (UK) set up its own enclave in 2007 and the concept for CENTRIXS-ISAF (CXI) was developed on the U.S. side in 2007. NATO’s ISAF-Secret is the Alliance core network.
One of the main objectives was to get a consensus in between the parties and persuade the security accreditors to accept the fact that the gateway between CXI and ISAF-Secret is “only a management boundary among networks working on the same security level. Therefore there are no firewalls in the central section of the CXI network.
The installation was divided into three phases:
Phase 0 as mitigation plan to fulfill the immediate requirement where U.S. equipment was installed on IS network (and managed by NCSA).
Phase 1 involved the physical interconnect of networks and core services.
Phase 2 is focused on the interconnection of applications and services, and may include the C2 interoperability bus. Expansion of the common mission network is a near future goal. The team is looking at tactical connection points in high traffic areas.
USCENTCOM and NATO agreed to pursue CXI Course of Action (COA) in November 2008. Baselining began in July 2009 and the networks were connected in October in 2009. The main task for the U.S. was to form separate GCTF and CXI COI. The Cross Domain Gateways were reused and pushed back to protect the two COI: CXI and CENTRIXS-GCTF, which are now connected by two Cross Domain Solutions (CDS). Initial Operational Capability (IOC) provides common email and common chat. The deadline for Full Operational Capability (FOC) for CXI is March 2010 and will provide business collaboration, knowledge management and tactical collaboration.
The coordination team meets every six weeks to map applications and their implementation, which are interdependent. For example, the U.S. uses chat on IRC and this is not acceptable to NATO. The goal is to move everyone to XMPP by March 2010.
We have a shared ISAF information domain. If you’re outside the box, you can still share inside the box, but you have to use CDS. Ultimately, the goal is to develop a unified mission network called the Afghani Mission Network (AMN). Other nations intend to connect their assets to AMN – which will become the federated mission network.
The U.S. does not train as subordinate to NATO; it’s a challenge because now the first time they experience this is in theatre (i.e. at ISAF).
USCENTCOM would like to train on the NATO operational networks, not JTEN or CFBLNet, using NATO CONOPS, and wants to be able to transition the training configuration directly to the operational context. (This is not the same as training against a reference or replica system.)
Comments and Discussion:
The AMN connects ISAF-Secret and ISAF headquarters. What are the implications for other nations when looking at the CENTRIXS-ISAF model to make sure that there is bilateral information sharing? The team is looking at many models for teams to interconnect and interoperate, with a good outlook. Funding will be difficult, but all the NATO nations have agreed to it.
Collaboration Opportunities and/or Action Items:
Based on USCENTCOM input: explore using CFBLNet to connect U.S. training facility in Grafenwehr and the NATO training facility in Bydgogcz, representing respectively U.S. CXI configuration and NATO ISAF-Secret configuration. This will allow U.S. trainees to train with U.S. systems with a representative NATO response cell, exposing them both to technical interoperability challenges and to the unfamiliar NATO command context. A follow-up meeting on this subject (between the Joint Staff , USEUCOM and NC3A) is planned for the week of 18 Jan 2009.
Presenters: Lt. Col Rich Hubbard, USEUCOM; Mr. Al Slarve, JITC
USEUCOM is the U.S. national lead for NATO Coalition Warrior Interoperability Exercise (CWIX), formerly NATO CWID (Coalition Warrior Interoperability Demonstration) and UK CWID. (NATO CWIX has been repositioned as an interoperability exercise whereas in the past NATO CWID was more of a demonstration). These activities are an excellent means of testing prior to deployment, and if your system is used within NATO, it should be used within a NATO exercise or demonstration. On the U.S. side, CWID is a demonstration of emerging technologies to DoD.
Grafenwehr (GE) will be the central Combined Endeavor (CE) site for 2010. CE has had 40+ partner nations participating in the past, and will continue to be another chance to test ISAF interoperability.
The CWID, CE, and Steadfast* events should build on each other and provide the opportunity for overall validation/testing.
