Defense will promote wide use of NSA's secure data model
- By Susan M. Menke
- Nov 04, 2004
The National Security Agency's new technical reference model for securing data on the Global Information Grid is going to become entrenched at the Defense Department and should spread to other agencies and industry.
That's the belief of Robert F. Lentz, information assurance director in the office of the assistant secretary of Defense for networks and information integration. He spoke last month at an interoperability conference sponsored by the Institute for De- fense and Government Advancement of Little Falls, N.J.
'We are on a very, very fast path of power to the edge. There are things I never imagined'1-Gbps encryptors and an aggressive [tactical] satellite program,' he said. 'Get information to the edge users and let them use it to advantage.'
Brooks Emrick, who tracks information-sharing projects for DOD's Information Assurance Directorate, said existing security methods are pass' under network-centricity.
The old ways of isolating DOD's three classification domains via bulk encryption and cross-domain guards will give way to authentication by the Common Access Card and the department's public-key infrastructure, she said.
'Can I trust this information? Where did it come from and has it been tampered with?' Emrick asked. Beyond the CAC and PKI, however, 'databases of roles and privileges will be a lot harder' to create and use.
She envisions Extensible Markup Language metadata and a special search engine to help users find information in a metacard catalog.
'That's not hard in a single security domain, but between domains you must invoke rights and privileges,' Emrick said.
The metadata tags will incorporate classification labels and guide encryption and decryption across domains, she said. Other components likely will include biometrics, tokens and
personal identification numbers.
Paul Grant, information assurance executive in Defense's CIO Office, said DOD will not issue Common Access Cards to external partners but, he said, 'their credentials must be interoperable with ours,' which means cross-certifying bridges will be necessary.
'There is no alternative to PKI bridges yet,' Grant said. 'We need more external-facing trust policies and audits' in addition to the Federal Bridge Certification Authority.