3
Information Sharing, a Key Enabler

MARITIME SECURITY

As discussed in the foregoing chapters, information collection and sharing are central to building trust; they also provide a basis for decisions and actions. In fact, the resulting transparency in and of itself arguably contributes to the maritime security of the United States and its partners. This chapter covers matters relating to the presence and activities of ships and craft on the surface of the oceans—from the high seas well into territorial waters. Such information helps us to understand—and therefore respond to—potential threats to maritime security. Also of interest is information on various cargoes, crew, the supply chain, and even ownership and management affiliations, which helps to identify illegal, suspicious, or threatening activities.

The Maritime Security Partnership Initiative

The committee believes that the formation of partnerships to improve maritime security is characterized by a number of fundamental principles:

  • Maritime security around the globe will be advanced by strengthening existing partnerships and building new ones, with shared information the key enabler.

  • It is envisioned that not only will action on the maritime security situation generally be accomplished at the regional or subregional level, but it will also have a collective global effect as well and will require some local improvements in the maritime security situation.

  • It is in the interest of both the United States and its partner nations to share



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 52
3 Information Sharing, a Key Enabler MARITIME SECuRITy As discussed in the foregoing chapters, information collection and sharing are central to building trust; they also provide a basis for decisions and actions. In fact, the resulting transparency in and of itself arguably contributes to the maritime security of the United States and its partners. This chapter covers mat- ters relating to the presence and activities of ships and craft on the surface of the oceans—from the high seas well into territorial waters. Such information helps us to understand—and therefore respond to—potential threats to maritime secu- rity. Also of interest is information on various cargoes, crew, the supply chain, and even ownership and management affiliations, which helps to identify illegal, suspicious, or threatening activities. The Maritime Security Partnership Initiative The committee believes that the formation of partnerships to improve mari- time security is characterized by a number of fundamental principles: • Maritime security around the globe will be advanced by strengthening existing partnerships and building new ones, with shared information the key enabler. • It is envisioned that not only will action on the maritime security situation generally be accomplished at the regional or subregional level, but it will also have a collective global effect as well and will require some local improvements in the maritime security situation. • It is in the interest of both the United States and its partner nations to share 52

OCR for page 52
53 INfORMaTION SHaRING, a KeY eNaBLeR information as widely as possible within regions and subregions and beyond, taking into account that threats to security often cross regional or subregional boundaries. • The related objectives of extending reach and maximizing inclusiveness suggest that both the information to be shared and the system architecture for doing this involve unclassified information1 and the use of commercial, Internet- based mechanisms. • Beyond information collection and sharing—viewed here as having intrin- sic value and serving as a fundamental building block when forging new partner- ships—there is, of course, the matter of taking endgame action to deny or deter illegal or threatening activities. • Improved information collection and sharing can be expected to gener- ate a positive spiral in terms of increasingly effective coordinated action among maritime partners. • The U.S. Navy, as one of the nation’s main repositories of technical exper- tise and, often, the primary entity that interfaces with a potential partner entity, is well positioned to support the initiative on maritime security partnerships (MSP). The initiatives of the combatant commander (COCOM) and the Navy reflect the above fundamental principles. After presenting some context and characterizing the current systems and capabilities, this chapter focuses on technical considerations—including archi- tectures and technical options—for building and strengthening capability in three functional areas: sense/collect, analyze/fuse, and decide/act. Before new capa- bilities for maritime information collection and sharing can be shared with the partners, it will be necessary to agree on mutual responsibilities and obligations. Particularly in the case of nontraditional partners, it is the committee’s view that some additional principles apply: 1. COCOM and Navy fleet experience has shown that the new partners are generally interested in local rather than regional or global maritime domain 1 Pursuant to Executive Order 12958, classified information refers to official information that has been determined to require protection against unauthorized disclosure in the interest of national security and that has been so designated. Unclassified information refers to information that has not been determined to warrant classification; however, some unclassified information may be approved for public release whereas certain other information, such as International Traffic in Arms Regula- tions information, may not. Some maritime information that does not pertain to U.S. national security, such as Automatic Identification System reports, can be viewed as publicly available and therefore can be freely shared (subject only to constraints imposed by international agreements, such as IMO, as opposed to U.S. policy). When referring to such information, the U.S. Navy has coined the term “not classified,” apparently to convey the notion of useful information sharing without the potential complexities of codified protection requirements. The term “unclassified,” as used in this report, is viewed as encompassing “not classified” information.

