Copyright © 2005

All rights reserved

This Larstan Business Report explores the impact new secure information sharing requirements are having on agencies with defense, intelligence and homeland security missions. It reports on how one company, IBM, is providing platforms for managing these new requirements.

The need to share information among different governmental agencies has risen dramatically due to the war to combat terrorism. Increased emphases on information-sharing among agencies tasked with protecting U.S. national interests at home and abroad have placed greater responsibilities for handling national security information on local and federal agencies that, in the past, have been outside the normal channels of classified information processing.

The traditional approach to enforcing multiple security levels (MSL) has been for each federal agency to operate a separate computing infrastructure for each level of security authorization in force at that agency. A discrete network with one set of servers and storage devices is deployed for top secret data; another is maintained for secret data and yet another for unclassified data (in some cases, all classifications of data are replicated on the servers with the highest security ratings).

This traditional approach, however, is inconsistent with the new mandates to share information to respond to – or prevent – threats to U.S. interests. As a result a better architecture for inter-agency data sharing is being implemented by government agencies: multi-level security or MLS.

MLS has two primary goals.

Effectively implemented, MLS systems ensure that data can be consolidated onto a single infrastructure, while maintaining the highest levels of assurance that it can only be accessed by authorized users.

According to a joint Larstan Business Report/Government Security News survey of 214 security professionals working at federal agencies with a national security mandate, respondents overwhelmingly agreed that the war on terror has increased the importance of information security.

In response to these trends, IBM has integrated multi-level security support into its z/OS offering – a highly secure, scalable, high-performance enterprise operating system on which to build and deploy Internet and Java-enabled applications, providing a comprehensive and diverse application execution environment. Designed together with DB2 Version 8, IBM provides federal agencies with a high assurance solution for multi-level security on the zSeries mainframe. This support provides row-level security labeling in DB2, and protection in z/OS, designed to meet the stringent security requirements of cross-domain access to data. This solution leverages zSeries leadership in scale, high availability, and self-managing capabilities.

The z/OS system achieved compliance with the Common Criteria Controlled Access Protection Profile (CAPP) at Evaluating Assurance Level 3 (EAL3) and Labeled Security Protection Profile (LSPP) at EAL3+. EAL3 indicates that the product was evaluated in its design stage for vulnerabilities and that the developers’ testing results were independently verified. CAPP compliance indicates that the z/OS supports access controls that enforce limitations on individual users. LSPP compliance means that the system restricts or grants access to data only after verifying the clearance level of the user to the security level of the data.

IBM’s current MLS offerings take into account the need for a sustainable business case. The IBM business case is based on the current concerns of federal agencies and the desires for higher degrees of organizational integration. IBM is making the investments and partnering with government agencies as well as federal systems integrators to make these capabilities a reality.