The Joint Interoperability Test Command (JITC) supports interoperability tests for certification or assessments in a realistic environment. JITC can only certify U.S. DoD systems, not international systems, because there is currently no stated requirement coming from its sponsors.
Testing is completed through an offline environment and then moved into an operational environment. JITC does technology demonstrations relevant to the warfighter, once a capability is chosen.
Department of Defense Interoperability Communications Exercise (DICE) provides interoperability certification and assessment in the Operational Area Network (OAN) and Global Information Grid (GIG).
Joint User Interoperability Communications Exercise (JUICE) looks at the operational area network, focusing on architecture, tactics, and techniques & procedures.
JITC would like to be a venue for additional coalition interoperability testing via exercises such as DICE and JUICE.
Comments and Discussion:
Standards documents have been written, but who will enforce the governance of standards? Industry has set many of the standards, and even though there are NATO standards, the Nations do not necessarily follow the standards.
It is recommended that the DICE, JUICE, CWID and CE exercises run together or build on each other.
Interoperability opportunities between NATO and US should ideally be tunnelled through US USEUCOM Stuttgart, GE. A concept of operation for information sharing is missing.
Collaboration Opportunities and/or Action Items:
Overall oversight of the different events (CWID, Combined Endeavor, Steadfast*, etc.) is lacking. This could be a possible role for NC3A.
4. Putting SOA into Practice
Presenters: Mr. Brad Mercer, MITRE; Mr. Frank Petroski, MITRE
The Multi Service SOA Consortium (MSC) is an effort to bring together service based systems programs in the U.S. military.
SOA originally promised easy integration and interoperability, but we have found it’s possible to build SOA silos in service-based systems, and we suspect this is also a problem for NATO. SOA is not a traditional integrated effort; services-based applications need a common services infrastructure, which is built by industry and known as an Enterprise Service Bus (ESB).
What is the “forcing function” to make real progress towards implementing SOA?
The right question to ask isn’t “what is my enterprise,” it’s “what is my mission.”
The MSC has defined three possible interfaces for all systems: K1 – service to service virtual interface, K2 – service to infrastructure interface, and K3 – infrastructure to infrastructure interface. Based off these interfaces, there needs to be a constrained set of choices, called a reference architecture. The architecture is more about interactions and relationships; and interaction is more important that implementation.
The U.S. has developed a version 1 reference architecture which is currently in review. K3 is the work being completed this year; K2 is being positioned as a self contained business process. The two infrastructures underneath have to federate.
There’s a debate in the community on messaging in SOA. Business processes are being built into software. Operators want to be able to assemble small modules into capabilities, which can be connected and disconnected as needed. The focus on SOA needs to start with “what am I doing?” – user requirements. Ask users what they need to do, or else they will just list the requirements of what they are already using.
A “SOA manifesto” was recently released which focuses on strategic goals, intrinsic interoperability, shared services, business value over technical strategy, and flexibility over optimization. Evolutionary refinement is more important than attempting to achieve initial perfection.
It’s important to develop enterprise standards. Keep it manageable; we tend to build huge even when we don’t need to. Federation is the future, although people throw the term around a lot. Email is a good example of a federated service. Chat federates much the same way.
4.2Comments and Discussion:
The U.S. DoD needs to be able to specify a common architecture. The larger the enterprise, the more difficult the agreement will be. The MSC specification does not preclude services bringing their silos. However, to be a participant in the joint warfighting space, they have to reveal a second interface where everything is standardized. Performance may be higher or lower than they specify in their own silo.
There are a lot of different federation models. In order to make federation work, you need to concentrate on principles, business rules, conformance testing. Focus on the mission, with an enterprise view of IT.
There are many efforts on real time data exchange of SOA. There is significant work happening on the industry side to address that issue.
NATO would like to pursue the MSC (Mercer) sharing their architecture – particularly on the K1/K2/K3 interfaces – as a matter of urgency with NC3A and with the multi-national bodies that are working on coalition SOA architecture (such as the NC3B’s ISSC).
