Transforming Information Assurance for Netcentric Operations: Providing Assured Information for National Security

Johns Hopkins University Applied Physics Lab
Laurel, MD
6-8 March 2007

Terms of Reference

1. Background

The twenty first century is accompanied by many changes that are influencing the national security landscape.  One key change to the landscape is the arrival of a multi-polar world, with non-state actors that present unprecedented and often unpredictable asymmetric threats.  The second is the arrival of the information age.  The availability of advanced information technologies, accompanied by a creative vision about how to apply that technology, is fueling an effort to "Transform" the military into a "Network Centric" force.  These two features of our modern world present opportunities to meet threats to peace and stability in ways that were previously unimaginable.  The continually increasing reliance on information technology in military operations, and in fact across society, also presents risks that were previously unimaginable.  Assured information is absolutely essential if these risks are to be effectively mitigated or managed.

Various governmental agencies, industry, and academia use the term "Information Assurance" differently for many diverse problems.  Generally, Information Assurance (IA) has evolved from simply computer security and information security to include concepts such as risk management, cost-benefit analysis, mission assurance, and information systems engineering.  As IA has evolved, it has in fact become different things to different organizations and people as they have quite rationally tailored their emphases and their supporting analytic agendas to meet their goals and objectives.  The result is that one group's interpretation of IA may include some particular perspective or solve a specific problem that a different interpretation does not contemplate.  However, these relatively independent treatments are only effective for relatively independent information systems that are physically and functionally separated.

In general IA is a class of information operations that protect and defend information and information systems.  Historically these operations in the military have appropriately focused on ensuring a relatively small number of commanders and staff elements are able to acquire, process, and use information which is critical to success in battle. The ubiquitous Global Information Grid (GIG) is the information environment for the future, and it is needed by and accessible by a much broader community of information users. Future doctrine asserts an ability to achieve decision superiority, which will be based on information superiority.  Increasingly the relevant information and supporting information systems will exist in and use the resources that extend beyond traditional Military command and control systems and supporting sensors (e.g., open source info, commercial sensor systems, etc.).  These changes in the operational environment have significant implications for how information assurance should be addressed in the future.

The following examples highlight the need for creative discourse in a forum such as MORS. 

Availability - Is formally defined to be timely access to data and information services by authorized users.  The historic focus of the U.S. on IA in the field has been on key operational military leaders.  The emerging security environment appears to demand that we consider "dynamic" availability of information to coalition forces, nongovernmental agencies in theater, and in fact populations in general.  Meeting this need effectively will require analytic support across the spectrum from engineering feasibility to information sharing policy.

Integrity - Historically has been focused on the protection against unauthorized modification or destruction of information.  That said, broader definitions in the information technology and science community speak to the logical correctness and reliability of data and information.  This implies the need to address a set of broader analysis issues associated with the emerging use of open source information, dynamic operating environments, and the consequent instability of value added information services (e.g., command and control decision support services).

Authentication - Traditionally has been defined to be a security measure designed to protect a communications system against acceptance of a fraudulent transmission or simulation by establishing the validity of a transmission, message, or originator.  (Joint Pub 1-02)  IA measures in the future need to extend beyond the historically sufficient technical solutions of closed command and control systems with well defined information requirements and capabilities to open systems capable of dynamically authenticating users and possible sources of information, likely under conditions of uncertainty.

Confidentiality - The ubiquity of the GIG, coupled with the need to be inclusive with populations of information users that have historically not been involved in national security issues presents a significant technical and analysis challenge. 

This entire subject area is one which pushes the limits of both science and practice.  Effective improvements in information assurance will require creative and open discourse among traditional operators, operations analysts, technologists, and scientists and engineers from many disciplines.  If information is to be the cornerstone of our military's future success, it is essential that meaningful efforts be initiated to adapt to the dynamic and uncertain operational environment we are already facing, and are certain to face into the foreseeable future.  The focus of this workshop will be to examine how the Military Operations Research community can contribute to these efforts.

