1. Protective Measures at NATO Headquarters Ian Davis Head, Information Systems Service NATO Headquarters Brussels, Belgium

2. Presentation Topics  NATO Headquarters activities  NATO Headquarters approach to security  Security principles & techniques

3. The Prime Directive - I NATO information… …shall be managed as a corporate resource to support NATO [business]… … throughout its life-cycle... … throughout its life-cycle... Extract from NATO Information Management Policy

4. The Prime Directive - II NATO information… …shall be protected… …to ensure its confidentiality, integrity and availability throughout its life-cycle... Extract from NATO Information Management Policy

5. What is NATO?  An alliance of 19 nations... ...and EAPC, PJC & NUC  The forum for consultation and decisions on security matters  A facility for co-operation in other matters

6. NATO HQ Activities HEADQUARTERS ADMINISTRATION PROGRAMME MANAGEMENT COORDINATION OF ACTIVITIES POLITICAL CONSULTATION

7. NATO HQ STAFF: CREATE, COLLATE, MANAGE MEETING ATTENDEES: CREATE, REVIEW, APPROVE AGENDAS DOCUMENTS NOTES DECISION SHEETS DOCUMENTS COMMENTS The Consultation Process CONSULTATIONrequiresINFORMATIONrequires INFORMATION MANAGEMENT requires INFORMATION SECURITY

8. Transformation of NATO since 1989  Political NATO > EAPC > OTHERS NATO > EAPC > OTHERS  Information Technology Mainframe > LAN > WAN [> Internet] Mainframe > LAN > WAN [> Internet]  Security Confidentiality > Integrity & Availability Confidentiality > Integrity & Availability

9. NATO HQ Organisation NAC EAPC MILITARY COMMITTEE INTERNATIONAL MILITARY STAFF INTERNATIONAL STAFF NATIONAL/ PARTNER DELEGATIONS MILITARY REPRESENTATIONS

10. Security Domains EAPC DOMAIN NATO DOMAIN EXTERNAL DOMAIN MILREPSDELEGATIONS PARTNER MISSIONS MILITARY COMMANDS NATO AGENCIES MEMBER NATIONS PARTNER NATIONS INTERNATIONAL ORGANISATIONS OTHER NATIONS MEDIA GENERAL PUBLIC ACADEMEINDUSTRY INTERNATIONAL STAFFS NATO HQ

11. NATO HQ Approach to Security  Separate regime for each domain  Same process: Adherence to NATO Policy Adherence to NATO Policy Structure Structure Objectives Objectives Principles Principles Countermeasures Countermeasures

12. Structure  Formality: separation of functions separation of functions documentation documentation  Security as system functionality: design design development development testing testing  Managed throughout life-cycle configuration management configuration management

13. Separation of Roles Operating Authority system development system installation system operation system maintenance Security Authority risk analysis security SOPs equipment approval audits Security Accreditation Authority accreditationinspections

14. Documentation  Security requirements statement  Security operating procedures  Interconnection agreements

15. Objectives  Protecting NATO information against loss of: Confidentiality Confidentiality Integrity Integrity Availability Availability  By either accidental or deliberate act

16. Definitions  Confidentiality disclosure of information to unauthorised parties disclosure of information to unauthorised parties  Integrity modification of information modification of information  Availability destruction of data destruction of data denial of service (access to data) denial of service (access to data)

17. Principles - I  Risk management  Minimality  Least privilege  Self-protecting nodes  Defence-in-depth  Implementation verification

18. Risk Management  Use of approved methodology  Analysis of: Threats Threats Vulnerabilities Vulnerabilities  Risk Assessment  Countermeasures  Residual Risk

19. Countermeasures Residual Risk Risk Management Risk assessment RequirementsCost Risk Analysis Threats & Vulnerabilities

20. Residual Risk RISK IDENTIFIED BY RISK ASSESSMENT RISK COVERED BY COUNTER MEASURES Residual Risk: Risk accepted due to cost/difficulty of countermeasures

21. Principles - I  Risk management  Minimality  Least privilege  Self-protecting nodes  Defence-in-depth  Implementation verification

22. Principles - II  Minimality only enable those services required only enable those services required  Least privilege users only given functions & authorizations they need users only given functions & authorizations they need  COTS software must be managed

23. Principles - III  Self-protecting nodes each network node protects itself each network node protects itself regards other nodes as untrusted regards other nodes as untrusted  Defence-in-depth no reliance on one single measure no reliance on one single measure  Implementation verification regular review of security posture regular review of security posture change/configuration management change/configuration management

24. Countermeasures PHYSICAL PERSONNEL TECHNICAL PROCEDURAL

25. Countermeasures - I  Physical separation of domains separation of domains restrict access to information stores restrict access to information stores data redundancy data redundancy  Personnel careful selection of staff careful selection of staff education education beware the “insider” threat beware the “insider” threat

26. Countermeasures - II  Procedural standard operating procedures standard operating procedures need-to-know separation need-to-know separation inspections & reviews inspections & reviews configuration management configuration management  Technical certified products certified products access controls & audit tools access controls & audit tools firewalls & filters firewalls & filters anti-virus software anti-virus software

27. Conclusions  Information systems are critical to operations  Security: is an integral part of the overall system is an integral part of the overall system must be managed throughout entire life-cycle must be managed throughout entire life-cycle requires structure & method requires structure & method requires a balanced mix of a wide variety of techniques requires a balanced mix of a wide variety of techniques

29. Maximum Line Capacity Incoming Traffic (email) Outgoing Traffic (Web) Denial of Service Attack (flooding line)