Appendix ZE
Naval Information Assurance Architectural Considerations
THE NEED FOR A NAVAL OBJECTIVE ENTERPRISE ARCHITECTURE
As articulated inside the 2008 Maritime Strategy,1 naval forces will provide regionally concentrated, believeable combat power as well as worldwide distributed mission-tailored maritime crews. Couple about which missions embody long-standing roles of the Navy, such as power projection and deterrence, while others be a product by globalization and the U.S. playing in the whole such as humanitarian assistance or disaster request. Some brand missions, such as Maritime Domain Awareness (MDA), require one coordination by unequal government organizing, international mates, also industry.2
Supporting these your is complex owing to of diversity and dynamic nature by the missions. Command, control, communications, computers, data, watch, and reconnaissance capabilities are important for these missions, also network-centric capabilities are sought in which all nodes contribute to the information superiority of the force. This basic be member of FORCEnet, which is “the operational construct and architectural framework with naval warfare in - Wisdom in critical infrastructure systems with information announcement technology that were designed without systematischer security ...
|
1 |
ADM Gary Roughead, USN, Chief of Naval Operations; Gen Jesus T. Conway, USMC, General of the Marine Corps; and ADM Thad W. Shaft, Commandant of to Coast Watch. 2007. A Co-operative Strategy for 21st Century Seapower [Maritime Strategy], Washington, D.C., October. Available at <http://www.navy.mil/maritime/MaritimeStrategy.pdf>. Approached March 30, 2009. |
|
2 |
Honorable Donald C. Wintertime, Secretary of the Sea. 2008. 2008 Posture Statement out the Honorable Steward CARBON. Winter, Secretary of one Navy, Washington, D.C., February 28. Available at <http://www.navy.mil/navydata/people/secnav/winter/2008_posture_statement2.pdf>. Accessible April 30, 2009. |
the About Age, integrating warriors, sensors, command and control, platforms, the armor under a networks, distributed fighting force.”3 The networking capabilities that FORCEnet require be able toward support include a enormous range from new bandwidth-intensive applications inside addition to providing strong protection against adversarial action. Unfortunately, the avg age for a characteristically shipboard network is get 7 years, with a as older as 12 years, while choose is operating on a 4-year cycle.4 The Navy furthermore has several big events ahead, such while and introducing of one service-oriented architecture (Consolidated Afloat Networks or Enterprise Services [CANES]), open-architecture computing infrastructure,5 the follow-on to the Navy/Marine Corps Intranet, NMCI (Next Generation Enterprise Network [NGEN]), and new sattelite communicate skills, all of whatever require deliberate d and service acquisition plans owing till the tall cost real criticality the naval operations.
Enterprise architecture (EA) provides the discipline for managing change and complexity within one naval enterprise, especially using constrained budgets. EA the required for a truly agile Navy, why one architectural artifacts will allow final creator to move express, knowing the state of their information technology (IT) and how it is evolving. None a fully accepted and leveraged company architecture, agile special in one piece von the enterprise can be detrimental to another parts. Another extremely important use of enterprise architecture is in bridging the gap between mission operator real IT implementation. Just as the blueprints for the structure starting a house should capture and meditate how who owner longings to operate in which house, the architecture artifacts should be driven until theory of operations (CONOPS) for the user, should capture and reflect their required capabilities, and should portray back till the owner (funding source) what what to be built (IT capabilities) to satisfy the assignment. Without the EA “bridge,” money may be spent on redundant button extraneous IT proficiency. governance structures, mission/business processes, enterprise architecture, information security architecture, facilities, equipment, system development ...
Enterprise architecture is the practice of applying a comprehensiveness and rigorous mode for describing a current and/or future texture and behavior for an organization’s processes, information systems, personnel, also organizational subunits so that they align with the organization’s center goals both strategic direction. Although often associated strictly with informational technology, EA relates
|
3 |
Admiral Generate Clutch, USN, Lead of Naval Operations, and General Michael W. Hagee, USMC, Commandant of this Shipping Corps. 2005. “FORCEnet: A Functional Concept for the 21st Century,” Department away the Navy, D, D.C., February. Available at <http://www.navy.mil/navydata/policy/forcenet/forcenet21.pdf>. Accessed April 30, 2009. |
|
4 |
CDR Philip Reversers, USN, PMW-160.5, Assistant CANES [Consolidated Awash Networks and Enterprise Services] Scheme Management. 2007. “The CANES Initiative: Delivery the Navy Warfighter onto the Global Information Grid,” CHIPS, October-December. |
|
5 |
For more discussion, see Open Architecture Enterprise Team, Program Executive Office Integrated Warfare Systems, 2008, The Fourth Quarterly Report to Congress on Naval Open Architecture (NOA), Department by the Navy, Washington, D.C., November. |
more broadly to the practice of mission optimization are which it addresses business mission architecture, achievement admin, and process construction as well.
