Protective Measures at Protective Measures at NATO Headquarters NATO Headquarters

Ian DavisIan DavisHead, Information Systems ServiceHead, Information Systems ServiceNATO Headquarters NATO Headquarters Brussels, BelgiumBrussels, Belgium

The Prime Directive - IThe Prime Directive - I

NATO information…NATO information…

……shall be managed asshall be managed as

a corporate resourcea corporate resource

to support NATO [business]…to support NATO [business]…

… … throughout its life-cycle... throughout its life-cycle...

Extract from NATO Information Management PolicyExtract from NATO Information Management Policy

The Prime Directive - IIThe Prime Directive - II

NATO information…NATO information…

……shall be protected…shall be protected…

……to ensure its confidentiality,to ensure its confidentiality,

integrity and availabilityintegrity and availability

throughout its life-cycle... throughout its life-cycle...

Extract from NATO Information Management PolicyExtract from NATO Information Management Policy

What is NATO? What is NATO?

An alliance of 19 nations...An alliance of 19 nations... ...and EAPC, PJC & NUC...and EAPC, PJC & NUC The forum for consultation and The forum for consultation and

decisions on security mattersdecisions on security matters A facility for co-operation in other A facility for co-operation in other

mattersmatters

NATO HQ ActivitiesNATO HQ Activities

HEADQUARTERSADMINISTRATION

PROGRAMMEMANAGEMENT

COORDINATION OF ACTIVITIES

POLITICALCONSULTATION

CONSULTATION

NATO HQSTAFF:

CREATE,COLLATE,MANAGE

MEETINGATTENDEES:

CREATE,REVIEW,APPROVE

AGENDASDOCUMENTS

NOTESDECISION SHEETS

DOCUMENTSCOMMENTS

The Consultation ProcessThe Consultation Process

CONSULTATIONCONSULTATION

requiresrequires

INFORMATIONINFORMATION

requiresrequires

INFORMATION MANAGEMENTINFORMATION MANAGEMENT

requiresrequires

INFORMATION SECURITYINFORMATION SECURITY

Transformation of NATOTransformation of NATOsince 1989since 1989 PoliticalPolitical

NATO > EAPC > OTHERSNATO > EAPC > OTHERS

Information TechnologyInformation Technology Mainframe > LAN > WAN [> Internet]Mainframe > LAN > WAN [> Internet]

SecuritySecurity Confidentiality > Integrity & AvailabilityConfidentiality > Integrity & Availability

NATO HQ OrganisationNATO HQ Organisation

NAC EAPC

MILITARYCOMMITTEE

INTERNATIONALMILITARY STAFF

INTERNATIONALSTAFF

NATIONAL/ PARTNER

DELEGATIONS

MILITARYREPRESENTATIONS

Security DomainsSecurity Domains

EAPC DOMAIN

NATO DOMAIN

EXTERNAL DOMAIN

MILREPSDELEGATIONS

PARTNER MISSIONS

MILITARYCOMMANDS

NATOAGENCIES

MEMBERNATIONS

PARTNERNATIONS

INTERNATIONAL ORGANISATIONS

OTHER NATIONS

MEDIA

GENERAL PUBLIC

ACADEMEINDUSTRY

INTERNATIONAL STAFFS

NATO HQ

NATO HQ Approach to NATO HQ Approach to SecuritySecurity

Separate regime for each domainSeparate regime for each domain

Same process:Same process: Adherence to NATO PolicyAdherence to NATO Policy

StructureStructure

ObjectivesObjectives

PrinciplesPrinciples

CountermeasuresCountermeasures

StructureStructure Formality:Formality:

separation of functionsseparation of functions documentationdocumentation

Security as system functionality:Security as system functionality: designdesign

developmentdevelopment

testingtesting

Managed throughout life-cycleManaged throughout life-cycle configuration managementconfiguration management

Separation of RolesSeparation of Roles

Operating AuthorityOperating Authoritysystem developmentsystem developmentsystem installationsystem installationsystem operationsystem operationsystem maintenancesystem maintenance

