NATO C 3 StaffISB PROTECTION OF NATO INFORMATION

NATO C 3 Staff/ISB PROTECTION OF NATO INFORMATION AND NATO CIS Col. Augusto DEL PISTOIA NHQC 3 S INFOSEC Branch Chief +32 2 707 5534 infosec@hq. nato. int

NATO C 3 Staff/ISB • • • CONTENT NATO Policy NATO CIS Overview NATO CIS Implementation Pillars Common Criteria NATO Computer Incident Response Capability NATO Public Key Infrastructure

NATO C 3 Staff/ISB NATO POLICY • NATO Information Management Policy • NATO Security Policy • NATO CIS Policy

NATO CIS OVERVIEW NATO C 3 Staff/ISB USER DOMAIN Remote Site NETWORK DOMAIN PSTN SECURITY DOMAIN Security Management Center Static. Site NPKI Infrastructure NCN Deployed Site NIDTS Remote Site NCIRC NCN NIDTS PSTN NPKI Internet NATO Computer Incident Response Capability NATO Core Network NATO Initial Data Transfer Service Public Switched Telephone Network NATO Public Key Infrastructure NCIRC

NATO CIS OVERVIEW NATO C 3 Staff/ISB User Domain ISDN Terminals Network Domain NSIE PSTN ISPABX BRI VTC NCS PRI TA Non ISDN Terminals AR NICE NS LAN PKI-based security services in the User Domain BME BPD NU LAN BPD AR – Access Router BME – Bandwidth Management Equipment BPD – Boundary Protection Device BRI - Basic Rate Interface DSE – Digital Switching Equipment NSIE – NATO Secure ISDN Equipment NICE – NATO IP Crypto Equipment PRI - Primary Rate Interface TA - Terminal Adapter

NATO C 3 Staff/ISB NATO CIS IMPLEMENTATION PILLARS • Adoption of Common Criteria • NATO Computer Incident Response Capability (NCIRC) • NATO Public Key Infrastructure (NPKI)

NATO C 3 Staff/ISB COMMON CRITERIA

NATO C 3 Staff/ISB NATO AND COMMON CRITERIA NC 3 S Overarching Architecture Statement of Operational Statement of Requirements Operational Requirement CC concept and terminology POLICY DIRECTIVES GUIDELINES NC 3 S Reference. NC 3 S Architecture Reference Capability Package Security Annex Architecture NC 3 S Target. NC 3 S Architecture Target Architecture Type B Cost Estimate Type B Cost (TBCE) Estimate (TBCE) Security Requirement Statement Invitation For Bid (IFB) ISO/ National NATO PP Repositories Evaluated Products Lists

NATO C 3 Staff/ISB • • NATO TRANSITION TO CC Documentation Process and Procedures for Protection Profiles and Packages NATO Protection Profiles and Packages Repository Registration of CC Evaluated Products

NATO C 3 Staff/ISB PROTECTION PROFILES AND PACKAGES • Selection and/or Development • Evaluation and Certification • Repository

IT PRODUCTS NATO C 3 Staff/ISB SSA PRODUCT ENDORSEMENT IDENTIFY PRODUCT NATO PRODUCT LIST NATIONAL CC REPOSITORY VALIDATION CERTIFICATION DEVELOPMENT PROCESS NATIONAL SPONSORED PRODUCTS NATO PRODUCT LIST SECAN EUSEC NATO NATION

NATO C 3 Staff/ISB CURRENT SITUATION • Transition phase – Interim guidance – IT Products, PPs, Packages Database • Implementation Directive – Under approval • Objective: 2 Q 2003

NATO C 3 Staff/ISB NATO COMPUTER INCIDENT RESPONSE CAPABILITY

NATO C 3 Staff/ISB NCIRC • Central Capability • Incident Handling and Reporting • Implementation Approach

NATO C 3 Staff/ISB NCIRC ORGANISATION TIER 1 CO-ORDINATION CENTRE TIER 2 TECHNICAL SUPPORT CENTRE TIER 3 CIS OPERATING AUTHORITIES

NATO C 3 Staff/ISB CURRENT SITUATION • NCIRC documentation – NC 3 B Guidance and Direction – CONOPs – Handbook • NCIRC activated on a limited scale • Establishment of links with national CERTs

NATO C 3 Staff/ISB NATO PKI

NATO C 3 Staff/ISB NATO PKI • NPKI Goal • NPKI Implementation Approach: – Establish the governing Authority (NPMA) – Field the Root CA – Regulate the implementation of the other PKI components

NATO C 3 Staff/ISB NPKI ORGANISATION NPMA TIER 1 ROOT CA TIER 2 TIER 3 CERTIFICATION AUTHORITIES SUBORDINATE CAs OR RAs NPAC

C 3 Staff/ISB CURRENT NATO SITUATION • PKI documentation: – – – NPKI Legal Aspects PKI Policy for NATO CIS NPKI High Level Concept Of Operations NPKI Certificate Policy NPKI Security Architecture NPKI Interoperability Strategy • Fielding of NATO Messaging System • First Root Certificate by 2 Q 2003

NATO C 3 Staff/ISB • • • CONCLUSIONS NATO Policy NATO CIS Overview NATO CIS Implementation Pillars Common Criteria NATO Computer Incident Response Capability NATO Public Key Infrastructure

NATO C 3 Staff/ISB Questions?