OCR for page 52
54 MaRITIMe SeCURITY PaRTNeRSHIPS awareness (MDA). Yet, this desire for local awareness can contribute to the larger global picture by enabling the early identification of vessels of interest. 2. When developing agreements on the sharing of information with members of the emerging partnership, it will be important to take into account the informa- tion that is currently available from local law enforcement (ports, supply chains, etc.) as well as information collected by technologically sophisticated surveil- lance systems. Each partner, including the United States, will have to consider what boundaries, if any, to place on the sharing of information, even unclassified information. 3. When seeking to strengthen and expand local surveillance capabilities, reaching agreement may well require a modest level of U.S. support and invest- ment, ranging from technical support for the partner to obtaining permission to site our radar installation on the partner’s sovereign territory. Broadly speaking, the notion of a partnership usually entails reciprocity, which can take many different forms, including the exchange of money, informa- tion, and technical know-how. Other Initiatives to Enhance Maritime Domain Awareness The information that is being shared here is the kind that makes us and our partners aware of our maritime domain. MDA encompasses a growing spectrum of initiatives to develop capabilities, including the National Strategy for Maritime Security (NSMS) and the National Plan for Achieving MDA. As this committee was completing its efforts, the Department of Defense (DOD) was assigning to various federal agencies their responsibilities for MDA capability development and was securing the required funding. A memorandum from the Secretary of the Navy, dated May 17, 2007, called for an MDA “spiral 1” initial operational capability (IOC) by August 2008 for the U.S. Central Command (CENTCOM), the U.S. Pacific Command (PACOM), associated fleet elements, non-DOD U.S. organizations, and selected foreign partners in the western Pacific. On May 29, 2007, the Chief of Naval Operations (CNO) issued the document Nay Maritime Domain awareness Concept to guide Navy efforts to improve MDA-related capa- bilities and develop related Fleet Concept of Operations (CONOPS). 2 A memo- randum from the Deputy Secretary of Defense dated August 3, 2007, designated the Navy as DOD’s executive agent for MDA and outlined the responsibilities and mechanisms for addressing requirements, investing resources, and support- ing interagency efforts. This memorandum called for preparing a plan within 180 days to develop MDA capabilities. Additionally, DOD appointed a flag-level director of global maritime situation awareness (GMSA), a position that would 2 Chief of Naval Operations (ADM Michael G. Mullen, USN). 2007. Nay Maritime Domain awareness Concept, Department of the Navy, Washington, D.C., May 29.

OCR for page 52
55 INfORMaTION SHaRING, a KeY eNaBLeR complement the closely related, previously established position of director of global maritime intelligence integration (GMII). Additionally, a national CONOPS for maritime domain awareness was pub- lished in August 2007, just as the committee was completing the draft of its report.3 This CONOPS formally established the interagency GMSA office at the Coast Guard. The GMSA’s current mission calls for it “to create a collabora- tive global, maritime, information sharing environment through unity of effort across entities with maritime interests.” Although the committee did not have an opportunity to review this CONOPS, which was in response to the NSMS, the document apparently supports at least three notions that are elaborated on below from an MSP standpoint: (1) the importance of a modern, network-centric information technology (IT) capability for collecting, processing, and sharing information to support the MDA community; (2) the need for developing and managing an MDA information architecture to guide the evolution of this capa- bility; and (3) the technical leadership that the Navy can and should exercise in this domain, presumably building on its role as executive agent for MDA within DOD, as noted above. The committee notes, however, that the ongoing MDA-related initiatives identified above are largely focused on the analysis and dissemination of existing information and do not deal with the need for additional information from surveil- lance sensors, noted later in the section “Building Mission Capability.” The MDA efforts outlined above have of course been motivated by the U.S. commitment to implementing the maritime component of the global war on ter- ror and addressing the associated homeland security and defense concerns. 4 This focus notwithstanding, it is clear that the issues being addressed (e.g., barriers to information sharing) and the capabilities being developed (e.g., improved vessel tracking) apply to the broader maritime security interests embodied in the MSP concept. The prosecution of MSP initiatives, then, is an outcome of the ongoing and emerging MDA efforts triggered by the earlier NSMS. The findings and recommendations in this chapter are intended to advance 3 See Emelie Rutherford, Inside the Nay, 2007, “CONOPS Finalized This Month: Metcalf Heads Up New Global Maritime Situational Awareness Office,” August 20, pp. 1, 10; and Inside the Nay, 2007, “GMSA Office Will Target Policy Barriers: Challenges Cited in Sharing Data for New Maritime Awareness Effort,” September 10, pp. 1, 9. 4The National Research Council’s Naval Studies Board recently conducted a study on the role of naval forces in the global war on terror (GWOT; see NRC, 2007, The Role of Naal forces in the Global War on Terror: abbreiated Version, National Academy Press, Washington, D.C.). Background information pertaining to the origins of the term “GWOT” can be found in documents such as (1) The White House (George W. Bush), 2006, The National Security Strategy of the United States of america, Washington, D.C., March, p. 12; (2) Office of the Chairman, Joints Chiefs of Staff, 2006, National Military Strategic Plan for the War on Terrorism, Washington, D.C., February 1, p. 3; and (3) Secretary of Defense, 2006, Quadrennial Defense Reiew Report, Department of Defense, Wash- ington, D.C., February 6. The NRC Committee on the “1,000-ship Navy”—A Distributed and Global Maritime Network saw its charter as being neither to endorse nor to replace the term “GWOT.”

OCR for page 52
56 MaRITIMe SeCURITY PaRTNeRSHIPS the MSP concept by leveraging, complementing, and in some cases extending the broader U.S. MDA efforts. OPERATIONAL MODELS As elaborated in the Chapter 2 review of existing and emerging international partnerships, “one size does not fit all” when it comes to information-sharing arrangements and the enabling technical mechanisms. Differences are traceable to a number of factors: • Different levels of trust, • The distinction between bilateral and multilateral arrangements, • A focus on coordinated action at the tactical level rather than on informa- tion sharing, and • Uneven levels of technological maturity and sophistication. Much of the current activity is associated with the burgeoning of automatic identification systems (AISs) on all commercial ships over 300 gross tons (GT) and on U.S. Navy ships. Figure 3.1 is a modified version of Figure 2.1 (which Coordinated Plus action shared situation emphasis awareness Strengthened Multilateral Strengthened Partnerships Partnerships arrangements, regional or Info subregional Enablers Info Enablers Current Current Center of Center of Bilateral Gravity Info Gravity arrangements Enablers FIGURE 3.1 Current and emerging international maritime security partnerships. Figure 3-1, editable, b&w R01141