NATO would like to invite the U.S. presenters to participate in one of the NATO committees defining coalition SOA standards – such as the Core Enterprise Services Working Group (CESWG)– to hear what is going on and participate more directly
NC3A will investigate the possibility of standing up the NATO Metadata Registry and Repository (NMRR) service as a reference implementation for the Nations of a next-generation Registry service.
5. IJC HQ @ KAIA (“3 Star HQ”) – Lessons Learned and Goals for Better Future U.S. – NATO Collaboration
Presenter: Mr. Malcolm Green, NC3A
5.1 Topics Covered:
The defense ministers of NATO decided in June to build a separate HQ for General Rodriguez to deliver capabilities. NC3A was able to deliver a standalone facility in 90 days, starting with what had been a gymnasium.
The current joined U.S. – NATO infrastructure, CENTRIXS-ISAF, does not yet offer net-centricity. There is no one network in ISAF; there is the NATO mission secret environment, the U.S. brings in CENTRIXS, NIPR, and SIPR, in addition to other nations bringing their own networks. Mission secret environments need to become a common playing field.
This effort was a “failure” because it delivered another mission secret network, instead of allowing the nations to fight as trained on their national networks.
The U.S. sometimes does not see itself as an internal member of NATO. The IJC was funded because we could show the work could be done and was cost effective, and had less risk than if the U.S. did it alone. The problem is budget.
There are benefits to the U.S. through NATO; NATO can provide capabilities to nations who may not individually be willing to share, as a political consideration. There is no way in today’s environment that we can connect other countries’ networks together unless we look at releasability while protecting the domain space.
5.2Comments and Discussion:
A challenge is vetting, authentication, identity management. There’s a level of risk which is not the same as NATO Secret. We don’t have lessons learned; we have lessons TO BE learned, and we haven’t done it. Let’s provoke the decision makers on policy.
6. Shared Space (special interest group break-out)
Participants: Ms. Rosie Morales, MITRE (supporting DISA); Mr. Larry (Dennis) Diunizio, USJFCOM J87; Dr. Sven Kuehne, NC3A
Discussion of NNEC Shared Space concept, based on draft version 0.6 of Volume 1 of the NATO Data Strategy Implementation Guidance (NDSIG). Discussion was focused on changes for the upcoming draft 0.7.
Additional discussions on how concepts like the CSD and the ISAF Interoperability Bus can be aligned with the Shared Space concept based on the NNEC Data Strategy.
Follow-up will occur during next DMSWG meeting (Jan 10) and/or the next NATO NDSIG workshop (Feb/Mar 10, tentatively)
BREAKOUT SESSION A
(Networking and Information) Infrastructure 1. Unified Communications/Network Federation
Presenters: Dr. James Reilly, DISA; Mr. Rob van Engelshoven, NC3A
The initial DISA focus on is synchronous communication, including audio, video, IM and collaboration. DISA is moving towards a cloud architecture with data and services application. By 2012, asynchronous transfer mode will begin to be phased out and DoD web conferencing with integrated VTC and a telephone interface, expanded assurance service for IP, and enterprise email will be available.
DISA has a program for enterprise cross domain solutions. IA tools should be in place by 2012 and PKI for NIPR and SIPR. The goal is an integrated end-to-end situational awareness capability. The evolution to UC&C will encompass expanded end-to-end IP, assured service, QoS, rich presence, synchronous and asynchronous UC&C, unified messaging, and social networking.
This will bring more effective decision-making.
NC3A and NATO are finishing the NATO Communications Infrastructure (NCI) target architecture, with a service catalogue, converged IP network, QoS, a protected (black) core and service level management. NCI interconnects security domains and the structure of a high availability WAN is diagrammed. Current focus includes standardization of definitions and service performance targets.
NATO is taking a service-oriented approach and is completing a slow migration to IP convergence.