|
Multi-Level Security Strategies for the Federal Government Operational Impact Analysis
Copyright © 2005 All rights reserved Editorial Director John Persinos Research Associate David Evancha
|
|
This document was developed with IBM funding. Although the document may utilize publicly available material from various vendors, including IBM, it does not necessarily reflect the positions of such vendors on the issues addressed in this document.
Part 3: Operational Impact Analysis Creating a Security Utility If it were possible to profile the internal workings of a U.S. intelligence agency, as it struggles to meet new mission requirements, they might look something like this: Intelligence agency X is a small agency whose primary objective was to gather and analyze very specific data associated with a very narrow portfolio. Traditionally it shared information cleared by its own gatekeepers with sister agencies in the intelligence and military communities and, on a very selective basis, with the State Department. As the mandate of the intelligence community has shifted, agency X is now tasked with sharing information on a more dynamic and real time basis with key intelligence partners. But it is still critical to ensure that only authorized personnel can access the information. The agency maintains top secret, secret, unclassified and a variety of other data classifications, which it enforces by maintaining discrete systems dedicated to different classifications and applying stringent controls to data replication. From an operational standpoint, this has necessitated a significant degree of content management, the extent of which is mounting rapidly, given the agency’s new mission requirements. Agency heads recognize this and fear a security-compromising breakdown. To alleviate its content management burden, agency X has concluded that it must migrate from its highly-stratified, stove-piped environment to a multi-level security architecture that supports a greater measure of data dissemination along with a high level of assurance. This will permit the agency to consolidate many of its servers onto a single platform, which enforces different security classifications using logical partitions and mandatory access control. Other security-related functions will include record auditing, user identification and name hiding. The agency decided that the ideal platform is a mainframe that functions as an application database server. It will be complemented by a second server that uses Web Services to provide security for the applications and database, the operating system and portions of the network in a utility-like fashion. This will allow the agency to simplify and streamline its technology environment, and reduce its costs, while sharing information with other agencies in a secure and appropriate manner. …Web Services and XML The scenario described above depends on shifting the infrastructure’s security functions onto a single dedicated server. This is accomplished through the marriage of MLS and Web Services. MLS inserts security tags into the data stream to control access and audit usage. XML tags data in a universally recognized format, allowing the tags to be read and interpreted by otherwise incompatible systems. Using XML to create MLS security tags simplifies application development and expedites data exchange among disparate systems by applying the security function using industry standard technology. And by using digital signatures, agencies can ensure that the tag and the object being labeled are tightly bound – further ensuring the integrity and security of the data. "To better access and integrate data, we’re talking about Web-based systems and XML-based interactions among systems. This is very much driven by the commercial market, but there is a strong desire now to employ these technologies with respect to the sharing and exchange of data among various security levels. So, one thing that’s quite obvious is that the old way of doing things, with fixed formats and very rigorously controlled guards and stovepiped systems, is unsatisfactory. The desire across the board within government, including state and local government, is to make sure that any new system does the sharing with these contemporary technologies." – Eric Beyer, Lockheed Martin From an operational standpoint, the implications of integrating MLS with Web Services are as follows: The MLS architecture provides the foundation for adopting Web Services through the use of XML security tags, which greatly simplify MLS implementation. Other XML tags can be used for a variety of secured Web Services, enabling federal agencies to share resources and exchange data more easily. Implementing Web Services is also an essential step for any agency looking to deploy the latest generation of commercially available technology. MLS-based Web Services pave the way for platform consolidation by allowing agencies to treat security in a utility-like fashion. Security functions once inserted in a system’s application code are now ‘stripped out’ and replaced by security services (in the form of XML tags), which are served up by a specialized Web server. Extracting the ‘security predicate’ from the core application code streamlines the application programming process, freeing agency IT staff to respond more quickly to new mandates and mission imperatives. It also eliminates the need for a separate security review for each new piece of application code, since the security functions are now performed by a single, isolated system. By imbedding the security functions in the system logic and architecture there is no longer any need to maintain separate physical systems to support different levels of security classification. Instead, these can be maintained through logical partitions and mandatory access controls, permitting agencies to consolidate most of their systems onto a single platform. This can dramatically reduce costs and data management overhead, while raising assurance levels and improving data access in a highly controlled manner. For larger agencies, the best platform for system consolidation is a robust, MLS-compliant mainframe. The mainframe is the most mature platform in the MLS-capable world and the most stable platform in the computing pantheon. It also offers the richest array of management features and the greatest economies of scale. With the right resources in place, larger agencies can adapt the commercial outsourcing paradigm to an eGovernment model and host systems for smaller agencies. Once again, MLS is the key enabler, since it provides a framework for walling off one agency’s data from another’s. Commercial outsourcers are likely to adopt MLS for the same reason—it will allow them to reduce their costs by hosting multiple accounts on a single platform and still guarantee high levels of privacy. …A National Security Infrastructure in Perpetual Transition It would be fair to characterize the national security community of agencies in the federal government to be early adopters of IT and communications technology in general, and security advances in particular. In fact, this segment of the government has tackled problems and created solutions that have been effectively transferred to the private sector. It would also be fair to say that this community of agencies is constantly monitoring and improving its infrastructure to accommodate the latest proven technologies This fact is borne out in our survey. Sixty-five percent of the respondents indicated that their agency is currently engaged in modernizing its infrastructure. Only a small minority of respondents reported that their agency was not undertaking a modernization initiative (see Figure 4).
Figure 4 – Source: Larstan Business Reports/Government Security News MLS implementation, according to a plurality of the survey respondents, is the driving force behind their agencies’ modernization initiatives (see Figure 5). Figure 5 – Source: Larstan Business Reports/Government Security News There is also recognition by larger agencies that the mainframe provides an optimal platform for large-scale systems consolidation. This is less applicable to smaller agencies and is reflected in the responses fielded by the survey (see Figure 6). Figure 6 – Source: Larstan Business Reports/Government Security News "There are E-Government initiatives; there’s DHS, which needs to consolidate systems; there are several agencies that were lumped together and need to pull costs out of their equation, and there are various agencies that are interested in providing E-Services for other agencies. They are all starting to understand that in order to integrate their systems and reduce costs, but still meet the security and privacy that their missions require, they need an MLS infrastructure. It provides the underlying engine for e-business on demand for federal agencies." – Chris Daly, Practice Lead Federal Markets, IBM
|