OCR for page 52
57 INfORMaTION SHaRING, a KeY eNaBLeR characterizes the nature of existing or emerging partnership arrangements). The modifications are intended to highlight the role of “information enablers” (both the information content and the systems capabilities) as a foundation for effec- tive partnerships. These enablers would support both information sharing to gain situation awareness and subsequent coordinated action. As depicted, the center of gravity of current maritime partnerships resides in bilateral arrangements focused on the coordinated execution of tactical actions such as interdiction that support common security interests. Figure 3.2 depicts an example of the sharing of information referred to in the upper-right quadrant of Figure 3.1. It shows the position and movement of ves- sels around the island nation of Singapore, reflecting the merging of information broadcast automatically by ships that comply with international AIS standards and data obtained from coastal radar installations. Figure 3.2 suggests how the sharing and combining of particular sets of infor- mation could enable coordinated multilateral or bilateral action. Later sections of this chapter explore these enablers, and the committee then develops some findings and recommendations regarding their conceptualization, design, and implementation. It is noted here, and elaborated on below, that activities being carried out by the Navy and the larger maritime security community represent substantial initiatives to advance these enablers. The committee’s aim is to refine the original 1,000-ship concept and thereby contribute to further progress. CuRRENT AND EMERgINg INFORMATION ARCHITECTuRES Not surprisingly, having a range of information architectures allows the sharing of information among maritime partners, from mature partnerships among alliance members—for example, the North Atlantic Treaty Organization [NATO])—through temporary coalitions formed for a specific mission purpose (e.g., Joint Task Force-150 supporting operations in Iraq), to less mature and often more ad hoc arrangements with “nontraditional” partners (e.g., the Gulf of Guinea Initiative). It is instructive to review existing and emerging informa- tion-sharing systems and networks and to identify their fundamental architectural characteristics. Some regions have already established networks to share MDA information. For example, the Malacca Strait Initiative partnering Singapore, Indonesia, and Malaysia is already operational; the Gulf of Guinea network, still in its formative stage, has generated a great deal of interest on the part of the potential partners; and the Joint Interagency Task Force-South (JIATF-S), addressing drugs and other law enforcement concerns in the Caribbean region, is functioning effec- tively. However, while many capabilities support MDA systems around the world, they are a patchwork of efforts. There is no overarching MDA architecture. With the exception of the International Maritime Organization (IMO)-sanctioned AIS and the Long-Range Identification and Tracking (LRIT) reporting systems for

OCR for page 52
5 FIGURE 3.2 Singapore area maritime “picture.” SOURCE: COL James Soon, Republic of Singapore Navy, Head, Defence Technology Of- fice, Embassy of Singapore, “The 1,000 Ship Navy: A Perspective from Singapore,” presentation to the committee, Washington, D.C., March 14, 2007. Figure 3-2, bitmapped, color, broadside R01141

OCR for page 52
59 INfORMaTION SHaRING, a KeY eNaBLeR commercial ships, current arrangements for sharing MDA information, though sometimes multilateral, are mostly inefficient and lack broad application. It will take considerable effort to coordinate all the existing capabilities, extend them, and disseminate information on a timely basis to those maritime law enforcement organizations that can take the appropriate action while still respect- ing commercial and national sensitivities and proprietary interests. Mobilizing the U.S. government to assist other nations in creating more comprehensive MDA and enlisting, connecting, and sustaining the capabilities of the maritime law enforcement organizations will be a long, continuing process. At the same time, this process would build trust and transparency with other nations, contributing substantially to global cooperation. The unifying concept behind maritime security partnerships is informa- tion sharing. Using the vocabulary that has been adopted by the U.S. initiatives responding to the NSMS, the information to be shared is referred to as MDA. Because a more comprehensive MDA system would facilitate the identification of threatening activities and anomalous behavior, it would be useful for the U.S. government, encouraged by the CNO, to devote additional effort to the collec- tion, analysis, and distribution of maritime domain awareness information and to support the development of regional partnerships that could mount a concerted response to regional threats. Current Systems for Sharing Information Table 3.1 summarizes seven representative systems selected because (1) they specialize in the sharing of maritime domain information and (2) they span a spectrum of kinds of information challenges, from Secret to unclassified. The table covers a variety of systems, from operational networks that facilitate the sharing of Secret information among both traditional alliance and coalition mari- time partners in Iraq (Joint Task Force-150 CENTRIXS) to emerging demonstra- tion networks for the sharing of unclassified, commercially available AIS (and other) information with nontraditional partners (such as the U.S. Naval Forces, Europe (NAVEUR)-led Gulf of Guinea Initiative). Noting the positive charac- teristics of the Regional Maritime Awareness Capability (RMAC) and Compre- hensive Maritime Awareness (CMA) Joint Concept Technology Demonstrations (JCTDs) as well as some differences in approach between them, the committee strongly endorses the notion of regional pilots—generally led by the COCOMs and supported by the associated fleet elements as a pragmatic way to make prog- ress while building fundamental relationships. It would seem that a maritime pilot involving the northeast African coastal nations might warrant consideration as the new AFRICOM begins to undertake outreach. Further descriptive information for each of the seven systems follows.