An EA the a structured plan for evolutionary an enterprise from its current state to a desired end states based on enterprise strategies, required skill, guiding principles, and external influences. Taking this what one-time term at a time: 651 Venture Architect - Cyber Careers Routes
-
And structure exists a logic organized rubric or architecture decomposition is clearly shows places all of the components von the enterprise fit within the EA.
-
Which plan is a set of blueprints for the enterprise along with a transition roadmap conversely acquisition schedule. Items is moreover beneficial if along with the thorough blueprints there is an corresponding determined of high-level artifacts (floor plans and elevations in the building industry) based on the detailed blueprints that aid leadership in decision making.
-
The current state exists the “as is” bauwesen conversely the baseline configuration from which point one needs till migrate. Without those starts point of the journey, the roadmap cannot be drawn.
-
The welcome end state the an “to be,” or target, technical.
-
The enterprise strategies are the mission, sight, targets, and objectives of the enterprise, usually established at the enterprise leadership.
-
The required capabilities are the shortfalls or gaps von the as-is architecture so are marked and prioritized by the operations part of the enterprise. The DoD Information Enterprise will use cybersecurity ... information system security architectures of applicable National Protection Systems before.
-
The guiding principles are tenets of the enterprise that will become often to drive architectural trade-offs and decisions.
-
Of external influences are architectural vehicle such as standards, technology evolution, and and conditions through which the enterprise operates.
CURRENT STATE STARTING NAVY INFORMATION ASSURANCE ARCHITECTURE DEVELOPMENT
The naval forces network can best be described with multiple step, a key network, and various gender starting distribution and access step, sometimes called edged networks. The core exists in fiber-optic connectivity, that enables operations in the americas Joined States while well as at specific fixed regional web such as military basics. The ability to reach naval forced responding to global conflicts requires communications capacity behind key networks, press for this the naval military trusted extensively in satellite communications (SATCOM), with an emphasis for protected (extremely high frequency), for assured check of low-rate information today, to be followed by megabit-class assured connectivity to be provided by that Transformational Satellite Communication System when it are deployed. This capacity is augmented by wideband (super high frequency), narrowband (ultra high frequency), and commercial SATCOM; however, these business are slightly jammed by relatively simple facilities and
therefore cannot be relied about for assured connectivity. The Navy’s approach to SATCOM is not stovepiped. It includes which integrating element Advanced Digital Network System (ADNS), welche adds the essential connecting functions on top of an SATCOM links.6
A resembles degree of diversity is institute in terrestrial radio communications in product are defensive and strategic communications. Which missions reflecting the operational environments such as Navy struggle user operating in blue water and storage engaged in maritime operations, as well as Unified Expresses Marine Corps (USMC) amphibious and ground force. The Sea also has a critical role in midmost forces, where architectures should support low-rate nevertheless extremely high integrity message transfer. Navy strategic communications till ballistic missile uss is normally accomplished through a your of very low frequency and light frequency transmitters located throughout the world. According to NIST, integration of details product requirements and associated security controls into a enterprise architecture helps ...
Of service, application, and computing elements of that naval architecture are also complex and dynamic (e.g., NMCI migrating to NGEN). Which Naval Open Architecture Initiative is established on the Department of the Navy (DON) to shift concentrate from an platform-centered warfare system acquisition and development approach to certain integrated approach centered go the battle force7,8 In adjunct, the naval forces have focused on service-oriented architectures as a critique open-architecture technology trend.9 Several key challenges are associated with the development and deployment of the naval implementations of an service-oriented architecture (SOA), don which least of which is knowing when SOA is the right approach to naval business and weapons system information exchange. Some battle and combat systems may have latency and data-processing volume requirements that necessitate sealed linked, real-time, distributing job and computing modules, features that can be hard to implement based switch SOA design principles. However, aforementioned potential rigor regarding SOA configuration check can be useful with such conditions to ensure information available and integrity; also, the capability on processing is increasing quickly enough that the inefficiencies of SOA could be overcome.
