The cyber threat does not respect borders, but those borders - be they organisational or national - represent trust boundaries. Cybersecurity "threat-intelligence" solutions are therefore required to handle cross-sector, cross-organisational sharing, while simultaneously protecting data sovereignty and respecting national laws. A "simple" solution would be enforce a common policy across all sharing organisations; but this inevitably leads to complex coordination, compromise and increased training of users - thus reduced sharing. Government and Military best practise is to use a policy-driven labelling system which clearly 'marks' data according to a locally-defined policy, and maintains those same semantics as the data is shared across organisations with different security policies; allowing for multiple policies to be used in parallel, translating not only between security policies but between natural languages as well. For example, a NATO marked item might be seen as NATO RESTRICTED PERSONAL to one person, OTAN DIFFUSION RESTREINTE PERSONNEL to another, and TLP:RED PII to a third; all while preserving the original confidentiality requirements, allowing originator-specified, fine-grained, semantic-based access controls to be applied throughout the network of communities. This technology is relied upon both in strategic and tactical cases within NATO, and remains state-of-the-art in assured information sharing. This presentation of the technology being used by NATO will explain how standards-based solutions (SDN.801(c) and STANAG 4774) can build on Traffic Light Protocol (TLP) to support access control, complex policies, multilingual support, and policy translation. Details of the use of labelling and clearance standards in email and instant messaging will also be ...
Bohemia Ballroom Borderless Cyber Conference and Technical Symposium / 6-8 Dec 2017 / Prague events@oasis-open.orgThe cyber threat does not respect borders, but those borders - be they organisational or national - represent trust boundaries. Cybersecurity "threat-intelligence" solutions are therefore required to handle cross-sector, cross-organisational sharing, while simultaneously protecting data sovereignty and respecting national laws. A "simple" solution would be enforce a common policy across all sharing organisations; but this inevitably leads to complex coordination, compromise and increased training of users - thus reduced sharing.
Government and Military best practise is to use a policy-driven labelling system which clearly 'marks' data according to a locally-defined policy, and maintains those same semantics as the data is shared across organisations with different security policies; allowing for multiple policies to be used in parallel, translating not only between security policies but between natural languages as well.
For example, a NATO marked item might be seen as NATO RESTRICTED PERSONAL to one person, OTAN DIFFUSION RESTREINTE PERSONNEL to another, and TLP:RED PII to a third; all while preserving the original confidentiality requirements, allowing originator-specified, fine-grained, semantic-based access controls to be applied throughout the network of communities.
This technology is relied upon both in strategic and tactical cases within NATO, and remains state-of-the-art in assured information sharing.
This presentation of the technology being used by NATO will explain how standards-based solutions (SDN.801(c) and STANAG 4774) can build on Traffic Light Protocol (TLP) to support access control, complex policies, multilingual support, and policy translation. Details of the use of labelling and clearance standards in email and instant messaging will also be covered.
The practical demonstration will showcase both the traditional information-sharing military method and the enhanced collaborative-security development. A liberally-licensed Open Source library will be demonstrated that supports a full implementation of the specifications, and an example of its use in a complete product will be demonstrated.
Re-using this technology within CTI would allow network defenders to share with greater confidence, knowing that the information shared will be handled appropriately by the recipient; maximising cybersecurity information sharing whilst understanding and respecting those trust boundaries.