Security AuthoritySecurity Authorityrisk analysisrisk analysissecurity SOPssecurity SOPsequipment approvalequipment approvalauditsaudits

Security Accreditation AuthoritySecurity Accreditation Authorityaccreditationaccreditation

inspectionsinspections

DocumentationDocumentation

Security requirements statementSecurity requirements statement

Security operating proceduresSecurity operating procedures

Interconnection agreementsInterconnection agreements

ObjectivesObjectives

Protecting NATO information against Protecting NATO information against loss of:loss of:

ConfidentialityConfidentiality IntegrityIntegrity AvailabilityAvailability

By either accidental or deliberate actBy either accidental or deliberate act

DefinitionsDefinitions

ConfidentialityConfidentiality disclosure of information to disclosure of information to

unauthorised parties unauthorised parties

IntegrityIntegrity modification of informationmodification of information

AvailabilityAvailability destruction of datadestruction of data denial of service (access to data)denial of service (access to data)

Principles - IPrinciples - I

Risk managementRisk management

MinimalityMinimality

Least privilegeLeast privilege

Self-protecting nodesSelf-protecting nodes

Defence-in-depthDefence-in-depth

Implementation verificationImplementation verification

Risk ManagementRisk Management

Use of approved methodologyUse of approved methodology

Analysis of:Analysis of: ThreatsThreats VulnerabilitiesVulnerabilities

Risk AssessmentRisk Assessment

CountermeasuresCountermeasures

Residual RiskResidual Risk

Countermeasures Residual Risk

Risk ManagementRisk Management

Risk assessment

Requirements CostRisk Analysis

Threats & Vulnerabilities

Residual RiskResidual Risk

RISK IDENTIFIEDBY RISK ASSESSMENT

RISKCOVERED

BYCOUNTER

MEASURES

Residual Risk: Risk accepted due tocost/difficulty of countermeasures

Principles - IPrinciples - I

Risk managementRisk management

MinimalityMinimality

Least privilegeLeast privilege

Self-protecting nodesSelf-protecting nodes

Defence-in-depthDefence-in-depth

Implementation verificationImplementation verification

Principles - IIPrinciples - II

MinimalityMinimality only enable those services requiredonly enable those services required

Least privilegeLeast privilege users only given functions & users only given functions &

authorizations they needauthorizations they need

COTS software must be COTS software must be managedmanaged

Principles - IIIPrinciples - III

Self-protecting nodesSelf-protecting nodes each network node protects itselfeach network node protects itself regards other nodes as untrustedregards other nodes as untrusted

Defence-in-depthDefence-in-depth no reliance on one single measure no reliance on one single measure

Implementation verificationImplementation verification regular review of security postureregular review of security posture change/configuration managementchange/configuration management

CountermeasuresCountermeasures

PHYSICAL

PERSONNEL

TECHNICAL

PROCEDURAL

Countermeasures - ICountermeasures - I

PhysicalPhysical separation of domainsseparation of domains restrict access to information storesrestrict access to information stores data redundancydata redundancy

PersonnelPersonnel careful selection of staffcareful selection of staff educationeducation beware the “insider” threatbeware the “insider” threat

Countermeasures - IICountermeasures - II ProceduralProcedural

standard operating proceduresstandard operating procedures need-to-know separationneed-to-know separation inspections & reviewsinspections & reviews configuration managementconfiguration management

TechnicalTechnical certified productscertified products access controls & audit toolsaccess controls & audit tools firewalls & filtersfirewalls & filters anti-virus softwareanti-virus software

ConclusionsConclusions

Information systems are critical to Information systems are critical to operationsoperations

Security:Security: is an integral part of the overall is an integral part of the overall

systemsystem must be managed throughout entire must be managed throughout entire

life-cyclelife-cycle requires structure & methodrequires structure & method requires a balanced mix of a wide requires a balanced mix of a wide

variety of techniquesvariety of techniques

Maximum Line Capacity

IncomingTraffic (email)

OutgoingTraffic (Web)

Denial of Service Attack(flooding line)