NATO UNCLASSIFIED

IEG Portfolio (Scenario A and B)

US-NATO Information Sharing (UNIS) TEM62 December 2009

Leon SchenkelsNC3A Core Applications

Core Enterprise Services (CAT7)

2

Manages and secures information services in between NATO and external organisations. (Supports multiple interoperability scenarios).

Supports core and functional AIS services interoperability based on agreed standards.

Provides flexibility, scalability and high availability.

Complies with NATO policies, Major references: Infosec Technical and Implementation Directive for the Interconnection of Communication and

Information Systems. NATO interoperability Directive (chapter 7) Guidance document on the implementation of gateways for information exchange between

NATO and external CIS communities.

NATO USER

NATO DOMAIN OTHER DOMAIN

OTHER USER

IEGINFORMATION EXCHANGE

NATO IEG

What is the IEG

NATO UNCLASSIFIED

3

What are the IEG scenarios

• NATO standardised approach to cross domain information exchange

• Several scenariosA: NS ↔ NS (Enclave)B: NS ↔ NATO Nation SecretC: NS ↔ Mission SecretD: NS ← (↔) NNN/IO

• Supports Core and Functional services

NNN/IO

NNN/IO

NATO-led CRO/DJSE

NATO Nation

NATO Restrictedor Unclassified

NATO enclave

NATO Classifiedor Secret

IEG Scenario A

Appendix 2, Case A

IEG Scenario B Appendix 2, Case B

IEG Scenario C

Appendix 1, Case A

PAN

Appendix 3, Case A

Data D

iode

Appendix 3, Case B

Data D

iodeA

ppendi x 3, Case B

IEG Scenario C+

Appendix 1, Case B

NATO UNCLASSIFIED

4

IEG Architectural Approach

IEG developed as discrete components supported by generic infrastructure.

Advantages: Re-uses the core

services infrastructure Accreditation tasks are

simplified (fewer components).

Maintainable (minimises the number of additional proxies)

InfoSec

IEG Infrastructure

IEG Functional Services

Generic IEG-FS proxy

GuardFSconv

FSconv

IEG Core

Link-1Link-11Link-16Link-22OTH-GoldNFFIADatP-3 B11CUSMTFXMPPMIP-DEM

Link-1Link-11Link-16Link-22OTH-GoldNFFIADatP-3 B11CUSMTFXMPPMIP-DEM

WEBE-MailDirectoryMMHS

MSG Proxies

WEBProxy

Dir.Proxy

WEBE-MailDirectoryMMHS

NATO UNCLASSIFIED

NATO UNCLASSIFIED 5

Information Exchange Gateway case A+BSymmetric IEGs

NATO

MTA

WEB

Proxy

IDS

MTA

WEB

Proxy

IDS

Z Z NATONation

DSADSA

BPD

BPD

NATO UNCLASSIFIED 6

IEG Scenario B (RIEG)

NATO UNCLASSIFIED 7

Phased approach to NATO RIEGs

Phased increase in security protection Step 1 (Scenario A implementation)

Build network level infrastructure (Firewall, IDS) Local/central management as required Add web proxy services first, then email (through

Email Upgrade project). May require some waivers for IATO

Step 2, 3 etc (Scenario B Implementation) Add formal messaging and directory services

Directory Services for Email may be added by Email Upgrade project (GAL Sync)

Add other services when authorised e.g. TDL

NATO UNCLASSIFIED 8

Case A IEG Project Status

Case A IEG Project - Authorisation for 6 NATO Regional IEGs & 18 National IEGs Stage 2 Authorisation Request 3Q07 Contract award 2Q08 Regional IEGs installation completed 2Q09 National Site Surveys commence 3Q09 National IEGs installation begins 1Q10 Final Acceptance Test 4Q10

NATO UNCLASSIFIED 9

Scenario B IEG Planning Project

Future Milestones

Validation of technical solution – 3Q09 TBCE developed – 4Q09 TBCE screened by WGNTE – 1Q10 Contract Signed – 4Q10 Service Transition/Installation Commences – 1Q11 Project Completion – 4Q13

NATO UNCLASSIFIED 10

Email Upgrade

Email Upgrade – Programmatic Proposals received – Oct 2007 Price evaluation completed – Dec 2007 Technical evaluation commencement – Mar 2008 Contract award - 2Q09 Compliance Tests – 4Q09 Commence deployment in – 2Q10 Complete deployment in – 3Q10

NATO UNCLASSIFIED 11

NATO Messaging System - Phase 1

NMS Phase 1 Factory Acceptance Testing complete – Feb 2006 Certification Testing complete – Oct 2006 Alternate Solution Evaluation

Compliance Testing complete – Feb 2007 Usability Testing complete – Mar 2007 Evaluation report – Jul 2007 NMS Phase 1 contract amended - April 2009 Phase 1 Amendment coordination

Award Amendment contract –1Q09 Regression testing of upgrades – 1Q10 Site surveys and preparations – 3Q09 - 4Q09 Begin Phase 1 deployment (surveys and installation) – 2Q10 – 4Q10 IOC (System Acceptance for Phase 1) – 2Q11

NATO Messaging System – Phase 2

Phase 2 coordination commencement – 4Q09 Minimize gap between Ph 1 and Ph 2 Subject to successful initial deployment of Ph 1 Replace PKI with NATO PKI, ACP145, Integration into

IEG B, Interoperability tests with Nations Identification of Phase 2 Sites Successful system testing of Phase 1 sites

Phase 2 Authorization – 3Q10 ACP145 inclusion (if joint standard ratified) ACP133 Edition C inclusion (latest ratified version) IEG Scenario B integration NATO PKI deployment

FOC (end Phase 2) – 2Q12

12NATO UNCLASSIFIED

NATO UNCLASSIFIED 13

NATO Enterprise Directory Service (NEDS)

NEDS Project Status Phase 1 completed – Sep 2008 Phase 2 Authorization Request – Nov 2008 Information for Bidders release – 3Q09 Contract Award – 1Q10 Site Surveys – 2Q10 Initial Operational Concept commencement – 1Q11 Final System Acceptance – 2Q11

IEG A project milestones

NATO UNCLASSIFIED 14Now

R-IEG

N-IEGS.S

2009 2010 2011 2012

N-IEGD’ploy

N-IEGFOC

IEGWeb NEDS*

* Information Provider Only

NMS Ph 1

NMS Ph 2ARH

BMTA

PTC Enhancements

IEG-B

IEMSEmail

DS

IEMSEmail

DS

IEG-C KFOR

IEG-C+ KFOR

IEG B project milestonesIEG C project milestonesThe IEG portfolio

NATO UNCLASSIFIED 15

Discussion ...

NATO UNCLASSIFIED 16

CONTACTING NC3A

NC3A Brussels

Visiting address:

Bâtiment ZAvenue du Bourget 140B-1110 BrusselsTelephone +32 (0)2 7074111Fax +32 (0)2 7078770

Postal address:NATO C3 AgencyBoulevard Leopold IIIB-1110 Brussels - Belgium

NC3A The Hague

Visiting address:

Oude Waalsdorperweg 612597 AK The Hague

Telephone +31 (0)70 3743000Fax +31 (0)70 3743239

Postal address:NATO C3 AgencyP.O. Box 1742501 CD The HagueThe Netherlands