Standards body investigates C4I security tagging
The Object Management Group
's (OMG) working group
for Command, Control, Communications, Computers and Intelligence (C4I) has begun investigating the possibility of either developing or adopting a set of standardized security tags that different service commands could use to share information among themselves, as well as with intelligence agencies and foreign military services.
Meeting this week at an OMG conference held in Washington, the group is investigating whether any existing Extensible Markup Language-based (XML) standards will work for this task, or if it should develop a new set of tags entirely. The tags will be used by the middleware that bridges different C4I systems.
When military data is passed from one system to another, the classification, or sensitivity level, of the data is frequently needed to determine how that data is processed. Without a previously agreed-upon definition of sensitivity level, the data must be channeled through point-to-point exchanges, which can be cumbersome to set up, or even conveyed by hand. A set of tags, if used by all the parties in a transaction, would provide a universal way of understanding the sensitivity of information being transmitted. Ideally, the tags would be used by the combat systems of multiple countries, so that allied forces could share information.
Although the task may sound simple, data tagging sensitive information can be a challenge, to judge from the concerns raised by members of the workshop. For example, individual data elements by themselves may be unclassified, such as the name of a submarine, but when combined with other data elements, such as where that sub will be at a certain date or time, the aggregate of that information could be highly sensitive. A set of data tags should be able to specify the different sensitivities at different levels of granularity, one participant suggested.
One of the existing security standards that the group is considering adopting are those from National Information Exchange Model (NIEM). The Defense Department has already adopted the NIEM data model for security elements.
Originally named the Global Justice XML Data Model (JXDM), this XML-based data model was first used to share information across state, local and federal criminal justice agencies, explained Jim Pringle, a NIEM spokesperson who gave a presentation at the workgroup meeting. NIEM has since been expanded to incorporate other elements of homeland defense-related data sharing.
NIEM is a collection of data models from different domains of expertise, such as law enforcement or court proceedings, organized under a single namespace. By using NIEM, an agency can reduce the number of different exchange protocols it maintains with outside systems. For the security tagging, NIEM adopted the Intelligence Community Information Security Marking (IC-ISM), released in 2008 by the Director of National Intelligence. It is based on the current U.S. classification system.
Some members of the group expressed the concern that NIEM may be too specific to U.S. needs. Using a NATO security model was also raised, though it is limited in size, other members argued.
Ronald Townsend, a co-chairman of the group, said whatever tags that will eventually be developed or adopted will likely come in the XML format, and could be easily rendered in the Unified Modeling Language, a modeling standard developed by OMG. OMG is an industry consortium created to develop enterprise integration standards for a wide range of technologies.