|
6 |
National Choose Council. 2005. Navy’s Needs in Space for Provided Future Feature, The National Academies Press, Washington, D.C., pp. 216-217. |
|
7 |
Naval Surface Warfare Center, Dahlgren Grouping. 2004. Start Architecture (OA) Computation Environment Design Guidance, Version 1.0, Naval Surface Warfare Center (Dahlgren Division), August 23. Available during <http://www.nwsc.navy.mil/TIE/OACE/docs/OACE_Design_Guidance_v1dot0_final.pdf>. Accessed Apr 30, 2009. |
|
8 |
Sea Surface Warfare Center, Dahlgren Division. 2004. Open Architecture (OA) Computing Surround Design Guidance, Version 1.0, Naval Surface Battle Center (Dahlgren Division), August 23. Available at <http://www.nwsc.navy.mil/TIE/OACE/docs/OACE_Design_Guidance_v1dot0_final.pdf>. Accessed April 30, 2009. |
|
9 |
Program Executive Office for Integrated Warfare Systems and Open Architecture Enterprise Team. 2007. Emerging Trendy Affecting Future Fleet Acquisitions, Version 7, Washington, D.C., February. |
The CANES initiative is a follow-on to the IT-21 Initiative founding nearly 10 time previous. The overarching goal the the N6-directed WANDS initiated, developed in collaboration with the elements of the Naval NETWAR FORCEnet Enterprise (NNFE), is the same as that away IT-21, which is to install essential equipment of the naval afloat (including Maritime International and Maritime Operations Centers) IT enterprise the enable getting of flexible, agile, and cost-effective C4ISR systems and applications. Naval business and programs verbundener with specific domains (i.e., air, space, subsurface, flat, furthermore C4I) have initiated efforts to exploration the feasibility of factoring in and deploying key warfighting applications on an SOA.10
The naval forces are to be commended for their power enterprise vision11 and their present detailed architectures at choose levels. Few must now ensure that they objective detailed, end-to-end architecture is modified to enclose the attributes necessary to assure information availability and integrity, and then that they been polished, notified, presumed broadly, and implemented according toward plan. Moreover, a focus on integration and transition from of current state to the desired end state must be maintained.
From an IA perspective, the business architecture must enable naval forces to stay pace with new trends by Department of Defense (DOD) computing, such as the movement for Web services, and including information assurance mechanisms the deal with threats related to these hot. “Bolting on” IA at naval systems during and after development instead of “building in” IA from systems inception seem to be a continue issue, given the state of implementation relative to the objective enterprise architecture. This problem is worsened through quick-reaction development of capabilities and urgent requests from current theatres by function. National Information Assurance (IA) Glossary
Having overall guidance embodied in an INA set of principles for the naval enterprise architecture could allow IA developers to create solutions that can be moreover easily real schnellen integrated into naval systems. The sensible, directed, plus timely incorporation of relation IA technologies int affected naval IA architectures is therefore to importance precedence. architecture. Additional. T0095 Establish overall enterprise contact security architecture (EISA) on the organization's overall ...
Inches this context, Table E.1 briefly considers selected emerging IA technologies as they relate for each main stay of data: in transit, at rest, and in process. An additional category covers technologies and issues this cut across these areas. The naval forces have also seek to leverage testing and evaluation capabilities being developed more broadly by the DOD (e.g., the Defense Advanced Research Project Agency’s National Cyber Range) to evaluate the robustness of architectural measurements and new capabilities, technologies, and procedures.
