From the discussion thus far, it is obvious that as Defence, like other enterprises, reaches out with its networks and is accessed by ever-growing numbers of friends, partners and adversaries, the risk of misuse, theft or sabotage increases. A suitable framework for addressing the vulnerabilities outlined in this chapter, and for securing the Defence enterprise, might be in terms of four integrated layers of activity—policy, operations, systems, and technical measures.[107]
In policy terms, the ADF would need to address such issues as the design, planning and implementation of communications and information systems, which is a collaborative activity between users and providers to achieve a negotiated service. Force protection consequences should be more important than information access, which means that information might have to be restricted or even withheld from a user who has a high probability of capture or compromise. Active information governance measures such as responsibility, authority, procedures, contingency arrangements, reporting and standards should apply across the network.
In operations terms, the ADF would need to address connectivity and interoperability associated with joint force operations as well as combined force operations. In the former, all force elements would need to be connected at the lowest practicable organisational levels (e.g. infantry patrol to close air support aircraft). In the latter, connectivity might be between components and selected force elements (e.g. ADF land component commander to US amphibious task group). Finally, connectivity to Defence finance, logistics and personnel systems and to the systems of other agencies is required by deployed forces.
Systems integration and interoperability will minimise duplication and single points of failure. Cryptographic security, security against computer network attack, and personnel and infrastructure security arrangements should all be provided to the lowest level of connectivity. Robust system redundancy should be provided with appropriate levels of survivability and recovery, and preventive security measures should be offered through enhanced deterrence, detection, containment and response services.
In technical terms, a number of possible initiatives present themselves. First, IT systems (including communications and cryptographic) standards, configuration and protocols should be made compatible with national and combined requirements. Second, dynamic system security can be achieved through appropriate cryptographic, firewall, and virus protection, while dynamic system survivability can be achieved through appropriate routing, standby and duplicate equipment and services. Third, coalition IT and communications standards should be compatible with commercial requirements. Fourth, classification, storage, release and distribution arrangements should be made that also include training, processes, procedures and responsibilities.
Other technical matters such as security architectures, secure identities and access, secure workforce, secure content management and secure web services also need to be addressed. These are covered in more detail below.[108]
Integrated security architectures need to cover directory services, Public Key Infrastructure (PKI), and privilege management infrastructure, as well as digital signatures, authentication, access control, network security, workstation and Personal Digital Assistant (PDA) security, application security, and monitoring, IDS and incident response systems.
Identity and access management needs to cover all aspects of authentication, authorisation and entitlement. Access should be granted only for authorised users, and those users should access only that information they need to access.
Increasingly, workers will be more mobile and their access will need to be secured. Similarly, portals and email systems add to overall vulnerability, which in turn demands greater security vigilance. While web services provide real-time integration of business services from multiple sources, they also add even further to network vulnerability.
As part of this framework, Defence also needs a strong risk assessment methodology (covering attack and penetration testing, and emergency response measures), solid infrastructure security (by designing secure networks, perimeter security controls, multi-layered anti-virus architectures, secure wireless networks and remote access points, and system hardening), business continuity and the ability to recover from shocks and disruptions. Just as importantly, any enterprise with which Defence interacts electronically needs to have in place these security features.
One way of addressing trusted information infrastructure is to develop a data access and management system that incorporates enterprise security, identity management, IA and information dissemination management. At the technical level, this would mean data standardisation, encryption and PKI tagging, and a protected data fusion engine that could manage the secure authentication process.
As Philip Dean and Bruce Talbot[109] suggest, such a system would provide a secure place to post classified information that would be accessible from networks of various classifications, all within a securely managed workflow that would ensure that trust could be managed, assured and controlled.
COTS software would be sufficient for providing Multi-Level Identity Management and Secure Service Provisioning. These two concepts would need to be developed in tandem to ensure that security could be delivered through a layered approach that also manages identification, security clearance and access rights of both providers and users of the information. Location, information access and physical protection would be afforded by:
providing a posting area for information that could be fully managed and secured and that could only be accessed by authorised users;
offering compartmented storage within that posting area as necessary; and
tagging devices such as PCs to ensure that they meet device constraints related to the specified information.
A data standardisation regime would be needed to ensure data that had been posted could be received by all authorised devices. Additionally, a management standardisation regime would be needed so that all interactions could be managed, such as the posting of documents, the identities of information providers and users, and the flow of information (based on policies, rules and identity).
Just as intelligence, command and control, and corporate information systems cry out for multiple layers of security to improve information sharing and collaboration and to reduce costs, so too do the interoperability requirements within the battlespace. Specifically, mission control systems such as fire-control systems on naval surface combatants and the multi-function displays in combat aircraft will need to be linked to ground forces in future in order to deliver integrated joint fires.[110]
While the foregoing is aimed squarely at Defence, the same issues pertain to a whole-of-nation perspective to securing Government agencies and ensuring a networked trusted information infrastructure.
[107] I acknowledge the contribution of my colleague Brigadier Steve Ayling for his thoughts on the framework.
[108] See also Accenture, The Accenture Security Practice: Security and the High-Performance Business, 2003, available at <http://whitepapers.silicon.com/0,39024759,60086441p,00.htm>, accessed 3 March 2008.
[109] I am indebted to my colleagues Philip Dean and Bruce Talbot for their assistance in clarifying my thinking of how a trusted information infrastructure could be developed.
[110] For an insight into more effective joint fires for the future, see Alan Titheridge, Gary Waters, and Ross Babbage, Firepower to Win: Australian Defence Force Joint Fires in 2020, Kokoda Paper no. 5, The Kokoda Foundation, Canberra, October 2007.