[ISN] Standards body investigates C4I security tagging

From: InfoSec News <alerts_at_private>
Date: Wed, 25 Mar 2009 01:15:19 -0600 (CST)
http://gcn.com/articles/2009/03/23/c4i-data-tagging.aspx

By Joab Jackson
GCN.com
Mar 23, 2009

The Object Management Group 's (OMG) working group for Command, Control, 
Communications, Computers and Intelligence (C4I) has begun investigating 
the possibility of either developing or adopting a set of standardized 
security tags that different service commands could use to share 
information among themselves, as well as with intelligence agencies and 
foreign military services.

Meeting this week at an OMG conference held in Washington, the group is 
investigating whether any existing Extensible Markup Language-based 
(XML) standards will work for this task, or if it should develop a new 
set of tags entirely. The tags will be used by the middleware that 
bridges different C4I systems.

When military data is passed from one system to another, the 
classification, or sensitivity level, of the data is frequently needed 
to determine how that data is processed. Without a previously 
agreed-upon definition of sensitivity level, the data must be channeled 
through point-to-point exchanges, which can be cumbersome to set up, or 
even conveyed by hand. A set of tags, if used by all the parties in a 
transaction, would provide a universal way of understanding the 
sensitivity of information being transmitted. Ideally, the tags would be 
used by the combat systems of multiple countries, so that allied forces 
could share information.

Although the task may sound simple, data tagging sensitive information 
can be a challenge, to judge from the concerns raised by members of the 
workshop. For example, individual data elements by themselves may be 
unclassified, such as the name of a submarine, but when combined with 
other data elements, such as where that sub will be at a certain date or 
time, the aggregate of that information could be highly sensitive. A set 
of data tags should be able to specify the different sensitivities at 
different levels of granularity, one participant suggested.

[...]


_______________________________________________      
Best Selling Security Books and More!
http://www.shopinfosecnews.org/
Received on Wed Mar 25 2009 - 00:15:19 PDT

This archive was generated by hypermail 2.2.0 : Wed Mar 25 2009 - 00:24:30 PDT