OCR for page 52
60 TABLE 3.1 Current and Emerging Information-Sharing Systems Systems and Initiative Lead Organizations Status Users Information Shared Communications CENTRIXS DISA MNIS JPO Fielded 5 COCOMs, 77 Releasable Secret Dedicated nets nations, and NATO; COP, e-mail, chat all U.S. Navy ships CNIES U.S. Southern Fielded JIATF-S Unclassified COP, Internet Command e-mail, chat MSSIS U.S. Navy Sixth Fleet Fielded U.S. Navy, other Automatic Internet navies, NATO (26 Identification System countries) (AIS) (identification, position, other) NAIS U.S. Coast Guard Increment 1 (IOC) U.S. Coast Guard AIS Department of Homeland October 2007 Security net

OCR for page 52
RMAC JCTD U.S. European Demonstration Demonstration AIS, other sensor VHF/UHF radio, cell Command data (radar) phones, Internet CMA JCTD COMPAC (PACFLT), Demonstration Demonstration SCI, GENSER, JWICS/SIPRNET/ USNORTHCOM, unclassified, NIPRNET/Internet COMNAVEUR, C6F, coalition releasable U.S. Coast Guard LRIT International IOC December 2008 Flag states, port Ship identification, Commercial COMSAT, Maritime states, coastal states position, date/time Internet Organization NOTE: CENTRIXS, Combined Enterprise Regional Information Exchange System; CNIES, Cooperating Nations Information Exchange System; MSSIS, Mari- time Safety and Security Information System; NAIS, Nationwide Automatic Identification System; RMAC JCTD, Regional Maritime Awareness Capability Joint Concept Technology Demonstration; CMA JCTD, Comprehensive Maritime Awareness Joint Concept Technology Demonstration; LRIT, Long-Range Identifica- tion and Tracking; DISA MNIS JPO, Defense Information Systems Agency Multinational Information Sharing Joint Program Office; COMPAC, Commander, Pacific; PACFLT, U.S. Pacific Fleet; USNORTHCOM, U.S. Northern Command; COMNAVEUR; Commander, Naval Forces Europe; C6F, Commander Sixth Fleet; IOC, initial operational capability; COCOM, combatant commander; NATO, North Atlantic Treaty Organization; JIATF-S, Joint Interagency Task Force- South; COP, common operational picture; SCI, sensitive compartmented information; GENSER, General Service; VHF, very high frequency; UHF, ultrahigh frequency; JWICS, Joint Worldwide Intelligence Communications System; SIPRNET, Secret (formerly Secure) Internet Protocol Router Network; NIPRNET, Nonclassified Internet Protocol Router Network; COMSAT, communications satellite. 61

OCR for page 52
62 MaRITIMe SeCURITY PaRTNeRSHIPS Combined enterprise Regional Information exchange System CENTRIXS is a combination of separate multilateral and bilateral govern- ment networks. Key CENTRIXS networks include the Global Terrorism Task Force (GTTF) network (supporting Operation Enduring Freedom, 66 nations) and the Multinational Coalition Forces–Iraq (MCF–I) network (51 nations). Five combatant commands (COCOMs) are CENTRIXS-enabled, and there are 77 participating nations plus NATO, 11 bilateral agreements, and over 26,000 users. CENTRIXS evolved from various networking initiatives developed by the COCOMs to meet their regional information exchange needs. Although there are many individual CENTRIXS networks, they are now centrally supported and managed by the Joint Program Office’s (JPO’s) Multinational Information Shar- ing (MNIS) under the Defense Information Systems Agency (DISA). CENTRIXS is Web-centric and employs both commercial off-the-shelf (COTS) and releasable government off-the-shelf (GOTS) products. It includes MS Office automation tools, the GOTS command and control personal computer (C2PC) tool for situation awareness display, collaboration tools, and the GOTS integrated imagery and intelligence (I3) tool. A CENTRIXS workstation user is able to access browser-based products and databases, receive and display non- real-time track data feeds on a map background, send e-mail with attachments, and conduct collaboration sessions.5 While CENTRIXS provides significant operational capability and has become an essential tool for conducting current operations, areas for improve- ment have been identified and are being worked on. According to CENTCOM, “. . . inconsistencies in data owner guidance from various producers, a lack of manageable technical solutions, and a cumbersome accreditation and certification process have combined to frustrate seamless data dissemination via electronic (such as CENTRIXS) networks. These problems have directly contributed to the proliferation of multiple separate networks. The burden of additional networks has consumed limited resources and manpower and imposed an opportunity cost on CENTCOM’s coalition warfighting efforts.”6 The MNIS JPO has initiatives under way to address many of these issues, but this is clearly an area that needs continuing focus. The DISA MNIS JPO is implementing a plan to centralize CENTRIXS service provision at the Defense Enterprise Computing Centers (DECCs) in Columbus, Ohio, and Hawaii. The MNIS JPO also manages and supports the 5 Jill L. Boardman, Lockheed Martin Information Technologies, and Donald W. Shuey, Department of the Air Force, U.S. Central Command (CENTCOM). 2004. “Combined Enterprise Regional Infor- mation Exchange System (CENTRIXS); Supporting Coalition Warfare World-Wide,” CENTCOM, MacDill Air Force Base, Fla., April, p. 13. 6 Jill L. Boardman, Lockheed Martin Information Technologies, and Donald W. Shuey, Department of the Air Force, U.S. Central Command (CENTCOM). 2004. “Combined Enterprise Regional Infor- mation Exchange System (CENTRIXS); Supporting Coalition Warfare World-Wide,” CENTCOM, MacDill Air Force Base, Fla., April, p. 12.

