Managing GIG policy and privileges will require technology leaps

Managing GIG policy and privileges will require technology leaps

The National Security Agency's new technical reference model for securing data on the Global Information Grid is going to be entrenched at the Defense Department and should spread to other agencies and industry, Defense Department speakers said today at an interoperability conference in Washington.

'We are on a very, very fast path of power to the edge, and there are things I never imagined'1-Gbps encryptors and an aggressive [tactical] satellite program,' said Robert F. Lentz, information assurance director in the office of the assistant secretary of Defense for networks and information integration. 'Get information to the edge users and let them use it to advantage.'

Lentz and others spoke at a conference sponsored by the Institute for Defense and Government Advancement of Little Falls, N.J.

Brooks Emrick, who tracks data-sharing projects for DOD's Information Assurance Directorate, said existing security methods 'have become passe' with net-centricity. The old ways of isolating the three classification domains with bulk encryption and cross-domain 'guards' will give way to authentication by the Common Access Card and the department's public-key infrastructure. There are more difficult hurdles coming to manage access privileges and policies, she said.

DOD envisions Extensible Markup Language metadata and a special search engine to help users find information in a 'metacard catalog,' Emrick said. 'That's not hard in a single security domain, but between domains you must invoke rights and privileges.' The metadata tags will incorporate classification labels and guide encryption and decryption across domains.

The Northern Command will test cross-domain classified data sharing around December 2005, she said. Another pioneer effort, the Transatlantic Security Collaboration Program, is sharing controlled, unclassified information.

Paul Grant, information assurance executive for the departmental CIO, said 3.5 million CAC cards have been issued to DOD personnel. The credential will not go to external partners but, he said, 'their credentials must be interoperable with ours,' which means cross-certifying bridges will be necessary.

'There is no alternative to PKI bridges yet,' Grant said. 'We need more' in addition to the Federal Bridge Certification Authority. 'We need more external-facing trust policies and audits.'

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.