age e Keith Glennan VP & CTO Northrop Grumman keith.glennan@ngc.com

Transcription

1 Toward Federated d Identity ty Management age e Keith Glennan VP & CTO Northrop Grumman keith.glennan@ngc.com

2 Agenda Northrop Grumman Securing the Enterprise Security & Identity Management Highlights Northrop Grumman OneBadge Overview Federated Identity Service Model Multi-Layer Security across the enterprise Agencies Migration to IT Transformation Federation rivers Transglobal Secure Collaboration Program (TSCP) TSCP s Strategic Plan evelopment Business riven TSCP Objectives: eploying Capabilities to the Programs Lessons Learned - Recommendations

3 Five Operating Sectors Aerospace Systems Electronic Systems Information Systems Shipbuilding Technical Services Large Scale Systems Integration C 4 ISR Unmanned Systems Airborne Ground Surveillance / C2 Naval BMC2 Global / Theater Strike Systems Electronic Combat Operations Radar Systems Command & Control Systems Support esigning some of the world s most sophisticated war-fighting Systems tools, from stealth fighters and airborne surveillance Base systems and Infrastructure to C 4 ISR Support nuclear powered aircraft carries and submarines Network Communications Range Operations Electronic Warfare to our national defense Intelligence, Surveillance & Reconnaissance Systems Maintenance Support Naval & Marine Systems Securing the most sensitive systems and networks that are critical Establishing interoperable trust mechanisms of our employees, our contractors, our suppliers, our customers and our partners Training and Simulations Enterprise Systems Navigation & Guidance and Security Technical and Trustworthy and authorized to access systems and Operational resources Support Military Space Proper due diligence IT/Network Outsourcing in checking their identities and Live, Virtual and Constructive omains backgrounds for the protection of sensitive information Timely notification for de-provisioning identities from our systems and facilities Government Systems Life Cycle Optimization

4 Security & Identity Management Highlights Priority Corporate IM Goals What problems are we trying to address? Advanced Persistent Threat: Government and community yproblem to mitigate exposure of enterprise Cyber Threats and comply with new regulations Authentication: Strengthening Authentication across the enterprise with IM Solutions Identity Assurance: Proofing and Vetting and the Global Supply chain Federation & Next Gen Identity: Secure Collaborated , data rights management Northrop Grumman s Identity Management PMO What is the Solution? Federated Common Identity Policy: Northrop Grumman Federated Identity Management Policies aligned with O and Federal Identity Policies Multi-Layer Security: Multi-Layered approach to provide additional security layers across our networks, systems, facilities, data, intellectual property and information assets IM Solutions: A single device that supports multiple authentication methods and enforces IM polices across the enterprise and supply chain. Identity Service elivery Model How is this packaged? Communication i Strategy: Comprehensive communication plan addressing our Corporate IM Goals and Objectives, our IM Solution and the value proposition Service Optimization: Identifying business model for the new Security & Identity Management services Cost Control and Recovery: Enterprise cost savings through enterprise deployment of Identity Management Solutions while at the same time recover the cost of our investment through Six Sigma Teams

5 Northrop Grumman OneBadge Northrop Grumman s OneBadge is the corporate identification smart card that is being phased in across the enterprise as a component of the Enterprise IM system. The OneBadge system provides: Secure Authentication. OneBadge is a dual interface smart card that supports multiple secure authentication methods and enables enforcement of Northrop Grumman IM policies. Physical Access. Magnetic stripe and HI proximity technologies allow physical access to Northrop Grumman facilities. Logical Access. Includes dual PKI certificates, single sign-on applet, and on-board OTP for remote access to Northrop Grumman s systems, applications and networks. Federated Access. The OneBadge system is enabled for federated access to government and other contractor and supply chain systems via CertiPath, which is cross-certified to the Federal PKI bridge. Alignment to Federal Standards. OneBadge card complies with technology standards and is aligned with policies related to HSP-12/PIV as well as o identity management policies.

6 Federated Identity Service Model Users 1 Provision Identity 2 iscovery/provision 3 Role Segregation y Resource iscovery igital Enrolment Service Enable External LOBs Provisioning g PIV Internal Users are any authorized consumer of resources including i l di employees, teams, Cleared Security - LRAs $ xx Server Admins Procurement $ xx Non-Cleared $ xx Background HR Check Services ocument New Projects Authentication Services partners and other application services Move Routine User Administration 4 Locations PKI Authority Resources are any consumable information asset including data, pp logic, g, web application services and physical devices BAE Systems Rolls-Royce EAS Netherlands Ministry of efence LM Raytheon Ministry of efence Termination NGC Resource Retirement Boeing Certipath Gateway 6 e-provisioning 5 Usage Federal Bridge Click for Vignette o Bridge

7 Multi-Layer Security across the enterprise Multi-Layered approach to provide additional security layers across our networks, systems, facilities, data, intellectual property and information assets Local or Remote User Remote & esktop Login Credential & Rights Management Network Controls Credential Management Centralized Public Key Infrastructure ata Monitoring & Protection Systems Corporate Access Card User Building Access User and Privilege Management Automated Provisioning Rolls-Royce Raytheon BAE Systems Netherlands Ministry of efence EAS LM Strong Authentication OneBadge & igital Shield IM Vault Unique Personal Identifier Host-Based Intrusion Protection Systems NGC Ministry of efence Certipath Gateway Federal Bridge Boeing Click for Vignette o Bridge