OCR for page 52
112 MaRITIMe SeCURITY PaRTNeRSHIPS guages—is an example of releasable GOTS. Such software offers support at both the operational and tactical levels and calls for only a modest PC capability. For the exercise of C2, there is the obvious need for connectivity extending to the tactical level. The solutions range from a rudimentary, beyond-the-line- of-sight radio voice capability to high-bandwidth, satellite-based data capability. Here, too, capability building blocks are readily available. For instance, Navy plans are leveraging CENTRIXS-provided capabilities and call for providing Iridium satellite phones to selected partner nodes as part of a fly-away package (see Figure 3.6). As mentioned earlier, DOD makes available a GOTS PC-based C2 package suitable for supporting these types of activities. Technology opportunities exist in this functional domain, too. For example, beyond the current technology for video teleconferencing, an emerging so-called telepresence technology is beginning to provide realistic and full contextual face- to-face experience. Further, the section “Analyze/Fuse” touched on the technolo- gies and decision-support tools in areas such as visualization. Clearly, the selection of technologies and fielded products must be tailored to the supporting infrastructure, defined broadly—for example, bandwidth (the well- known “disadvantaged user” issue) and sustainment and training capabilities. Providing collaboration, consultation, and coordination capabilities at the operational and tactical levels is not viewed as a complex technological challenge. The issues involved in sharing such support with nontraditional partners relate to the availability of COTS or releasable GOTS products and tailoring them to the situation at hand. The provision of communications and collaboration tools and systems should be included within the broader “design template,” “maritime security partnerships catalog,” and “starter package” referred to in Recommenda- tion 7. PROTECTINg WHILE SHARINg INFORMATION The concept of MSP requires the collection, storage, and sharing of infor- mation, but the potential for disruption and compromise exists at each of these stages. Depending on a number of factors, including level of trust, potential vul- nerabilities, and cost and availability of information protection solutions, different connectivity architectures will be employed for different partnerships. In addition to the concerns inherent in maintaining secure communications and networks, there is the issue of protecting the information itself, with concerns ranging from revealing sensitive ship positions to giving away a competitive advantage. These are concerns for both the United States and the prospective maritime partners. The approach to assessing potential vulnerabilities when sharing information starts with an (open source) assessment for different levels of connectivity among the partners and is followed by a generic assessment of the vulnerability of the systems architectures envisioned to support these partnerships. This is followed by an assessment of residual vulnerabilities and their impact on the sometimes

OCR for page 52
113 INfORMaTION SHaRING, a KeY eNaBLeR difficult trade-offs between sharing and protecting information within a partner- ship context. Figure 4.2 in Chapter 4 lays out a spectrum of maritime security issues, from traditional military naval warfare at the high end to law enforcement issues such as illegal fishing at the low end of conflict. The issues will be resolved by different information security and protection regimes found across this spectrum. For example, U.S. ties to its closest allies deal with the entire security spectrum and often involve the sharing of Secret information (e.g., CENTRIXS networks), while its less mature partnership arrangement might involve sharing unclassified information, perhaps including sensitive law enforcement information, at the lower end of the spectrum. general Considerations Box 3.1 pairs the sources of potential threats to MSP and the tools they use to exploit system vulnerabilities. Although MSP does not think of nations per se as the only potential adversaries, a nation might be suspected of engaging in a hostile act if it were perceived to be behaving counter to its own interests in mat- ters such as fishing rights, navigational freedom, or environmental restrictions. Certain competitor nations have highly sophisticated capabilities in infor- mation operations, but the risk that they would mount an all-out attack on MSP information systems appears to be slight. On the other hand, a national power might wish to obtain or compromise MSP data to gain a commercial advantage. Terrorist and criminal organizations can hack into computer systems to steal information, alter databases, and disrupt networks. It is assumed that they would use these capabilities sparingly since their principal objective is to avoid detec- tion. The main concern is their acquisition of privileged information. The potential exists for nonstate actors to disrupt partnerships for political or ideological purposes. Such hackers or activists have demonstrated the ability to disrupt major networks with distributed denial-of-service attacks. BOX 3.1 Hierarchy of Threats and Vulnerabilities to MSP Connectivity and Information Protection • National (e.g., North Korea)—information operations, physical attack • Terrorist organization (e.g., WMD transport)—hacking, deception • Criminal organizations (e.g., drug cartels, piracy)—hacking, deception • Nonstate actors (e.g., hackers and activists)—network attack • Legal “infringers” (e.g., fishing rights, immigration)—deception

OCR for page 52
114 MaRITIMe SeCURITY PaRTNeRSHIPS At the low end of the threat spectrum are violations of a partner’s laws or rights, such as happens with illegal immigration or an encroachment on fishing rights. Many countries seek partnerships with the United States because it is in their interest to do so. The threat perpetrators pose to connectivity and informa- tion protection is minimal because, again, their priority is to remain undetected. The threat from an MSP standpoint is the potential for compromise of information that partner nations wish to keep private from nonpartner entities for reasons of national security or commercial advantage. If partners feel their information is not secure from unauthorized access or intentional data corruption, they may decline to share it. While breakdown in connectivity is a possibility that cannot be overlooked, it appears to be less of a threat to privacy. Protection Technology Table 3.1 listed seven systems that enable maritime information sharing, and Figure 3.7 depicted the N6 multilevel sharing architecture from unclassified systems such as MSSIS to classified systems such as CENTRIXS. Informa- tion protection issues exist with the sharing of unclassified as well as classified information (e.g., CENTRIXS nets for Joint Task Force-150). For instance, law enforcement information related to tips is generally viewed as sensitive even though the information has not been classified in a formal sense. Given the range of security regimes driven by sharing at different levels of classification and/or sensitivity, it is important to identify a corresponding range of readily available building blocks for information protection. The architecture for information sharing between or among nontraditional partners will be implemented with COTS products integrated into an open archi- tecture backbone context and protected by COTS security products. Classes of information and network protection technology are listed in Box 3.2. BOX 3.2 Classes of Information and Network Protection Technology • Multiple security levels (not the same as multilevel security) • Commercial security technology —IP Sec (IPv4, IPv6) —Secure Sockets Layer, Virtual Private Network • Multilevel security technology —Hardware-enforced security —Software-enforced security —Radiant Mercury —Trusted operating systems —Guards

