Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium

Presentation Topics  NATO Headquarters activities  NATO Headquarters approach to security  Security principles & techniques

The Prime Directive - I NATO information… …shall be managed as a corporate resource to support NATO [business]… … throughout its life-cycle... … throughout its life-cycle... Extract from NATO Information Management Policy

The Prime Directive - II NATO information… …shall be protected… …to ensure its confidentiality, integrity and availability throughout its life-cycle... Extract from NATO Information Management Policy

What is NATO?  An alliance of 19 nations... ...and EAPC, PJC & NUC  The forum for consultation and decisions on security matters  A facility for co-operation in other matters

NATO HQ Activities HEADQUARTERS ADMINISTRATION PROGRAMME MANAGEMENT COORDINATION OF ACTIVITIES POLITICAL CONSULTATION

NATO HQ STAFF: CREATE, COLLATE, MANAGE MEETING ATTENDEES: CREATE, REVIEW, APPROVE AGENDAS DOCUMENTS NOTES DECISION SHEETS DOCUMENTS COMMENTS The Consultation Process CONSULTATIONrequiresINFORMATIONrequires INFORMATION MANAGEMENT requires INFORMATION SECURITY

Transformation of NATO since 1989  Political NATO > EAPC > OTHERS NATO > EAPC > OTHERS  Information Technology Mainframe > LAN > WAN [> Internet] Mainframe > LAN > WAN [> Internet]  Security Confidentiality > Integrity & Availability Confidentiality > Integrity & Availability

NATO HQ Organisation NAC EAPC MILITARY COMMITTEE INTERNATIONAL MILITARY STAFF INTERNATIONAL STAFF NATIONAL/ PARTNER DELEGATIONS MILITARY REPRESENTATIONS

Security Domains EAPC DOMAIN NATO DOMAIN EXTERNAL DOMAIN MILREPSDELEGATIONS PARTNER MISSIONS MILITARY COMMANDS NATO AGENCIES MEMBER NATIONS PARTNER NATIONS INTERNATIONAL ORGANISATIONS OTHER NATIONS MEDIA GENERAL PUBLIC ACADEMEINDUSTRY INTERNATIONAL STAFFS NATO HQ

NATO HQ Approach to Security  Separate regime for each domain  Same process: Adherence to NATO Policy Adherence to NATO Policy Structure Structure Objectives Objectives Principles Principles Countermeasures Countermeasures

Structure  Formality: separation of functions separation of functions documentation documentation  Security as system functionality: design design development development testing testing  Managed throughout life-cycle configuration management configuration management

Separation of Roles Operating Authority system development system installation system operation system maintenance Security Authority risk analysis security SOPs equipment approval audits Security Accreditation Authority accreditationinspections

Documentation  Security requirements statement  Security operating procedures  Interconnection agreements

Objectives  Protecting NATO information against loss of: Confidentiality Confidentiality Integrity Integrity Availability Availability  By either accidental or deliberate act

Definitions  Confidentiality disclosure of information to unauthorised parties disclosure of information to unauthorised parties  Integrity modification of information modification of information  Availability destruction of data destruction of data denial of service (access to data) denial of service (access to data)

Principles - I  Risk management  Minimality  Least privilege  Self-protecting nodes  Defence-in-depth  Implementation verification

Risk Management  Use of approved methodology  Analysis of: Threats Threats Vulnerabilities Vulnerabilities  Risk Assessment  Countermeasures  Residual Risk

Countermeasures Residual Risk Risk Management Risk assessment RequirementsCost Risk Analysis Threats & Vulnerabilities

Residual Risk RISK IDENTIFIED BY RISK ASSESSMENT RISK COVERED BY COUNTER MEASURES Residual Risk: Risk accepted due to cost/difficulty of countermeasures

Principles - I  Risk management  Minimality  Least privilege  Self-protecting nodes  Defence-in-depth  Implementation verification

Principles - II  Minimality only enable those services required only enable those services required  Least privilege users only given functions & authorizations they need users only given functions & authorizations they need  COTS software must be managed

Principles - III  Self-protecting nodes each network node protects itself each network node protects itself regards other nodes as untrusted regards other nodes as untrusted  Defence-in-depth no reliance on one single measure no reliance on one single measure  Implementation verification regular review of security posture regular review of security posture change/configuration management change/configuration management

Countermeasures PHYSICAL PERSONNEL TECHNICAL PROCEDURAL

Countermeasures - I  Physical separation of domains separation of domains restrict access to information stores restrict access to information stores data redundancy data redundancy  Personnel careful selection of staff careful selection of staff education education beware the “insider” threat beware the “insider” threat

Countermeasures - II  Procedural standard operating procedures standard operating procedures need-to-know separation need-to-know separation inspections & reviews inspections & reviews configuration management configuration management  Technical certified products certified products access controls & audit tools access controls & audit tools firewalls & filters firewalls & filters anti-virus software anti-virus software

Conclusions  Information systems are critical to operations  Security: is an integral part of the overall system is an integral part of the overall system must be managed throughout entire life-cycle must be managed throughout entire life-cycle requires structure & method requires structure & method requires a balanced mix of a wide variety of techniques requires a balanced mix of a wide variety of techniques

Maximum Line Capacity Incoming Traffic ( ) Outgoing Traffic (Web) Denial of Service Attack (flooding line)