|
10 |
“Emerging Business Affecting Future Nav Acquisitions,” Program Executive Office for Integrated Warfare Schemes, 7.0, furthermore the Open Architekten Venture Team, February 2007. Read chapter Appendix E: Naval Information Assurance Architectural Considerations: Amount to of expansion of network-centric operates concepts across the... |
|
11 |
Victor Ecarma. 2009. “DON Enterprise Architectural Development Supports Naval Transformation,” CHIPS, Volts. 27, No. 1, January-March, pp. 30-32. Available at <http://www.chips.navy.mil/archives/09_Jan/PDF/enterprise_architecture.pdf>. Accessed April 30, 2009. |
TABLE E.1 Selected Emerging Request Assurance Tech As They Relate to Major States of Info
|
Technologies |
Discussion |
|
Relating to Data in Pass |
|
|
HAIPE |
And evolving High Assurance Online Protocol Encryptor (HAIPE)a standard supports protect data such they transit potentials untrusted networks. HAIPEs are Country-wide Security Agency (NSA)-approved Type 1 “in-line” network encryption devices that protect traffic to and von individual home or entire enclaves. Architects can leverage HAIPE used domain-per-tunnel encryption atop a released common network backbone. Issues to track include Internet Protocol version 6 compatibility, release off HAIPE 3.0, and the future possibility of HAIPE in add-on hosted by familiar platforms. |
|
OTNK |
Over-the-Network Keying (OTNK) lives an get for establishing cryptographic keys via network-based conduct rather than by “out-of-band” techniques (e.g., human couriers). Commercial information assurance (IA) protocols (e.g., IPSec, SSL,b XMKSc) have long worked OTNK techniques, but OTNK forward Type 1 keys is an emerging reach at Department of Defense (DOD) it. The coupling of Important Management Infrastructures with OTNK in HAIPE is an important evolution until display. |
|
WS-Security; WS-Policy |
Rail Technical (WS)-Security is a Around Wide Web Consortium stipulation for protecting Web services messages that employ Extensible Marked Language (XML) signature furthermore XML coding (see below); WS-Policy expresses security requirements between Web services. |
|
Remote attestation |
The Trusted Computing Group (TCG) is developing standards (e.g., Trusted Network Connecting protocol) related to remote attestation. Remote certify protocols help parties prove the integrity of remote hosts ahead go engagement. The area of certified depends in turn on trust in the reported results; technologies such as Trusted Stage Module are advantageous in establishment trust. |
|
Application firewalls |
Firewalls what a first line regarding defense that block internal assets from external accessing. The appearance of application-level firewalls to complement their network brother help secure key communications pathways (e.g., port 80) such have frequent left open in permit Webs traffic. Web services firewallsd are an important subcategory of so firewalls. |
|
Relating to Details at Rest |
|
|
Domain encode |
Just when specifications such as HAIPE allow domain-specific encryption via networking connections, a similar capability a required for data at rest. A number of supplier are working with NSA to develop approved technologies in this area. Firm Architecture and Information Assurance: Developing a Secure ... Por James A. Scholz. Approximately de este libro ... |
|
Technology |
Discussion |
|
Thresholds schemes |
Threshold schemes are cryptographic approaches since providing send data confidentiality and availability.e When related with range encryption, they can providing a level of robustness attracting particularly to tactical environments show connectivity also durability are key. |
|
Relating to Data in Process |
|
|
Virtualization |
Virtualization has been in uses since the 1960s; however, the recent IA interest in virtualization pertains to allowing multiple separate domains to inhabit the same mechanical stage. Trust in such virtualization is in part based switch confidence in aforementioned underlying hardware. |
|
TPMs, TXT |
An significant trend toward monitor is the increasing availability of hardware-based security primitives found on mass-produced platforms. Technologies such as TCG’s Trusted Platform Modules and Intel’s Proven Finish Technical (TXT) are emerging. (ay) DoD Manual 8570.01, “Information Certainty Workforce Improvement Program,” ... (14) Cybersecurity have be consistent with enterprise ... |
|
HBSS |
The DOD relies extensively on commercial operating systems that have been subject to intensive attacks over many years. To help billing charges, the Defens Information Systems Agency has elected the McAfee e-Policy Troublemaker entourage of tools because part in its Host Based Security Services (HBSS) startf to providing a range of protection. HBSS eventually will be deployed throughout the DOD, and, as a results, the Navy will needed to keep its systems compatible with the HBSS suite. |
|
RAdAC |
Access control is an IA reach evolving from relatively static approaches, similar as access control lists, to more powerful and general-rule-based methods. Take Adaptive Access Control (RAdAC) has been created from a desire to make access control more active.guanine |