8 Agencies Migration to IT Transformation Agencies are Migrating from Stove Pipe Infrastructure t Enterprises. Agencies IT Strategic Plans reflect migration to transformed IT infrastructure t to comply with mandates procurements reflect these plans To Transformed Legacy Infrastructure Enterprise Enabled by IM O J O H S O J O H S Common Secure Infrastructure Agency enterprises have invested in vertical stovepipe infrastructures that are application-based and non-compliant to emerging security and IM mandated standards. Agencies Business Model will shift from an application- based to an identity-based model and provide a common secure e infrastructure across the Net Centric enterprise as they comply with government- wide directives and initiatives. Migration from stovepipe infrastructures to a common secure Net Centric Enterprise

9 Federation rivers o raft Instruction on Identity Management extends HSP-12, HSP-23, HSP-24, OMB Level 4 VERY HIGH assurance to data on industry networks. Significance: Should affect o contracts; proposed solutions without industry involvement might conflict with internal identity management solutions Industry seeks clear and concise contract language across all o programs to ensure consistent contractor interpretation of requirements for identity management Significance: Without coordinated solutions could result in stove-piped solutions increased cost & risk Major questions exist on implementation timelines, compliance targets, contract management, funding and effects on existing contracts. Significance: Impacts cross-industry supply chain This coupled with other access/identity management actions are the drivers to establishing TSCP

10 Transglobal Secure Collaboration Program Government-industry partnership specifically focused on mitigating the risks related to compliance, ce, complexity, cost and IT that are inherent in large-scale, collaborative programs that span national jurisdictions. To do business in the world today, A& companies must balance the need to protect intellectual property (IP) while demonstrating willingness and ability to meet contractual requirements from government customers for auditable, identity-based, secure flows of information. Common Framework for Federated Collaboration Identity Management & Assurance: Provide assurance that collaborative partners can be trusted Meet government agencies emerging requirements for identity assurance across domains Establish common credentialing standards that accommodate and span national jurisdictions Protect personal privacy data of employees ata Protection: efine fine grain access right attributes for data labeling and data rights management Establish Application Awareness emonstrate compliance with export control regulations Protect corporate IP in collaborative and other information sharing programs Facilitate Secure Collaboration: Provide collaborative toolsets that will interoperate with customers and suppliers Facilitate re-use collaborative capabilities among multiple programs

11 Background The Transglobal Secure Collaboration Program (TSCP) established in 2002 TSCP is the only government-industry partnership of its kind founded to specifically address and mitigate the risks of compliance, complexity and costs inherent in Programs requiring large-scale, collaborative IT capabilities and address Aerospace & efense s (A&) security issues that span national boundaries. TSCP A& Participation Includes: Industry TSCP members represent a sizable consumer community TSCP members combine their need for standards-based solutions with their buying power to influence vendors to address TSCP identity and security requirements. Example: Microsoft, now working with TSCP, is addressing an authentication gap in their product in an upcoming release. Individual companies had not been successful in obtaining this change TSCP Governance Board TSCP Support Team Government UK Ministry Of efense GSA - Government Services b f l i b i i hi h TSCP Government Participation Administration US epartment Of efense (o) NL Ministry Of efense TSCP Provides a Unique Industry / Government Working Together Forum

12 TSCP s Strategic Plan evelopment Business riven Holistic Approach to Addressing Common Security Concerns - Identity Management - Information Protection f i b li Export Control Regulations Areas of Common Business Challenge Privacy Company Policies Advance Persistent Threats - Information Labeling. Eg. ITAR, Eg. Privacy Act of Company-specific HSP 7, Export Control 1974, ata Protection Act. Act.. policies cooperation with the o & Industry Common Framework: Prioritized Areas of TSCP Attention TSCP Strategic Objectives Strategic Architecture Information Management eg. IAP Secure Electronic Exchange ocument sharing Secure Identity & Access Management Eg. Web authentication Capability Roadmaps, Action Plans and Project Schedules Execution and eployment Common Operating Rules, Governance & Oversight Tools & Skills Supportive Business Practices

13 TSCP Objectives: eploying Capabilities to the Programs 2003 TSCP Roadmap TSCP Roadmap Phase 1 Secure Collaboration Framework Generic MZ Requirements TSCP Roadmap Phase 2 Export Compliance and Collaborative Identity Mgmt Commercial Bridge Requirements Phase 3 Present Validation through Pilots/Prototypes evelopment of international policy on identity management Increasing international engagement with governments, companies and vendors Transition to production CertiPath, Secure , ocument Sharing Acceptable export compliance rule sets to enable decision making TSCP Member Test & Production Environments Enterprise Secure Information Sharing Collaboration Focused Architecture A& Secure Army Navy Air Force New Business War Fighter & other Programs Identification Authentication Authorization Information Application Operating System Network Physical Information Rights Single Sign-On AZN Services irectory Access Provisioning Services Bridge CAs Company Enterprise O Cross Certification Access Management/ Secure Badge SiteMinder Programs Programs Programs Proposals Proposals Share Point Secure O JITC Certification Enterprise Secure Information Sharing Microsoft Geneva AFS MS Team Center Contractor Credential Certification MS Office Portals Enterprise Supplier Portal Company Portals Share Centers ata Apps

14 Lessons Learned - Recommendations Embrace and implement Federated Common Identity Standards Address Priority Goals and keep on target Communicate, Communicate, Communicate Implement and deploy in quarterly measurable increments Communicate, Communicate, Communicate Partner with internal organizations Industrial Security, INFOSEC, IT, HR, Unions etc. Communicate, Communicate, Communicate Participate in Government-industry partnerships that span national jurisdictions Foster Information Exchanges with your peers Communicate, Communicate, Communicate

15 Thank You Keith Glennan VP & CTO Northrop Grumman