Transatlantic Secure Collaboration Program TSCP Briefing for the Federal PKI WG - PowerPoint PPT Presentation

Loading...

PPT – Transatlantic Secure Collaboration Program TSCP Briefing for the Federal PKI WG PowerPoint presentation | free to download - id: 848be-ZDc1Z



Loading


The Adobe Flash plugin is needed to view this content

Get the plugin now

View by Category
About This Presentation
Title:

Transatlantic Secure Collaboration Program TSCP Briefing for the Federal PKI WG

Description:

The collaboration model is changing to adapt to the new industry trends. ... Successful collaboration depends ultimately on measurable data quality. ... – PowerPoint PPT presentation

Number of Views:72
Avg rating:3.0/5.0
Slides: 39
Provided by: BA278
Category:

less

Write a Comment
User Comments (0)
Transcript and Presenter's Notes

Title: Transatlantic Secure Collaboration Program TSCP Briefing for the Federal PKI WG


1
Transatlantic Secure Collaboration Program
(TSCP) Briefing for the Federal PKI WG
Washington 13 May 2004
www.tscp.org
2
The Defense Business Environment
  • DOD
  • Warfighter defeats the enemy and keeps the
    peace
  • Intelligence knows about the enemy
  • Business converts to defence capability under
    political governance
  • Coalition Allies/Partners
  • Industry Primes/Partners
  • Products
  • Services and support
  • Supply chain
  • Most verticals
  • Increasingly international

3
The collaboration model is changing to adapt to
the new industry trends . . . the security
solution must be equally adaptable and flexible
Security Model
4
Data in the collaborative environment…
  • A typical corporation aligns and optimises its
    processes. The internal environment is
    process-centric.
  • Collaborating organisations depend on shared
    information. This environment is data-centric.
  • Successful collaboration depends ultimately on
    measurable data quality.
  • Standard contractual clauses are needed for data
    quality, metrics and audit.
  • Sharing sensitive data requires data segregation
    management
  • So, what building blocks do we need to get there,
    and how are we doing?

5
Collaboration maturity is driven by the depth of
information available between partners
Levels of Collaboration
Attributes of Collaboration
Objective
Capabilities Being Used
Business Benefit
Risks
  • Collaborative Product Design and Development
  • Enterprise Bus. Intelligence
  • Improved knowledge sharing, reducing product
    cycle time
  • Single access to data sources, reducing search
    and acquisition time
  • Greater exposure to intellectual property loss
  • Data corruption/theft

HIGH
Level Four Extended Collaborative Enterprise
Product Lifecycle Management
  • Enterprise Program Management
  • Portals/Search Tools, Document Management
  • Peer-to-Peer Collaboration
  • Improve and transparency of schedules resource
    allocation
  • Increased access and reuse of internal knowledge
    to enhance innovation
  • Exposure and/or theft of intellectual property
  • Transparency into potentially damaging program
    management issues

Level Three Contextual Collaboration
Program Management
Collaborative Capabilities
  • Inter-Enterprise Process Management /Web Services
    (ERP/SCM/CRM Integration)
  • B2B Exchanges
  • Automate collaborative process management across
    the enterprise between organizations
  • Improve supply chain transparency and open
    channels for new partners
  • Process automation creates greater
    interdependencies and management complexity
  • Insights into financial aspects of the business
    model

Level Two Collaborative Commerce
System-to-System Messaging
  • Office productivity tools and simple information
    exchange, calendaring and scheduling
  • E-mail, attachments, secure instant messaging
  • Improving individual team productivity through
    greater reach (e.g., e-mail) and standardization
    (e.g., PDF, .doc)
  • Inadvertent transfer of sensitive documents
  • Viruses

Level One Productivity-Centric Collaboration
Simple Messaging
LOW
6
What are Data and Information?
Security Commercial legal
Competition
Collaboration
Need for Trust and a Common Language of
Business
7
In a collaborative environment based on Trust,
how important is it ...
  • To Trust someone else? (Corporate view)
  • To be Trustworthy? (Collaboration view)