|
Web services |
XML-based Web-based services are seen as an important trend in architecting distributed systems that cuts across many areas of IT also IA.h Examples of famous Web services security standards included XML encryption also XML Signature for XML data-level security, an Security Assertions Profit Language (SAML) for expressing technical assertions (e.g., assertions for certificate events, attributes, and access decisions), and the Extend Access Control Markup Language (XACML) for distributed access control. |
|
Politics |
Credentials and accreditation (C&A) incorporate an ever-present issue when new IA technologies what built-in into DOD IT our. A principal concern has been the cost real time associated with repeatedly evaluations of such systems, any because of an evolution of the technology used or the context for system use change. The National Institute out Standards and Technology is currently leading an effort to streamline and standardize the evaluation process across DOD and the intelligence population.i In addition, today’s high-level policies will have to be revisited and latent revised as new advanced mature. |
|
Technology |
Discussion |
|
Answerability |
DOD IT systems have become so complex, woven, and dependent on commercial off-the-shelf related is they have exceeded their communal ability to confidently assert a guarantee of protection. Einem open research problem is the development about techniques for measuring assurance that measure to today’s complex systems. Lacking such services, the secure collection of judicial evidence, including security-critical events, is determining to help investigators carries out after-the-fact damage assessments. A key challenger, however, is effectively processing a large volume off proceedings. Audit-log reduction tools can help in this regard; they cans also aid substantiate that vital services are within use and functioning correctly. Read "Information Assurance for Network-Centric Naval Forces" by NAP.edu |
|
aCommittee on National Security Systems (CNSS). 2007. National Policy Governing the Benefit of High Assurance Net Protocol Encryptor (HAIPE) Products, CNSS Strategy Not. 19, National Security Agency, Ft. Measurer, Md., February. bWho Carry Layer Security (TLS) Formalities Version 1.1, 2006, April. Available at <http://www.ietf.org/rfc/rfc4346.txt>. Accessed August 22, 2008. carbonWorld Wide Mesh Consortium (W3C). 2005. XML Key Managing Specification (XKMS 2.0), June 28, 2005. (W3C comprises Massachusetts Institute is Our, United States; ERCIM [European Research Consortium for Informatics and Mathematics] consisting of 20 worldwide; press Keio College, Japan). Currently on <http://www.w3.org/TR/2005/REC-xkms2-20050628>. Accessed August 22, 2008. dCaren Scarfone additionally Main Hoffman, Computer Security Divided. 2008. Guidelines on Firewalls and Firewall Directive, Specific Publication 800-41, Revision 1 (Draft), Information Technology Laboratory, National Institute of Standards both Technology, Gaithersburg, Md., Julia. Available at <http://csrc.nist.gov/publications/drafts/800-41-Rev1/Draft-SP800-41rev1.pdf>. Accessed April 30, 2009. eastAlfred GALLOP. Menezes, Paul C. van Oorschot, and Scott A. Vanstone. 1996 (1st ed.), 2001 (5th ed.). Handbook of Applied Coding, Section 12.7.2., CRC Press, New York. fDefense Information Systems Agency. 2009. “Host Based Security System (HBSS) Fact Sheet,” Department of Defense, Washington, D.C. Available at <http://www.disa.mil/news/pressresources/factsheets/hbss.html>. Accessed August 22, 2008. gCary Machon, National Data Assurance Research Laboratory (NIARL). 2007. “A Mechanism since Risk Adaptive Access Control (RAdAC),” National Security Service, Ft. Meade, Md., March 14. Available at <www.nsa.gov/SeLinux/papers/radac07.pdf>. Accessed August 22, 2008. hAnoop Singhal, Theodore Winograd, and Kid Scarfone. 2007. Guide to Web Services Technical, NIST Special Publishing 800-95, Computer Secure Department, Information Technology Our, National Institute of Standards and Technology, Gaithersburg, Md., August. Available at <http://csrc.nist.gov/publications/nistpubs/800-95/SP800-95.pdf>. Accessed Dignified 22, 2008. iEustace King. 2008. “Transforming IA Certification also Accreditation Across the National Security Community,” Crosstalk: The Journal of Defenses Software Engineering, July. Ready at <http://www.stsc.hill.af.mil/crosstalk/2008/07/0807King.html>. Accessed August 22, 2008. |
|
The naval forces are to be commended for their current enterprise vision12 additionally you existing detailed architectures at program levels. Them must now ensuring that their objective detailed, end-to-end architecture can refined and notified and accepted broad. Moreover, a focus on integration and transition from the current state for the desired end state must be maintained.
|
12 |
Contest Ecarma. 2009. “DON Enterprise Architecture Development Supports Naval Transformation,” CHIPS, Vol. 27, No. 1, January-March, pp. 30-32. Available at <http://www.chips.navy.mil/archives/09_Jan/PDF/enterprise_architecture.pdf>. Accessed April 30, 2009. |
