© tecsec® incorporated 2003 threat notification model for federal, state and local authorities...

© TecSec® Incorporated 2003

Threat Notification Model forThreat Notification Model forFederal, State and Local AuthoritiesFederal, State and Local Authorities

Getting Critical Information to the Homeland Security Threat-Fighter

Standards-based Desktop Software provides Secure Information Sharing without Cost of New Infrastructure


OverviewOverview

• President’s National Strategy Defines the Problem• Sharing Threat Information Selectively, Confidentially, and

on a Need-to-Know and Need-to-Share Basis


The ProblemThe Problem


President’s National Strategy Document asserts:President’s National Strategy Document asserts:

Currently, there is noCurrently, there is no central, coordinating mechanism to assess the impact ofcentral, coordinating mechanism to assess the impact of

sensitive information and ensure that it gets to all thesensitive information and ensure that it gets to all theparties with a parties with a need to knowneed to know..

Adding to this problem isAdding to this problem isthe lack of technical communications systems to enablethe lack of technical communications systems to enablethe secure transmittal of classified threat information tothe secure transmittal of classified threat information to

the owners and operators of concern.the owners and operators of concern.

Source: The National Strategy for The Physical Protection of Critical Infrastructures and Key Assets, February 2003, Page 26


One of the first steps we must take is to preciselyOne of the first steps we must take is to precisely

define information sharing requirements as theydefine information sharing requirements as they

pertain to the critical infrastructure and key assetpertain to the critical infrastructure and key asset

protection mission. protection mission.

These requirements should focusThese requirements should focus

on the sharing of real-time threat, vulnerability, andon the sharing of real-time threat, vulnerability, and

incident data; best practices; security guidelines; risk incident data; best practices; security guidelines; risk assessments; and operational procedures.assessments; and operational procedures.

Source: The National Strategy for The Physical Protection of Critical Infrastructures and Key Assets, February 2003, Page 26

Need to Define Information Sharing RequirementsNeed to Define Information Sharing Requirements


Threat Notification and DistributionThreat Notification and Distribution

From Federal to State & LocalFrom Federal to State & Local

Or Vice-VersaOr Vice-Versa


Sample Threat Notification EnterpriseSample Threat Notification EnterpriseSecretary

of theDepartment of

Homeland Security

Governoror State CIO



MAYORDirector,

Water Treatment Facility

StateMedical Director

PoliceForce &

Fire Dept Staff

HospitalStaff

WaterTreatment

Staff

Sta

teLo

cal

Emergency Medical

TechniciansFR

Fed

eral

FR = First Responders


Information Sharing FlowInformation Sharing Flow

And from the top down or the bottom up…..

Information Sharing can occur……vertically or horizontally

Or in a variety of other configurations depending on the Enterprise Architecture and Workflow


Threat AnalysisThreat Analysis

• Threat is received at the Federal Level and analyzed• Differentiated Access Control Credentials are applied

to Threat Notification• Threat is distributed to State and Local and First

Responders and/or to other Agencies.


Threat Notification: Credentialing and DistributionThreat Notification: Credentialing and Distribution

Threat Notification

Threat Notification

Threat NotificationThreat Notification

Federal

State

Local

Different Credentials are Assigned to Different Parts of a Single Threat Notification.

The Notification is dispersed throughout the “Enterprise”.

FR



Threat Notification with Credentials AssignedThreat Notification with Credentials Assigned

Secretary of the

Department of Homeland Security




MAYORDirector,

Water Treatment Facility

StateMedical Director

PoliceForce &

Fire Dept Staff

HospitalStaff

WaterTreatment

Staff

Emergency Medical

Technicians

Fed

eral


Sta

teLo

cal

FR


Access to the Threat NotificationAccess to the Threat Notification

Access to the Threat Notification is Limited by a Recipient’s Role…and the Credentials Associated with that Role.

FEDERAL ROLE

•Federal Credential

•State Credential

•Local Credential

•FR Credential

STATE ROLE

•State Credential

•Local Credential

•FR Credential

FR ROLE

•FR Credential

• Federal Role: has all Credentials & can access the entire document.

• State Role: can only access the State, Local, and FR portions.

• Local Role: can only access the Local and FR portions.

• FR (First Responders) Role: can only access the FR portion

Threat Notification

Threat NotificationFederal

StateLocal

FR

LOCAL ROLE

•Local Credential

•FR Credential



Constructive Key ManagementConstructive Key Management®® (CKM(CKM®®))


CKM Enterprise Architecture ConceptsCKM Enterprise Architecture Concepts

• Enterprise– A collection of Members, Organizational Units, Roles,

Domains, Categories and Credentials that are administered as a whole.

• Domain– A grouping of Roles, Categories and Credentials with

common security needs that defines who can communicate securely with whom within the Enterprise.

• Organizational Unit (OU)– A grouping of Members with common attributes


CKM Enterprise ArchitectureCKM Enterprise Architecture

President

Director Director Director

Manager Manager Manager

A typical CKM Enterprise can be modeled after a standard organizational chart

It consists of Organizational Units (OUs), which can be thought of as Departments.

