IEG Portfolio
(Scenario A and B)
US-NATO Information Sharing (UNIS) TEM6
2 December 2009
Leon Schenkels
NC3A Core Applications
Core Enterprise Services (CAT7)
NATO UNCLASSIFIED
What is the IEG
 Manages and secures information services in between NATO
and external organisations. (Supports multiple interoperability
scenarios).
NATO DOMAIN
OTHER DOMAIN
INFORMATION
EXCHANGE
IEG
NATO IEG
NATO USER
OTHER USER
 Supports core and functional AIS services interoperability
based on agreed standards.
 Provides flexibility, scalability and high availability.
 Complies with NATO policies, Major references:



Infosec Technical and Implementation Directive for the Interconnection of Communication and
Information Systems.
NATO interoperability Directive (chapter 7)
Guidance document on the implementation of gateways for information exchange between
NATO and external CIS communities.
NATO UNCLASSIFIED
2
What are the IEG scenarios
NATO enclave
• Supports Core and Functional
services
NATO Restricted
or Unclassified
NATO UNCLASSIFIED
IEG Scenario B
Appendix 2, Case B
I
Ap EG S
pe
n d ce n a
i x 1 ri o
,C C
as
eA
+
C B
B
io e
e
ar as
o d se
Di Ca
en , C
Sc x 1 ata x 3,
D
i
G di
nd
IE pen
pe
Ap
Ap
A: NS ↔ NS (Enclave)
B: NS ↔ NATO Nation Secret
C: NS ↔ Mission Secret
D: NS ← (↔) NNN/IO
Data Diode
Appendix 3, Case B
• NATO standardised approach to
cross domain information
NATO Classified
or Secret
exchange
• Several scenarios
oA A
a r i a se
n
e
Sc 2, C
G
IE ndix
pe
Ap
Ap
p
en
P
dix AN
3,
Ca
s
eA
NATO Nation
NATO-led CRO
/DJSE
NNN/IO
NNN/IO
3
IEG Architectural Approach
 IEG developed as
discrete components
supported by generic
infrastructure.
 Advantages:
 Re-uses the core
services infrastructure
 Accreditation tasks are
simplified (fewer
components).
 Maintainable (minimises
the number of additional
proxies)
InfoSec
IEG Infrastructure
IEG Core
WEB
E-Mail
Directory
MMHS
Link-1
Link-11
Link-16
Link-22
OTH-Gold
NFFI
ADatP-3 B11C
USMTF
XMPP
MIP-DEM
NATO UNCLASSIFIED
MSG
WEB
Dir.
Proxies
Proxy
Proxy
IEG Functional
Services
Generic IEG-FS proxy
FS
conv
Guard
FS
conv
WEB
E-Mail
Directory
MMHS
Link-1
Link-11
Link-16
Link-22
OTH-Gold
NFFI
ADatP-3 B11C
USMTF
XMPP
MIP-DEM
4
Information Exchange Gateway case A+B
Symmetric IEGs
N
A
T
O
B
P
D
Z
Z
MTA
B
P
D
MTA
NATO
Nation
DSA
DSA
Proxy
Proxy
WEB
WEB
IDS
IDS
NATO UNCLASSIFIED
5
IEG Scenario B (RIEG)
NATO UNCLASSIFIED
6
Phased approach to NATO RIEGs
 Phased increase in security protection
 Step 1 (Scenario A implementation)
 Build network level infrastructure (Firewall, IDS)
 Local/central management as required
 Add web proxy services first, then email (through
Email Upgrade project).
 May require some waivers for IATO
 Step 2, 3 etc (Scenario B Implementation)
 Add formal messaging and directory services
 Directory Services for Email may be added by Email
Upgrade project (GAL Sync)
 Add other services when authorised e.g. TDL
NATO UNCLASSIFIED
7
Case A IEG Project Status
 Case A IEG Project - Authorisation for 6 NATO
Regional IEGs & 18 National IEGs
 Stage 2 Authorisation Request 3Q07
 Contract award 2Q08
 Regional IEGs installation completed 2Q09
 National Site Surveys commence 3Q09
 National IEGs installation begins 1Q10
 Final Acceptance Test 4Q10
NATO UNCLASSIFIED
8
Scenario B IEG Planning Project
Future Milestones






