Title: Secure defence sector information sharing
Sub-title: Net-centric warfare does not work if the network isn’t functioning. SISA, a new alliance of IT providers, offers a new approach to secure information sharing.
Several weeks ago, news emerged that the U.S. armed forces inadvertently sent four nuclear fuses to Taiwan. The glaring error depicted sharp weaknesses in the U.S. Department of Defence’s internal controls. However news of the breach also brought home to Mas Nawaz, an IT security specialist at Cisco Systems, the stakes in his own line of work.
“If a piece of kit in our nuclear arsenal can escape control, just imagine how vulnerable defence sector information is,” says Nawaz, who over the years has worked on numerous military and civilian architecture initiatives. “One click of a mouse and immense amounts of crucial data can be moved instantly.”
However keeping information secure is only one of the challenges facing defence sector players. Not long before the nuclear fuse incident, various levels of government responses to the Katrina Hurricane debable also showed what can happen when stakeholders don’t exchange information properly. Relief personnel and aid were, at times, misdirected and poorly deployed. Much suffering and inconvenience occurred that could have been avoided.
According to Emile Lindsay, vice-president (defence) at EDS Canada, which has been working with the Canadian Armed Forces to help them better get a handle on these challenges, striking a balance between making information widely available and keeping it secure, is a challenge facing almost all defence industry stakeholders.
A new information sharing architecture
Francie Kress, an Alliance Manager for Technology Partners at EMC, raises the contrasting stakes raised by incidents such as Katrina and the nuclear fuse debacle in a clear question. “How so you share and protect information at the same time?” she asks rhetorically.
But Kress, who does extensive work on projects for the U.S. federal government doesn’t just ask questions. She provides answers too. In a presentation to defence industry professionals earlier this year, in conjunction with the recent CANSEC show, Kress, and other IT professionals, including Nawaz from Cisco, Kimberly Nelson from Microsoft and Michael Donovan from EDS, outlined the details of a new alliance called the Secure Information Sharing Architecture (SISA), which seeks to address some of their key concerns.
SISA provides customers with a commercial-off-the-shelf unified architecture that also has a security focus. The goal is to help clients better leverage the existing IT investments that many have already made in alliance member technologies.
In addition to companies represented at the CANSEC presentation, SISA includes a range of additional IT players, such as Liquid Machines, Swan Island and Titus Labs. “The alliance is designed to overcome the mounting pressure on IT departments to protect internal sensitive content, while simultaneously supporting infrastructure consolidation and inter-organization information sharing,” says Kress.
A secure collaborative framework
According to EDS’s Lindsay, the key benefits from the SISA alliance aren’t just related to increased sales. Adding functionality to the members’ individual offerings is the real goal. “DND already has extensive products from many of these companies,” says Lindsay. “We are not asking them to re-buy them. However they need to ensure that the software is configured correctly so they can improve their investment in what they have already bought.”
That’s where EDS comes in. The company’s role is to act as systems integrator, to ensure that all the individual elements of the SISA alliance members’ offerings, bring to the table optimal functionality. According to Lindsay, EDS has the capability to implement a full range of SISA competencies. These include Access Protection, Content Protection, Data Protection and Adaptive Threat Defence Services. As if that was not enough, EDS also helps its clients with the critical planning and transformation activities needed to deploy SISA solutions.
“Various agencies are all expected to proactively store, access and move information to respond quickly to requests from other agencies and the public. The danger is that this leads to the emergence of stovepipes, in which key existing data remains compartmentalized and unavailable to other stakeholders,” says Lindsay. “These communities need a secure collaborative framework for protecting sensitive content. But if each agency develops their own network, the result can be huge expenditures on what are often sub-optimal solutions. A secure, collaborative environment could alleviate many of those challenges.”
Endpoint, access, content and data protection
According to Nawaz, an ideally structured SISA architecture shields against a variety of threats. “You need endpoint protection such as encryption support. But the management of access and control to networks and their resources, protection against deliberate or inadvertent disclosure of files and adaptive threat defence, are also important,” says Nawaz.
One challenge in managing large networks is balancing the various needs says Nawaz. “A defence sector network services a variety of users with various levels of security clearance,” says Nawaz. “System administrators need to know and validate who you are and what you want to do on the network.”
Kimberly Nelson, Director of eGovernment and Health and Human Services at Microsoft Corporation agrees. Nelson works with government CIOs all the time and is acutely aware of the challenges they face. “Aligning mission and technology is more complex these days than ever before,” says Nelson. “Statutory, policy and citizen drivers are changing the way government operates. There is also increased pressure for cross boundary information sharing. Not surprisingly, networks are becoming more pervasive.”
As a result of these changes, Nelson is convinced that SISA will quickly see wide acceptance. “Wider distribution of information means that threats are coming faster and pretty soon staff will not be able to keep up,” says Nelson. “SISA will provide the ability for users to focus more on their key missions and to reduce their spending on infrastructure.”
SISA: major upside for defence applications
The key challenge for Nelson, Lindsay and other SISA stakeholders is to broaden industry knowledge of the project’s key benefits. “At this point, SISA can be best regarded as a start-up,” says Lindsay. “They have released the first version and are now looking for the best place to do an initial implementation. Canada would be the ideal choice.”
Lindsay sees a variety of areas in which EDS can help the Canadian Armed Forces meet upcoming challenges. “DND is hurting both resource-wise and from a lack of personnel in key areas,” says Lindsay. “The Afghanistan deployment has been particularly taxing. I’ve got friends that are going back for their third and fourth tour of duty. Any way in which DND can download work by partnering with contractors, is a plus for them, because it relieves pressures so they can concentrate on core operations.”
IT is one such area says Lindsay. “Because of the complexity of the Afghan deployment, information is constantly exchanged with our British, US, and other NATO partners, as well as the local government. But this needs to be done securely,” says Lindsay.
SISA can also be a valuable tool to help the Canadian Army, Navy and Air Force’s ongoing efforts better coordinate their command and control systems, says Lindsay, who provided DND officials extensive briefings regarding SISA during CANSEC. “The reaction was highly positive. Many DND officials told me that they did not realize that there was a ready made solution available that can address many of their most pressing challenges,” says Lindsay. “So it is not surprising that we are very optimistic going forward.”
Peter Diekmeyer is Canadian Defence Review’s Quebec correspondent.
|© 2008 Peter Diekmeyer Communications Inc.|