Secure Information Management
from the Cyber Core
1
•
As a community we are exposed due to a heavy reliance on Information Technology
•
Effective measures must be applied to mitigate the Risk
•
Potentially the greatest threat exists inside an organisation – “The Insider Threat”
•
Organisations must be capable of conducting Command, Control and Intelligence in
a contested cyber environment
Secure Information Management (SIM)
from the Cyber Core
3
Information Enterprise
ADF
MPE
WoG
IM Line Of Effort
5
Mission
Success
KM
Outputs
Inputs
Process
KM
IM
Framework
Plan
Method
IM
Systems
ICT/CIS
Plan
Means
Systems
InformationCOG
Objective
End State
Lines of Operation
COG
Information LOE in support of the Operational Timeline
KM Policy
IM Policy
Enabling Systems ICT/CIS Support
Dominate Information
Information Overload
7
IM Approach
•
Metadata administered information
•
Object level security = safeguarding
•
Controlled information environment (Boundaries)
•
Audit system (near real time – audit trails)
IM Framework
IM Protective Measures
•
Protective measures
– Insider Threat
• Object level security
– Release to all
– Caveats / Releasability
– Limited Distribution
– Notify on Opening
– No Lone Zone
• Deny access to SysAdmin
– Administer networks not the
“Information”
• Effective Control of External Media
– Approved devices
– Supported policy
Release to All
Caveats / Releasability
Limited Distribution
Notify on Opening
No Lone Zone
LEVEL OF PROTECTION
DJISS
Next Generation Information Management Capabilities
W
eb
C
on
ten
t
Man
ag
em
en
t
En
terp
ris
e S
ear
ch
C
ol
lab
or
ation
Meta Data Security
C
ros
s
Do
m
ain
R
ep
lic
ation
Si
n
gle
In
for
m
ation
En
vir
onm
en
t
(S
IE)
Fr
ame
w
o
rk
R
ep
or
tin
g
C
h
at
(P
er
sis
ten
t)
Wiki,
B
lo
gs,
Task
s
W
orkflo
w
Man
ag
em
en
t
Aud
it
/
eDisc
ov
er
y
Identity Management, Identity Awareness & Cross-Domain Authentication
R
ec
or
d
s
Man
ag
em
en
t
N
otif
ic
ation
/
So
cial
Un
if
ied
C
omm
u
n
ic
ations
B
I /
Act
io
n
ab
le
Analy
tic
s
For
m
al
Messaging
R
ec
or
d
s
Man
ag
em
en
t
Support
Monit
or
ing
, Con
tr
ol
an
d
Go
vern
an
ce
For
m
s
Information Assurance
Do
cu
m
en
t
Man
ag
em
en
t
Em
ail an
d
C
alen
d
aring
W
O
G /
C
oal
ition
(Ga
te
w
ay)
In
for
m
ation
Acc
ess
DEP-S
DDPN
Defence Information Management
Required Capabilities
15
17
Training
• Form part of IM Base Line
• Staff/User proficiency
– Skilled in Cyber (mandated & effective)
– Skilled in IM
– Skilled at application usage
• IMO specialists in cyber security
19
• Security must be the foundation stone of any
military SharePoint capability
• Get it wrong?
• Bradley Manning
• Edward Snowden
• Simplified permissions management
through a single user interface
• Hierarchical security based on
organizational structure
• Centralize or decentralize permissions
management
• Object level security vs container security
(simplify site)
• Works on all content (e.g. Calendar entries)
KEY FEATURES OF ESSP
Enterprise Security Services Platform
Administer your organisational hierarchy and add LDAP users
and groups to give them permissions
Group Administration - project your organisation’s existing structure over SharePoint’s site collections, lists and items
Start and end dates for group membership for
improved security
Introduces the concept of SharePoint ownership of
objects to simplify management Auto-complete search of Active Directory users and groups and ESSP groups when adding group
members
Standard and custom permission sets that automatically apply to all
objects with the same owner/parent
• Trusted insider (admin)
– System Administrators blocked from accessing
content
• Trusted insider (user)
– LIMDIST
– Caveats
– Releasabilities
– No Lone Zone
• Assured Operations
– Notifications when sensitive content accessed
ACTIVE DEFENSIVE CYBER
OPERATIONS
Cyber Threats
Supports out-of-the-box and custom
content types
Security summary shown for all items (sensitivity indicators,
limited distribution etc.)
Security trimming of secured items based on
Subtractive Hierarchical Claims Technology
Uses standard SharePoint extension points, claims, HTTP modules and custom field types to secure your system and maximise
• Classify MS Office Documents, pdf & media
• Visible classification & metdata carried with
object/asset
• Seamless & automatic detection by ESSP
• Seamless & automatic detection of ESSP
rules by janusSEAL documents
• Capacity for controls of other systems,
gateways.
Total document security
janusSEAL Integration
• Open document library
• Limit the distribution to 37 Squadron Pilots
• Prevent RAF exchange officer (member of 37
SQN Pilots) from seeing AUSTEO
SharePoint Security
1. Email the SharePoint URL of the document to
the RAF exchange officer
2. Switch to Explorer view
3. Click on “Sort By” dropdown at top of library
SharePoint Security
Bypassing other vendors security
4.
Create a new document library. Add a
“Lookup column”. Point it at the “secure” library
5.
Search using OOTB FAST search
6.
Login as a site collection administrator
SharePoint Security
7.
Access document library via the web service
URL - h
ttp://<site
url>/_api/web/lists/GetByTitle(‘Test')/items
8.
Create a new document library and copy
the file into it. (non pervasive test)
SharePoint Security
Bypassing other vendors security
• Enterprise Security Services Platform passes
these tests.
• Additional “Insider Threat” protections
• Visit our booth to discuss item level security
that actually works
31
Audit
Centre
SysAdmins
Information Objects
Owned/Managed by the IMO
Object Level “SECURITY”
Metadata Administered
X
Proteus COTS - SIM
Secure Compartmented Chat - XMPP
Secure Data Fusion - ECSP
39
Outgoing Incoming
ECSP – Data Ingestion Architecture Updated: Nov 2015
SharePoint Secure Email
Distributed Common Ground System (DCGS) Objective RDBMS
WoG Repsoitory
Lightweight Directory Access Protocol (LDAP)
Analyse Repository
Security Incident Event Management System Military Messaging ECSP XMPP Chat Objective RDBMS WoG Repository XMPP Chat Active Directory Secure Email OpenSearch Intelligence Data Feeds (13+)
Real Simple Syndication (RSS) Manual Upload