8
Protecting Sensitive Data The Gap
Few people, little data, low dynamics
Rules
No Rules
Lots of people data, rapid dynamics Cross-orga
nisation cross-nation
9
The Phase I delivered a guidance framework to
enable secure collaboration
Background…
Framework for Secure Collaboration
Motivation
Defense Collaboration
  • The drive by UK MOD, US DoD, industry and
    exchanges to meet collaborative business goals
    requires information to be shared more widely,
    securely, effectively and affordably between US,
    UK and other European nations
  • To collaborate successfully, corporations must
  • Connect securely to collaborative partners
    (secure transport)
  • Know and control who is accessing its data
    externally (authentication)
  • Segregate data by projects and programs
    (authorization)
  • The ability to segregate data at all layers
    (network, host, application, data base) is not
    currently being addressed

10
The purpose of the Framework was to provide a
common baseline to setup Secure Collaborative
Environments (SCE)
Background…
Personal Information
Government Information
Corporate Information
REGULATIONS
11
The Framework also outlined a conceptual
architecture designed with trust zones where
the SCE would be contained in the Yellow Zone
SCE Conceptual Architecture
12
Phase 2 Requirements…
The Governance Board provided statements of
requirement to develop guidance framework
documents
Summary of Key Requirements
13
Phase II Players
  • Airbus/EADS
  • BAE SYSTEMS
  • The Boeing Company
  • CAE
  • Lockheed Martin Corporation
  • Northrop Grumman
  • Raytheon Company
  • Rolls-Royce
  • Smiths Aerospace
  • Westland Helicopters
  • Defense
  • DoD
  • MOD
  • DND 

14
Purpose, Background Status…Overview
Booz Allen, sponsored by ten companies and
supported by the UKCeB TF, was tasked with
developing guidance to protect export controlled
data in a collaborative environment
  • Background
  • European, UK, US, and some Canadian defense
    companies involved in international collaboration
    are increasingly concerned at the extent to which
    the penalties associated with violations of
    diverse multi-jurisdictional export control
    regulatory environments are hampering or
    threatening their ability to collaborate and
    compete in a broadly similar manner across
    national boundaries
  • Requirements
  • Provide guidance on the protection of
    export-controlled data in a way that gives
    greater confidence of compliance to the
    regulators of different nations and collaborative
    partners, particularly with regard to the sharing
    of measurable audit data. The guidance should
    build upon the Phase 1 Framework for Secure
    Collaboration.
  • Provide guidance for companies involved in
    collaboration to implement common and
    interoperable identity management capabilities to
    control access to data
  • Approach
  • (1) Capture the requirements, define the As-Is
    and To-Be, assess the gaps, and identify a
    design to bridge the gaps
  • (2) Coordinate with other relevant initiatives
    and best practices and engage with major
    stakeholders outside the TSCP participants
  • (3) Design a framework of principles and
    guidelines including management, procedural, and
    technical characteristics
  • Program Goals
  • Participating companies will endorse and accept
    the requirements, design and framework
  • The US, UK, and Canadian regulatory authorities
    will find the framework to be sound guidance for
    improved collaboration

15
Collaborative Identity management is a critical
capability required to mitigate the risks
associated with compliance to export control
regulations
Approach…Phase II…
Integration of Export Control Guidance
Collaborative Identity Management Frameworks
Export Controls
Collaborative Identity Management
Collaboration Program Requirements
Identity Management Capabilities Required to
Support Export Control Compliance
Federated Collaborative Identity Management
Framework
Export Controls Guidance
16
The As Is CTA relies upon replication of data
and many 11 trust relationships to facilitate
collaboration
Validated Draft Design Review …Conceptual
Architecture (As-Is)
Nation 2
Nation 1
  • Distributed replicated data environment results
    in higher costs and difficult data management
  • Duplicative security management results in
    overall lower security environment
  • Multiple identity repositories cause duplication
    and difficulty in management
  • Trust is formed on one-to-one basis and is not
    scalable
  • Third Parties are used to host collaborative
    applications and infrastructures, driving
    increased cost and point solutions

Company B
Company A
Trusted Corporate LAN
Collaboration Trust - DMZ
17
The To Be CTA (Gold) uses common
interoperability mechanisms and integrated data
environments to drive trusted collaboration
Validated Draft Design Review …Conceptual
Architecture (To-Be)
Nation 2
Nation 1
  • Integrated data environment results in less
    replication, lower costs, and better control
  • Interoperable security management mechanisms and
    infrastructure increases security while reducing
    cost
  • Directory gateway brokers leverage, do not
    replace, existing repositories while providing
    interoperability mechanism
  • Trust is formed across federated environment
    using bridging mechanisms
  • Third Parties and consortia assist in hosting
    trust and interoperability infrastructure through
    Commercial Bridge and Trusted Directory Gateway
    Broker