HR OU Finance OU Sales OU

And Domains, which can be thought of as Working Groups or Communities of Interest

President

Director Director Director

Manager Manager Manager

Domain 1 Domain 2


CKM Enterprise AdministrationCKM Enterprise Administration

• CKM Enterprise Builder provides a Division of Labor and a Balance of Power by distributing the administration among three types of administrators for each CKM Enterprise.

• No one person has all the keys to the kingdom


CKM Enterprise AdministrationCKM Enterprise Administration

• Enterprise Authority (EA)• Domain Authority (DA)• Organizational Unit Authority (OUA)

All Administrators are Members of the Enterprise.

There are three types of Administrators in a typical CKM Enterprise


Distribution of Labor – Balance of PowerDistribution of Labor – Balance of Power

• Enterprise Authority (EA)– Maintains the Enterprise Structure– Creates Domains and Organizational

Units– Creates Custom Fields– Creates Top Organizational Unit

Authority (who is assigned to all OUs)– Creates other EAs (optional)– A DA placeholder is automatically

created when the Domain is created – this is assigned to a specific Domain.

• Organizational Unit Authority (OUA)– Administers one or more Organizational Units– Creates Members– Assigns Roles to Members– Creates and Distributes Tokens to Members– Creates other OUAs (optional)

• Domain Authority (DA)– Defines Domain Policy– Administers a Domain– Creates Categories, Credentials and Roles– Assigns Roles to Organizational Units– Creates other DAs (optional)


Credentials and RolesCredentials and Roles


Credentials and RolesCredentials and Roles

• Credential – a control method– Access to information is controlled by distributing appropriate

Credentials to a person’s functional Role.– When distributing objects (files, emails, all or just part of

documents, etc.), Members apply Credentials to define Recipients

– A cryptographic value used in the key generation and regeneration process as an enforcing mechanism.

• Role - a person’s assigned duties – Credentials (and other Domain and Enterprise Information) are

assigned to Roles based on duties and need to know.– A Project Mgr. may have several Credentials that give

differential access (read and/or write) to types of information.


Credentials are Assigned to RolesCredentials are Assigned to Roles

Federal Credential

State Credential

Local Credential

Staff Credential

State Credential

Local Credential

Staff Credential

Local Credential

Staff Credential

Federal Role

State RoleLocal Role

Staff Credential

1st Reponders Role


Need to KnowNeed to Know Roles are Assigned to Members Roles are Assigned to Members ……

Federal Role State Role Local Role

Under Secretary Management

Under Secretary Science &

Technology

Under Secretary Information Analysis

& Infrastructure Protection

Under Secretary Border &

Transportation Security

Under Secretary Emergency

Preparedness & Response

Governor

State CIO

State Police Chief

State Medical Director

State Fire Chief Sheriff

Mayor

County Executive

EMT Director

Hospital Director

Local Police Chief

Local Fire Chief

FR Role

Law Officer

Fire Fighter

Emergency Medical Technician

Hospital Worker


Credentials Assigned by Sender to Objects when Credentials Assigned by Sender to Objects when Distributing MessageDistributing Message

Threat Notification DocumentThreat Notification Document

Federal

State

Local

This portion was encrypted with the Federal Credential

This portion was encrypted with the

State Credential

This portion was encrypted with the Local Credential

FR

This portion was encrypted with the

First Responders (FR) Credential


CKM provides Instant Network for Homeland CKM provides Instant Network for Homeland

Security with Need to Know Information AccessSecurity with Need to Know Information Access

• Transport independent, reliable, messaging• Secures the data in transit and at rest• Sender and Recipient Authenticated• Information Confidentiality• Sender Alert uses pre-assigned Credentials to

need-to-know, known parties.• Quick deployment and installation• Low Cost, standards-based, proven products• Microsoft® Windows® and PKI compatible + others• Wireless application will be available


IdentificationIdentification

AuthenticationAuthentication

AuthorizationAuthorization


Identity, Authentication, and AuthorizationIdentity, Authentication, and Authorization

• CKM Token with CKM Credentials for Authorization• PKI Certificate on the CKM Token for Identity

Authentication• Token can be software or hardware• The Member must authenticate to the Token before

participating in the CKM System


Backup SlidesBackup Slides


Facts About First Responders

• There are over 1 million firefighters in the United States, of which approximately 750,000 are volunteers.

• Local police departments have an estimated 556,000 full-time employees including about 436,000 sworn enforcement personnel.

• Sheriffs' offices reported about 291,000 full-time employees, including about 186,000 sworn personnel.

• There are over 155,000 nationally registered emergency medical technicians (EMT).

Source: http://www.whitehouse.gov/news/releases/2002/01/print/20020124-2.html

© tecsec® incorporated 2003 threat notification model for federal, state and local authorities...

Documents

threat notification

threat analysis threat

tecsec incorporated

threat notification

single threat notification

sharing of realtime

problem slide

critical information