Why a Common Data Classification Standard is an imperative for NATO
Written by Alan Borland, SAFEmail Product Manager, Boldon James
An exercise in improving interoperability
This week sees the start of the Coalition Warrior Interoperability Exercise (CWIX) 2020 which demonstrates the resilience of NATO and partner nations as they continue to innovate in order to improve interoperability, even despite COVID-19 restrictions. The event is designed for experimentation, examination and exploration of new standards, ideas and technologies.
CWIX 2020 takes place from 8 to 26 June with 19 nations participating in the exercise and two additional nations observing. The exercise, which is focused on testing and improving interoperability, will trial about 160 capabilities, including two that are particularly relevant in the context of COVID-19.
Strong heritage in military messaging
Here at Boldon James, for the past 20 years we have been leading the way with Military Messaging Handling Systems (MMHS) using Microsoft Exchange as the core messaging service. This has involved supporting the full evolution of NATO STANAG’s (Standard NATO Agreement) from the early draft revisions through to the latest versions agreed by the member nations.
For those less familiar, over the last few years, military messaging has changed quite a lot, progressing from the X.400 military messaging systems onto SMTP-based solutions that integrate with other services, environments and applications, meaning data is no longer constrained to the messaging environment alone.
Today, data-centric security is the modern approach, meaning the data itself is protected rather than the applications layer, ensuring that as data moves increasingly between applications and different environments it is protected. NATO recognised the need for this and has been developing new standards that focus on protecting data in addition to the applications.
New standards for data-centric security
As part of this initiative, they have looked at a new NATO labelling approach, and developed the new STANAG 4774 which defines the syntax for a Confidentiality Label, used for labelling numerous data objects. The Confidentiality Label includes the traditional classification and caveats seen in email labelling and critically now includes additional metadata, such as the creator of the label, the creation time, the expiry time and much more.
The use of this Confidentiality Label allows the data to have a clearly defined owner, facilitates the sharing of data and provides a level of data assurance that comes from knowing the source and integrity of the data can be quickly determined. In other words, data can be classified and protected using a common format. By using a common format, we can more easily share and protect our information, as well as provide ongoing post-release control of the information we have shared.
That said, sharing information requires a level of trust between the sharing parties, and this trust is further established if the classification is bound to the shared information. The Metadata Binding Standard (STANAG 4778) is the companion document to the Confidentiality Labelling Standard, and provides a consistent method for binding the Confidentiality Label to the information throughout its lifecycle, and between the sharing parties.
Standards that are applicable to the commercial world
Sharing information is more than just sending an email. Today we have web services, databases, document repositories etc. all regularly sharing information throughout the world. NATO has made a good start with a set of standards that are equally at home in the commercial world as they are in the defence and intelligence worlds.
Here at Boldon James, we have invested significant time in supporting these emerging standards and we’ve also attended previous NATO CWIX events, performing interoperability testing with vendors from other nations and providing prototype products to demonstrate how these new standards operate in an information-centric world.
This process has been invaluable on both sides, as NATO are able to test and prove the standards they are writing, and the vendors are able to test their interpretation of the standard.
Data classification and military messaging solutions that support emerging NATO standards
With NATO labelling and data protection approaches evolving to address new threats and opportunities, Boldon James continue to innovate to meet these demands. By closely aligning our military messaging and data classification solutions to support the emerging NATO standards and ensure Microsoft applications and platforms are also aligned, we have ensured that our solutions are applicable for the NATO organisation and NATO nations’ environments, not just today but well into the future.
To this point, we are now ready to adopt these new standards in our secure messaging product offerings going forward and are also looking to embark on a number of new partnerships that will further support developments in this area. As such we are really looking forward to a fascinating CWIX this year where we will continue to explore these and other standards further. If you are interested in finding out more about NATO or these new standards, do get in touch.
To learn more visit: https://www.boldonjames.com/resources/data-classification