Validation of technical solution – 3Q09
TBCE developed – 4Q09
TBCE screened by WGNTE – 1Q10
Contract Signed – 4Q10
Service Transition/Installation Commences – 1Q11
Project Completion – 4Q13
NATO UNCLASSIFIED
9
Email Upgrade
 Email Upgrade – Programmatic
 Proposals received – Oct 2007
 Price evaluation completed – Dec 2007
 Technical evaluation commencement – Mar 2008
 Contract award - 2Q09
 Compliance Tests – 4Q09
 Commence deployment in – 2Q10
 Complete deployment in – 3Q10
NATO UNCLASSIFIED
10
NATO Messaging System - Phase 1
 NMS Phase 1
 Factory Acceptance Testing complete – Feb 2006
 Certification Testing complete – Oct 2006
 Alternate Solution Evaluation
 Compliance Testing complete – Feb 2007
 Usability Testing complete – Mar 2007
 Evaluation report – Jul 2007
 NMS Phase 1 contract amended - April 2009
 Phase 1 Amendment coordination





Award Amendment contract –1Q09
Regression testing of upgrades – 1Q10
Site surveys and preparations – 3Q09 - 4Q09
Begin Phase 1 deployment (surveys and installation) – 2Q10 – 4Q10
IOC (System Acceptance for Phase 1) – 2Q11
NATO UNCLASSIFIED
11
NATO Messaging System – Phase 2
 Phase 2 coordination commencement – 4Q09
 Minimize gap between Ph 1 and Ph 2
 Subject to successful initial deployment of Ph 1
 Replace PKI with NATO PKI, ACP145, Integration into
IEG B, Interoperability tests with Nations
 Identification of Phase 2 Sites
 Successful system testing of Phase 1 sites
 Phase 2 Authorization – 3Q10
 ACP145 inclusion (if joint standard ratified)
 ACP133 Edition C inclusion (latest ratified version)
 IEG Scenario B integration
 NATO PKI deployment
 FOC (end Phase 2) – 2Q12
NATO UNCLASSIFIED
12
NATO Enterprise Directory Service (NEDS)
 NEDS Project Status
 Phase 1 completed – Sep 2008
 Phase 2 Authorization Request – Nov 2008
 Information for Bidders release – 3Q09
 Contract Award – 1Q10
 Site Surveys – 2Q10
 Initial Operational Concept commencement – 1Q11
 Final System Acceptance – 2Q11
NATO UNCLASSIFIED
13
A project
The C
IEG
portfolio
milestones
IEG
B
IEMS
Email
DS
R-IEG
IEG
Web
NEDS*
NMS Ph 1
PTC Enhancements
IEG-B
IEG-C
KFOR
N-IEG
S.S
2009
Now
IEG-C+
NMS Ph 2
KFOR
IEMS N-IEG
N-IEG
ARH
Email
FOC
D’ploy
BMTA
DS
2011
2012
2010
* Information Provider Only14
NATO UNCLASSIFIED
Discussion ...
NATO UNCLASSIFIED
15
CONTACTING NC3A
NC3A Brussels
NC3A The Hague
Visiting address:
Visiting address:
Bâtiment Z
Avenue du Bourget 140
B-1110 Brussels
Telephone +32 (0)2 7074111
Fax +32 (0)2 7078770
Oude Waalsdorperweg 61
2597 AK The Hague
Postal address:
NATO C3 Agency
Boulevard Leopold III
B-1110 Brussels - Belgium
Postal address:
NATO C3 Agency
P.O. Box 174
2501 CD The Hague
The Netherlands
Telephone +31 (0)70 3743000
Fax +31 (0)70 3743239
NATO UNCLASSIFIED
16