At the Leading Edge of NATO Data Centric Security

Reading Time: 2 minutes

For the past 20 years, Boldon James has been leading the way with Military Messaging Handling Systems (MMHS) using Microsoft Exchange as the core messaging service. This has involved supporting the full evolution of NATO STANAG’s (Standard NATO Agreement) from the early draft revisions through to the latest ratified versions agreed by the member nations. In particular, the STANAG 4406 has been the most prominent standard in this area over the years, and a core feature of many deployments.

However, in the world of military messaging, times are changing. We are progressing from the X.400 military messaging systems onto SMTP based solutions that integrate with other services, environments and applications; meaning our data is no longer constrained to the messaging environment alone. Data Centric Security is the modern approach, meaning the data itself is protected rather than the applications layer, ensuring that as data moves increasingly between applications and different environments it is protected. NATO has recognised this and are developing new standards as part of the NATO Data-Centric Security (NATO DCS) initiative that focuses on protecting data in addition to the applications.

As part of the new NATO labelling approach, they have developed and recently ratified the new STANAG 4774 which defines the syntax for a Confidentiality Label, used for labelling numerous data objects (profiles exist for SOAP, REST, SMTP, XMPP, Office Open XML, OPC and sidecar files). STANAG 4778 defines how a Confidentiality Label is bound to the data, and using cryptographic techniques ensures the integrity of the label and the data. The Confidentiality Label includes the traditional classification and caveats seen in email labelling and critically now includes additional metadata; the creator of the label, the creation time and the expiry time are examples of the additional metadata criteria that are included with the label.

The use of this Confidentiality Label allows the data to have a clearly defined owner, facilitates the sharing of data and provides a level of data assurance knowing the source and integrity of the data can be quickly determined.

Over the past few years, Boldon James has invested significant time in supporting these emerging standards and has attended the recent NATO CWIX events, performing interoperability testing with vendors from other nations. This process has been invaluable on both sides, as NATO are able to test and prove the standards they are writing, and the vendors are able to test their interpretation of the standard.

With NATO labelling and data protection approaches evolving to address new threats and opportunities, Boldon James continues to innovate to meet these demands. By closely aligning their military messaging and data classification solutions to support the emerging NATO standards and ensure Microsoft applications and platforms, Boldon James continue to be leading edge and applicable for the NATO Organisation and NATO nations’ environments, not just today but well into the future.