An MLS system, platform or environment allows information at different classifications to be stored and accessed within a single security domain, while dynamically enforcing different access policies and compartments.
Information is valuable. Some information is more valuable than others, especially in government and defense, which is why taxonomies are in place to classify and label it as classified, secret, top secret and so on. The ability to share sensitive information between different agencies and with coalition partners is the lifeblood of protecting national interests.
This is why when a network is breached, it's not the network hardware that's the concern, it’s the access to services and information stored or connected to the compromised network.
This is elementary stuff, but it’s important to bear it in mind. Following the release of the Executive Order for Zero Trust and the Cybersecurity and Infrastructure Security Agency’s Zero Trust Maturity Model in late 2021, agencies are investigating technologies to help them meet the new requirements for their network.
There is a danger here: Zero trust architecture has its blind spots too. Remember, it is the data that is most valuable, not the network. Without applying the same principles of zero trust to the data that exists on the network, even if the network is unbreachable, agencies are still open to the host of data breaches caused by insider threats -- those caused by employees and contractors with authorized access to those same systems, applications and data. Agencies must rethink how information access is structured, not just access to the networks and applications that hold the information.
Many major corporations and public institutions have had their vulnerabilities exposed by whistleblowers, but insider threats don’t have to be perpetrated by deliberate, malicious actors. A negligent member of staff copying sensitive data into a public database is a far more common source, as happened with the leak of the identities of U.K. Special Forces members last year on What’s App.
The way these breaches are discussed publicly, there’s an almost implicit assumption that nothing can prevent malicious insider threats from happening, but this just isn’t true. There are good and bad ways to proactively address the problem of who has access to what information, when and what they can do with it. New security methodologies and technology can prevent, not just detect, data loss or misuse caused by human error and insiders with bad intentions.
Surprisingly, the information sharing methods currently used by many government agencies and contractors are not efficient at solving the access problem. Here, it is common to see air gaps mandated between each level of information. In practice, this means Top Secret data is only accessed on a completely different network to one that contains public information, and so on for every security level between these two points.
What this leads to is "swivel chair" security. Quite literally, someone sitting at one PC copies the information they need, then swiveling their chair over to another other PC to access a different database.
Most IT teams would see the inefficiencies at play here. Manually copying information over each time it is needed is practically inviting errors and data loss, plus it takes a long time to do. It also means agencies need multiple different desktops/computers, complete with air-gapped infrastructure behind them, firewalls and so on. This air-gapped network-driven philosophy creates huge costs and focuses on protecting these networks, rather than protecting the data stored within them.
Even with a practically unlimited tech or security budget, if this strategy were proposed to any private enterprise, I’m willing to bet the time and resource cost would be the toughest sell. So why do we tolerate it in the public domain?
We need a better, middle ground, and fortunately one already exists. Multilevel security is a really simple concept. An MLS capability (system, platform or environment) allows information at different classifications to be stored and accessed within a single security domain, while enforcing different access policies and compartments dynamically depending on context, with the assurance that the separation is effective.
Think of it as a giant repository of data that can be accessed at any time, but only if with the right credentials. Users with a Secret credential, won’t see any data tagged Top Secret or above.
Combining this with technologies like attribute-based access control, MLS becomes even more effective. Attributes are the characteristics or values of a component. With ABAC, the combination of different user, environmental and resource attributes is evaluated to allow or deny access to a file – affording more granular, contextual control over access and data protection.
Even if the highest echelons of a repository (e.g. Top Secret) must remain air-gapped, there is much information that falls below it. Information can quickly become very valuable as a situation emerges or can just as quickly lose its value if it is not shared on time with the right agencies.
These times of upheaval and rethinking in cybersecurity are rare in our industry. Thanks to Executive Order for Zero Trust, we’ve got the right idea; we just need to make sure we apply it thoroughly. MLS, combined with the dynamic capabilities of ABAC, can help agencies meet the extremely complex information sharing challenges they now face. There really has never been as steep a premium on efficiency as exists in today’s information-centric world. We need to build an information sharing system that can keep up.
Kurt Mueffelmann is US President & Global COO, archTIS.