6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
6th European Conference - Academic Conferences
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Labelling: Security in Information Management and<br />
Sharing<br />
Harm Schotanus, Tim Hartog, Hiddo Hut and Daniel Boonstra<br />
TNO Information and Communication Technology, Delft, The Netherlands<br />
Harm.schotanus@tno.nl<br />
Tim.hartog@tno.nl<br />
Hiddo.hut@tno.nl<br />
Daniel.boonstra@tno.nl<br />
Abstract: Military communication infrastructures are often deployed as stand-alone information systems<br />
operating at the System High mode. Network-Enabled Capabilities (NEC) and combined military operations lead<br />
to new requirements for information management and sharing which current communication architectures cannot<br />
deliver. This paper informs information architects and security specialists about an incremental approach<br />
introducing labelling of documents by users to facilitate information management and sharing in security related<br />
military scenarios.<br />
Keywords: labelling, meta-information, information security, cross-domain solutions, information sharing, needto-protect,<br />
duty-to-share<br />
1. Introduction<br />
This paper presents an overview of the steps to develop a meta-information capability. First, it<br />
presents a broad overview on what meta-information and labelling is and how it can be applied. Then<br />
it focuses on one specific security application of labelling which is secure information exchange, i.e.<br />
selective and regulated information sharing, based on meta-information. We also present a possible<br />
roadmap for implementing a secure information sharing capability based on meta-information. The<br />
purpose of this roadmap is to analyse what ‘ingredients’ are required for implementing such a<br />
capability, i.e. the problems we have identified and the technology that is necessary to solve these<br />
problems.<br />
The importance of sharing information in networked military operations, especially coalition networks,<br />
is commonly recognised. An important driver for future communication architectures is (NATO)<br />
Network-Enabled Capabilities (NNEC)(Buckman 2005). The integrated and coordinated deployment<br />
of all capabilities within a coalition is the central goal relying heavily upon regulated information<br />
sharing (Schotanus 2009)(Martis 2006). Better integrated communication architecture contributes to<br />
sharing of relevant military information by making it easier and quicker. But how does confidentiality fit<br />
into this picture? What if a coalition partner does not want to share specific information because<br />
sharing poses a bigger risk for them or for the mission than not sharing or vice versa? Which methods<br />
are available to differentiate between information to-be-shared and information not-to-be-shared? The<br />
primary objective is that the owner of the information remains in control of that information.<br />
Relevant information produced during military coalition operations usually does not originate from a<br />
single partner but is the result of multiple partners working together using some form of online or<br />
offline shared information mechanism like documents distributed via e-mail or digital photos shared<br />
via situational awareness applications. Information is nowadays typically divided amongst the coalition<br />
partners, each creating a separate information domain in which the information is stored and<br />
processed. Such an information domain is usually a standalone network. Transferring information<br />
from one domain is handled often by out-of-band means That may cause more problems than it<br />
solves as there is little control over the information exchange. Connecting these different domains is a<br />
step that is currently taken, but also leads to many problems. Not in the least because of different<br />
responsibilities for each of these domains. Information sharing without compromising the<br />
confidentiality is a problem that has to be solved by choosing an information management strategy<br />
that is based on the ability to regulate the sharing of information and that cannot be addressed by<br />
infrastructural solutions. In essence, this is caused by the inability of the infrastructure to determine<br />
the value of the information and hence it cannot enforce decisions about whether information can or<br />
cannot be shared with the intended partner.<br />
228