OCR for page 52
115 INfORMaTION SHaRING, a KeY eNaBLeR Multiple security levels are required for protection of classified information as opposed to software-imposed multilevel security in an operating system. As an alternative to human-intensive “air gaps” to protect information and networks on the U.S. side of the interface, automated, filtered interfaces (e.g., Radiant Mercury guard) between security levels are needed to ensure capacity and timely workflow. Issues exist with current guard technology and products. For example, Virtual Private Network (VPN) security via commercial Internet service provider connection is blocked by some routers if Network Address Translation is applied behind a firewall to increase the number of users at a single IP address. However, these issues can be overcome with proper system design. U.S. policy with respect to protection is driven by the level of protection associated with the information. Some national security information can be deemed to be classified and possibly also compartmented. Other national security information can be deemed to be unclassified, with a wide range of Controlled Unclassified Information (CUI) designations, including relevant law enforcement information standards. Finally, some unclassified information is not considered as national security information but yet may require protection under a particular partnership agreement. Decisions made with respect to a particular partnership arrangement within which various kinds and levels of information are to be shared will dictate policy and derivative requirements for certification; acceptable choices among protection strategies; and products in areas such as user authentication, access controls, and information confidentiality. In the maritime sharing domain, concerns may arise about aggregate ship position information, which might compromise competitiveness, or about the potential exposure of law enforcement sources and methods. Therefore, even for unclassified information, commercial security such as Type 3 encryption, VPN, SSL, and Transport Layer Security (TLS) would be appropriate. Other commer- cial products for security and control of access to information include ID cards with biometrics for user authentication. Even networks and databases handling unclassified information need consis- tent application of COTS privacy and security products. DOD policy, although apparently not uniformly enforced, is that so-called common-criteria products certified by the National Institute of Standards and Technology (NIST; not the National Security Agency) are used in such cases. A difficulty with the NIST- certified products is that it costs vendors time and money to get certified, so the number of available building blocks is constrained. Managing Risks The application of an open architecture employing commercially available security technology basically ensures that there will be some degree of vulner- ability for system and data integrity. In general, then, the issue here is one of

OCR for page 52
116 MaRITIMe SeCURITY PaRTNeRSHIPS BOX 3.3 Information and Network Security Vulnerabilities • Insider threats • Directed denial-of-service attacks • Hacking (malicious code, interception of data, insertion of false data) • Jamming • System breakdown • Lack of configuration control (loss of interconnectivity) • Unintended recipients of information managing risk. It must be assumed that some of the shared maritime information will somehow become available to adversaries of the United States and its part- ners, including terrorists and criminal elements, through insider knowledge if not through network penetrations.16 Box 3.3, a listing of residual vulnerabilities assuming the application of com- mercial security protection, includes vulnerabilities associated with adversarial actions but also includes system design-level vulnerabilities that can bring down networks and compromise information. The most common forms of computer network attack are to overload the network to bring it down (distributed denial of service [DDOS] attacks) or to somehow gain access to the system (by hacking) to attack the operating system, create zombies, intercept data, or insert false data. Since ships require electromagnetic propagation for surveillance and connectiv- ity, their transmitted signals are subject to interception and jamming. Commercial business practice is to release new code early and apply patches as bugs are found in the software. Hackers have become very adept at exploiting bugs before the patches are applied. System-level vulnerabilities can also be anticipated if there is no configura- tion control. This issue can be addressed by U.S.-issued fly-away communication kits but would be a potential problem with partner-furnished equipment unless common standards for security products and their use are set. Unclassified infor- mation that provides information to low-end threats and assists them in avoiding detection may be broadcast. As a simple example, ship radars provide an early warning system for other ships equipped with simple radar detectors. However, for all other communications and data storage for unclassified networks, the committee foresees the common application of commercially available security products and practices. 16 PeterA. Loscocco, Stephen D. Smalley, Patrick A. Muckelbauer, Ruth C. Taylor, S. Jeff Turner, and John F. Farrell. 1997. The Ineitability of failure: The flawed assumption of Security in Modern Computing enironments, National Security Agency, Fort Meade, Md.