Company B
Company A
Trusted Corporate LAN
Collaboration Trust - DMZ
18
A comparison of the two states shows a move
towards integrated, streamlined, and standardized
architectures
Validated Draft Design Review …Conceptual
Architecture (Differences)
As-Is
To-Be (Gold)
  • DATA Physically segregated data with no
    standard tagging schemes
  • SECURITY MGMT Duplicative and stove piped
    security management
  • IDENTITY No single authoritative or
    interoperable identity solution
  • THIRD PARTIES Reliance on third party services
    for specific collaborative applications and
    directories for niche applications
  • APPLICATIONS Complex application data flows
    with hard wires security
  • ACCESS Proprietary access management processes
    and data flows
  • TRUST Trust largely based on human processes or
    11 point solutions
  • DATA Integrated data uses tagging schema to
    assist in managing security
  • SECURITY MGMT Distributed yet consistent
    security management with directory integration
  • IDENTITY Standardized identity schema ensures
    interoperability with many repositories
  • THIRD PARTIES Third parties assist in
    interoperability/bridging environment Not just
    apps
  • APPLICATIONS Data flows largely unaffected but
    use consolidated security infrastructure
  • ACCESS Streamlined access management through
    common policies, procedures, mechanisms
  • TRUST Trust based on standard processes,
    schemas, and minimal additional technology
    investment

19
How-To Guide …Migration Plan
The final How-To Guide will outline a generic
migration plan that can be leveraged to build a
company-specific migration plan
Activities/Work steps
Quarters
Illustrative
Q1
Q2
Q3
Q4
Q5
Q6
Q7
Q8
Q9
Q10
Q11
Q12
Q13
Q14
  • Identify Collaboration Requirements
  • Compliance
  • Complexities (G/S/B)

-
  • Baseline Current Capabilities
  • Compliance
  • Complexity
  • Perform Gap Analysis
  • I/M, IAM, GO, TA
  • Develop Migration Plan

-
-
-
  • Migrate to Bronze level capabilities
  • Information Management
  • Identity Management
  • Governance Oversight
  • TA
  • Technical Architecture

-
  • Migrate to Silver level capabilities
  • Information Management
  • Identity Management
  • Governance Oversight
  • TA
  • Technical Architecture

-
  • Migrate to Gold level capabilities
  • Information Management
  • Identity Management
  • Governance Oversight
  • TA
  • Technical Architecture

-
Phase 0 K - K
Phase I K - K
Phase II K - K
Phase II K - K
20
TSCP Way Ahead
  • Implementation of the Phase 1 and Phase 2
    documents
  • Support for the implementation of the Commercial
    Bridge
  • Support for the implementation of UID
  • … possibly, Controlled Information Release

21
UID Network Centric Collaboration
Industry
Unique Identification
People
Item
Location
Enterprise
Data
Network Centric Collaboration
U.S. Agencies External Governments (e.g., UK,
Australian, Canadian, Dutch)
22
Collaboration depends on Data Interoperability
Company A
Company B
Global Interface Standards
Asset tracking
Asset tracking
23
Unique IDentification (UID) is….
. . . the set of data for tangible assets that is
globally unique and unambiguous, ensures data
integrity and data quality throughout life, and
supports multi-faceted business applications and
users.
UID is . . .
24
(No Transcript)
25
(No Transcript)
26
Enterprise Integrated Data Environment (EIDE)
Provide an enhanced environment that enables the
DoD Logistics Enterprise to execute practices,
processes, applications and decision support
tools to achieve logistics interoperability and
allow for information exchange within and between
internal and external DoD business partners.
- Non-system dependent transactions -
Consolidation and reuse of Interfaces - Data
integration/sharing - Leverage Modernization
Efforts - Data Standards not Standard Data

27
Logistics Enterprise Architecture Blueprint
SCOR
Operational
View
Process Architecture
Identifies Warfighter
Relationships and Information Needs
Performance Based Metrics
Processing and Inter-Nodal Levels of Information
Exchange Requirements
Processing and Levels of Information Exchange
Requirements
Data Views
Systems Associations to Nodes, Activities,
Needlines and Requirements
Basic Technology Supportability and New
Capabilities

