In my last blog on information-centric security, I talked about the need for information to be classified and protected using a common format. By using a common format, we can more easily share and protect our information, as well as and provide ongoing post-release control of the information we have shared.
For the past 25 years at Boldon James, we have worked with sensitive messaging systems in the defence and intelligence environments; this has also included a lot of direct contact with NATO and the standards they publish, including early prototyping and assisting NATO with proving these standards. Recently, NATO has published a couple of new standards, which are of interest to anybody with a desire for information-centric security.
The Confidentiality Labelling Standard recently published by NATO (referenced as STANAG 4774) extends the basic classification attributes we are all familiar with to cover other aspects needed for an information-centric security approach, including:
- Information Ownership to clearly define who owns the data throughout its life-cycle,
- Information Sharing based on a ‘need-to-share’ rather than a ‘need-to-know’ security principle,
- Information Standardisation to enable interoperability, cooperation and efficient processes,
- Information Assurance to provide a set of measures to provide a level of confidence in protection during information communication and
- Data Assurance to provide data integrity.
Sharing information requires a level of trust between the sharing parties, and this trust becomes further established if the classification is bound to the shared information. The Metadata Binding Standard (referenced as STANAG 4778) is the companion document to the Confidentiality Labelling Standard, and provides a consistent method for binding the Confidentiality Label to the information throughout its lifecycle, and between the sharing parties.
Sharing information is more than just sending an email. Today we have web services, databases, document repositories etc. all regularly sharing information throughout the world. NATO has made a good start with a set of standards that are equally at home in the commercial world as they are in the defence and intelligence worlds. For this reason, Boldon James has attended the NATO Coalition Warrior Interoperability eXercise (CWIX) event for the past three years, first attending in 2017, an event designed for experimentation, examination and exploration of new standards, ideas and technologies, where Boldon James provided prototype products to demonstrate how these new standards operate in an information-centric world.
With this in mind, Boldon James is ready to adopt these new standards in their secure messaging and product sets going forward and look forward to CWIX this year to explore the standards further.