OCR for page 52
117 INfORMaTION SHaRING, a KeY eNaBLeR Summary The committee recommends the use of commercial products and network principles for information protection when sharing with and among partner nations at the unclassified level. Recommendation 7 assumes the Internet poses vulnerabilities associated with security. Commercial technologies exist to handle lower-end protection and are being extensively used by the Navy. Automated means exist to transition information to different levels of security for association and fusion, but these are cumbersome and limited. In addition, there is technol- ogy that allows data to be stored, communicated, and processed by a multilevel security approach. Despite the application of security technology, skilled opponents, design and configuration flaws, and equipment breakdowns will allow residual vulnerabili- ties. In particular, the insider threat is very difficult to prevent. The global busi- ness communities, such as banking, live in this environment and despite threats and occasional compromises continue to operate. Partnerships, particularly those dealing at the levels of sensitive but unclassified or controlled and unclassified should be able to operate in the face of an occasional compromise of information by criminals. Backup connectivity should be considered to maintain a sufficient level of trust with partners when the system is disrupted. The bottom line is that vulnerabilities will exist but are not seen as showstoppers for the overall concept of maritime partnerships. Risk can be managed by carefully selecting the infor- mation to be shared and adopting adequate protection measures. The committee strongly endorses the Navy’s adoption of commercial protec- tion technologies and products, as evidenced in emerging partnership initiatives. However, in this area and the area of networking infrastructure, there is a need to identify and test solutions and to attend to the devil-in-the-details issues inevita- bly associated with their integration into a working system. The committee did not, however, find any signs of an end-to-end information protection analysis, nor did it observe a NIST certificate for any information systems. Recommendation 7, which called for Deputy Chief of Naval Operations for Communication Networks (N6)-led architecting, engineering, and fielding ser- vice in support of operational initiatives, covers information protection technolo- gies and products. In addition to developing an MSP catalog of tested products and related starter kits, technical efforts should include an end-to-end information protection analysis to ensure that the protection meets the expectations of the partners for the several networks in operation or under development.

OCR for page 52
11 MaRITIMe SeCURITY PaRTNeRSHIPS STRENgTHENINg AND ACCELERATINg PARTNERSHIP OPERATIONS AND INITIATIvES—MISSION-DRIvEN SySTEM ENgINEERINg AND ANALySIS The Case for broad-based System Engineering and Operations Analysis Beyond the technically based efforts to ultimately field the enablers discussed in the three functional areas discussed above, there are the system-of-systems or enterprise issues associated with (1) maximizing capability and performance of existing systems and assets, (2) identifying capability gaps and solutions for filling them, and (3) exploring the difficult trade-offs between capability choices in a constrained funding environment. For instance, the foregoing discussion of intelligence/surveillance identifies options for improving the maritime picture and the need to explore these, including, in the end, a prioritization of possible invest- ments based on their contribution to operational mission outcomes. Further, there are choices to be made in all the functional areas. Is the return on a $1 investment in additional surveillance capability as high as the return on that same investment in better fusion and mining of information from existing sources? The committee found fertile ground for mission-focused operational analysis during its visits and internal discussions. For instance, interactions with JIATF-S representatives clearly identified challenges associated with the allocation and deployment of scarce maritime surveillance and interdiction assets, a solid rec- ognition and understanding of these issues on the part of experienced staff, and an intent to build a base of operationally oriented data for analysis (an “enterprise database”). However, operational imperatives understandably continue to domi- nate or even preclude substantive, sustained analytic effort. Figure 3.19 illustrates a case in point: an analysis of surveillance coverage performance for different combinations of assets over a representative search box, noting the broader ques- tion of allocating assets among the more than 3,000 such search boxes that make up the JIATF-S area of interest. Even though such analytical challenges were not routinely discussed with presenters or during visits, they clearly exist wherever surveillance assets are being deployed and tactical actions are being taken and can be expected to persist as emerging partnerships mature. Furthermore, the pressure of day-to-day opera- tional imperatives as partnerships mature is not viewed as unique to JIATF-S. The idea is that providing operationally oriented analytical support to part- nership operational elements in a responsive and tailored way would advance the cause of maritime security. The committee envisions that combining such analyti- cal support with support for enterprise-level issues will result in a broadly based systems engineering and analysis activity in support of partnership operational elements. The systematic execution of such an activity calls for a mission-ori- ented framework of some kind that encompasses all of the functional elements in a mission; Figure 3.10 shows an example. This mission-driven systems engineering and analysis would also accommo-

OCR for page 52
119 INfORMaTION SHaRING, a KeY eNaBLeR A maritime patrol aircraft (MPA) is critical to success in detecting illicit trafficking. In a typical 75 × 150 nmi search box; —Ship alone: 9% detection rate —Ship and helicopter:20% detection rate —Ship and helicopter and MPA: 70% detection rate i i FIGURE 3.19 Allocation of surveillance assets to search boxes: a JIATF-S example. SOURCE: Joint Interagency Task Force-South, “The Importance of MPA,” presentation to subgroup of the committee, June 12, 2007, Key West, Fla. Figure 3-19, type is editable, background map is bitmapped, b&w date planning for the future (“preplanned product improvements”) and enabling R01141 technology developments and insertions. Examples include automated decision aids such as rudimentary anomaly detection. A Corollary Effort— Strengthening the International Maritime Security Regime This report envisions the development of a two-pronged strategy for the building and strengthening of maritime partnerships—working regional and subregional initiatives and, at the same time, longer-term steps to strengthen international maritime security. Of particular interest here is the charter of the IMO, a central player in improving maritime security, and its successes in areas such as AIS and LRIT and in fostering standards for the reporting and exchange of relevant maritime information and working out agreements for the reporting and exchange procedures and obligations of its member nations. The committee believes that there are opportunities to extend and advance information reporting and sharing agreements that support maritime security and that the U.S. parties