Specific Capabilities Identified to Satisfy
Information-Exchange Levels and Other Operational
Requirements
Systems
Technical
View
View
Procurement of the Selected
Technical Criteria Governing
Relates Capabilities and Characteristics
Interoperable Implementation/
Prescribes Standards and
to Operational Requirements
System Capabilities
Conventions
28
Defence contracting environment today requires
greater co-operation across national borders
inside a global company and across companies.
Industry has made assumptions and is acting on
them…
Strategic Imperatives
Requires…
But,…
  • US DOD is the dominant customer
  • US DOD is contracting for digital signatures on
    important electronic documents and its payment
    portal
  • US DOD is contracting for ISO Unique
    Identification of Tangible Items.
  • US DOD is putting into existing collaborative
    programs JSF, CH47
  • US DOD is specifying GIG architectural components
    in contracts
  • US DOD is demanding shorter technology refresh
    cycles
  • International regulators demand compliance or
    impose penalties
  • US DOD to secure agreement with allies and trade
    associations.
  • Companies to collaborate with US DOD to develop
    approaches that maximise interoperability and
    reuse
  • Secure data exchange between partners operating
    in different countries.
  • System of systems approach based on uniqueness
    standards
  • Collaboration in real-time to reduce the product
    development timeframe
  • Compliance with increasingly complex regulations
  • Organisations need help to use TSCP 1 2 to best
    effect.
  • Companies need to see benefits of TSCP investment
    and best practice ? V2
  • Companies need approach to implement DOD/ATA UID.
  • Companies need a way to link trust communities to
    satisfy DOD.
  • Companies need guidance to share/release
    documents under control.
  • Companies need guidelines to improve and measure
    data quality.
  • Need KPI evidence of risk management benefits

29
US DOD clean audit
Get ISO approval as part of ISO 10303
Company Repositories
30
Controlled Information Release involves the use
automation and rules….
31
Importance….. Why Should You Care?
  • The Giants of Defense Industry are Putting Their
    Money on Solving Net Centric for Themselves
  • Same Solution Space that DoD is Pursuing /
    Funding
  • Names/Motivations may be different, but Results
    Same
  • All Concerned Accept Need to Interoperate
  • Internationally
  • Between Competitors and Sub-Contractors
  • With their Defense Customers,
  • DOD, MOD, Other Primes, Other Defense-Related
    Organizations
  • These Companies Deploy With Us
  • For the Finish Line, We now have opportunity to
    Help
  • Build to Interoperability (on the first try)
  • Use Their Synergy and
  • Pool Results of Our Combined Investments

32
Identity Management
  • Separate Identity from Attributes
  • Strong Identity Management
  • Up Front Identity Proofing is Critical
  • Everyone needs strong credentials
  • Only one world-wide infrastructure for DoD
  • Authentication is Centralized in the Enterprise
  • Authorization is Decentralized

33
What are the data implications?
  • In the DMZ
  • Meta² data registry language of the company.
  • Meta data registry discovery data pointer
  • Audit quality metrics
  • Segregated, tagged data in the collaboration
    environment
  • In the collaboration zone
  • Commercial Bridge
  • Attribute Broker
  • Audit record keeper

34
Summary
  • Collaboration requires Trust and a Common
    Language of Business to meet a range of
    challenges, including regulatory.
  • Governments and industry are investing in strong
    identity management and strong data segregation
    management, with guidance for their
    implementation
  • Interoperability demands data standardisation and
    data quality metrics to underpin audit.
  • Expect to see collaborative Trust and Common
    Language of Business mechanisms appear in DOD and
    other nations contracts
  • How will the Federal community engage with
    partners and industry to tackle the common
    challenges?

35
Back Up Slides
36
Possible view of the Commercial Bridge
37
DOS
Treasury
Higher Ed
DOD
NASA
FBCA
Illinois
ECA
3
3
3
LM
Commercial Bridge
Boeing
Auto ??
NG
S
E
A
Rail ??
38
Commercial Bridge
  • Relevant Milestones
  • Dec 04 - DOD x-cert with FBCA
  • Apr 05 Commercial Bridge operational x-cert
    with FBCA
  • 3Q05 MOD x-cert with FBCA
  • Events
  • 28 April Initial Planning Meeting for the
    Governance Board - 4 governments and 4 companies
    for 12-18 months only
  • 11 May International CIDM Forum
    AFEI/AIA/SBAC/DMA possibly supported by AFCEA,
    AIAC NIID
  • Challenges
  • DOD ECA policy under review cost, risk and
    liability issues. Industry view??
  • Industry take-up sufficient to start up
About PowerShow.com