OCR for page 52
120 MaRITIMe SeCURITY PaRTNeRSHIPS have opportunities to introduce constructive proposals and to support their further definition in an IMO working group. For example, one could conceive of report- ing and sharing some classes of shipborne radar information, as discussed above, a topic that will presumably be addressed in an upcoming (as of this writing) IMO-hosted conference on such matters. Technical analysis and support focused on topics like the relative merits of different data representation standards and mechanisms for collecting and sharing the reported information would of course be required. Such analysis and support is carried out today by the USCG as the U.S. representative to the IMO. The extension of such efforts, as envisioned here by the committee, is moti- vated by the view that the United States could be more proactive in tabling pro- posals and driving them to realization, with technically based recommendations as a key element. The Need for Technical Leadership by the Navy Finding: There is a need—unsatisfied today—for a systematic, analytical approach to optimizing the design of the end-to-end system for the collection and analysis of maritime security information and its follow-up. Satisfying this need would require a range of technical support from the Department of Defense and interagency arena to foreign partners. No matter how they are provided, support and advice should focus on system engineering for operational initiatives and would encompass related efforts such as the strengthening of U.S. technical participation in selected IMO initiatives as well as pragmatic, analysis-based advice to foreign partners on the most effective way to augment and deploy surveillance assets (e.g., radar siting). Recommendation 11: The Chief of Naval Operations and the Secretary of the Navy should jointly propose a Navy-led and Navy-housed executive agent on the technical aspects of an information-sharing system for the U.S. interagency maritime security partnerships initiative. This agent would provide systems engi- neering and operations analysis resources with technical support to International Maritime Organization initiatives. This mission-driven, enterprise-level systems engineering and analysis capability would be an extension of the Maritime Domain Awareness Executive Agent role already assigned to the Navy by the Department of Defense. It would support not only the U.S. elements but also, under the auspices of ongoing initiatives, its foreign partners. The enterprise-level systems engineering and analysis activity envisioned by the committee would address the following: • Maximizing the capability and performance of existing systems and assets,

OCR for page 52
121 INfORMaTION SHaRING, a KeY eNaBLeR • Identifying capability gaps and solutions to bridge them, • Exploring difficult cost/capability trade-offs, • Allocating scarce assets to support operations, • Mission-driven planning for future incremental improvements, and • Identifying and planning for enabling technologies. These activities would be accomplished from an end-to-end mission flow per- spective, adopting an explicit framework for analysis (see Figure 3.9). In this role, the Navy would be providing technical services to a range of customers: personnel at DOD, DHS, and at the Department of State elements responsible for leading and orchestrating MSP initiatives from a U.S. stand- point—for example, COCOMs, the USCG, and Department of State country teams as Navy’s customers. It is understood that the technical efforts envisioned here, to the limited extent that they are undertaken today, would be distributed among different ele- ments across the Navy, DOD, and the federal agencies. However, the committee came around to the view that a serious commitment to the MSP concept calls for a dedicated system engineering and analysis activity postured to work on all the regional and subregional operations and initiatives. A dedicated, centralized activity would consider both user responsiveness and a mature center of excel- lence that serves as a repository for analytical tools used for the kinds of effort described here. The committee understands that once such an effort is further defined and sized, it may well call for more funding than has so far been envisioned in MSP- related planning. At the same time as it realizes that new funding is always an issue, the committee also realizes that the funding requirements for the activity will probably be modest—a reasonable price for maximizing the mission perfor- mance of capabilities and assets involving substantially more investment and for informing decisions on future deployments and investments. Looking Forward— An Interagency MDA Portfolio to be Defined and Managed The foregoing sections discussed system architectures and options for strengthening MDA information and its sharing in the 1,000-ship Navy context. Enabling management activities were called for in 11 recommendations. All of this, of course, implies investment. Just defining the options and assigning pri- orities is complicated by the fact that the MDA portfolio inherently cuts across multiple federal organizations and other systems (e.g., DOD, DHS, broader law enforcement, broader intelligence) and interfaces with international partner enti- ties. The creation of the Director of GMSA position and the charter for GMII is of course designed to address the horizontal nature of the MDA challenge. The committee believes it would be highly desirable for the GMSA and GMII—with

OCR for page 52
122 MaRITIMe SeCURITY PaRTNeRSHIPS substantive support from the Navy as executive agent for the DOD—to take on the task of defining and establishing a management mechanism for the MDA portfolio. Turning to the capabilities of interest and the Navy’s investment therein, it seemed to the committee during its initial work that the Navy’s focus was on exploiting the available information as much as possible (current dots) rather than, for instance, on seriously investigating potential new or enhanced surveil- lance capabilities, as outlined in this chapter (new dots). This focus and the resulting prioritization of modest resources seemed reasonable, and the reluctance to make potentially large investments in new surveillance systems without any clear and commensurate signs that they constituted a national security priority was understood. Later on, as the committee was finishing its deliberations, the issuance of Navy guidance and the Navy’s strong opposition to spiral 1 of MDA capability (the investment was apparently about $300 million) began to focus on and accel- erate cross-community sharing and exploitation of information. Although the sharing was mainly with federal agencies as opposed to international partners, the committee viewed it as a very positive move. Nonetheless, the committee remains concerned about the apparent lack of attention to strengthening maritime vessel surveillance. The idea here, reflected in recommendations in this chapter, is not that a large investment should be made in a particular system or capability but that a modest investment should be made now to explore in depth the full range of options, both those laid out here and others that will undoubtedly be identified. Known and potentially serious gaps exist in the technologies for active, assured surveillance. Clearly, promising options requiring significant investment would have to compete with other Navy and DOD needs. In any event, the notion of a well-defined and actively managed MDA port- folio at both the interagency level and within the Navy is strongly endorsed by the committee.