2. Sponsor Interest

This workshop is supported by all of the MORS Sponsors as a mechanism for stimulating collaboration and meaningful discussion across the myriad communities involved in IA issues.

3. Purpose, Goals, and Objectives

The purpose of this workshop is to bring IA issues to the forefront of the military operations research (OR) community by stimulating communications between the analysis communities who traditionally conduct military OR and defense analyses, and those addressing IA.  The overall goal being to present a set of recommended actions to the MORS sponsors that will help the department more effectively consider information related issues in key policy, resource allocation, and other decision support analyses.

Specific objectives are to:

4. Approach

The workshop will be three days in length.  The first day will be a mixture of plenary speakers and working groups to expose participants to the broad and diverse set of perspectives concerning Information Assurance issues.  The second and third days will be conducted principally in working groups to focus on specific questions relevant to that particular subject area.

There will be four working groups plus a synthesis group, organized as follows:

Working Group 1 - Lifecycle Information Assurance –  In effect there are three "lifecycles" that are relevant to IA in our nation's information systems.  The first lifecycle of the physical systems that perform the computational and communicative operations; the second is the lifecycle of software that resides on the system; and the third is the information itself.  Each of these lifecycles occurs over different time horizons and has different factors that must be considered in IA related analyses.  This working group will share ongoing work across these areas and attempt to develop a framework for considering systematically analysis issues throughout the lifecycles.

Working Group 2 - Evaluation and Analysis of "Net Ready" Key Performance Parameters in DoD Information Systems – NR-KPP were developed to assist in development, and to assess the information needs, information timeliness, information assurance, and net-ready attributes required for both the technical exchange of information and the end-to-end operational effectiveness of Information Technology and National Security systems.  This working group will focus on refining how the IA portions of these KPP's can and should be evaluated for the systems under development.  Particular attention will be given to issues of measurability and operability in testing, and the role of modeling, simulation, and analysis in support of system testing and evaluation.

Working Group 3 - Issues of Information Assurance in Information Sharing --The lack of connectivity and searchability of current DoD data (ranging from potentially disconnected command and control systems to study results) significantly limits information sharing.  This working group will explore the technical and relational issues that need to be addressed to improve this information sharing in an assured manner.  The state of the art and practice, as well as recommendations on where the analysis community might contribute to or benefit from emerging technologies, will be reported to the sponsors.  Example of the types of discussion include; the potential use of metatagging to improve data search and access across the Department, the development and application of more universal approaches to data development and sharing, the possibility (and risks) of DoD leveraging currently available search engines such as Google^tm to be applied across all data storage areas.  Once separate DoD databases are linked and available through common search methodologies, the logical extension would be the use of common, yet tailorable, ways to present the information in two-dimensional, three-dimensional or other useful formats. 

Working Group 4 - Information Assurance Related Advances and Opportunities in Modeling, Simulation, and Analysis – This working group will explore the current state-of-the-art, and practice for IA related modeling and simulation along two dimensions.  First, how are IA issues and effects represented in the DoD's current suite of models and simulations?  Second, what models and simulations exist that support IA analyses directly?  This foundation then sets the stage for exploring and making recommendations about how IA should be represented in future DoD models and simulations, And, developing recommendations about tools and techniques the analytic community might adapt or develop to support IA analyses.

Synthesis Group - The importance of information and information systems to the future effectiveness of military forces, and national security in general has seemingly become a tautology.  Assured information is essential to achieving that effectiveness.  A set of questions the synthesis group should address for the sponsors are: How are IA issues considered in current DoD analyses?;  How should they be considered in the future?;  and, What should the role of DoD analysis agencies seek to fill in meeting the needs of the Department and the nation?

5. Workshop Planning and WG Chairs

MORS Proponent:  This workshop is supported through a consensus of all of the MORS Sponsors.  It integrates three previously submitted special meeting concept papers.

Workshop Chairs:

Dr. Daniel T. Maxwell (Innovative Decisions, Inc.) dmaxwell@innovativedecisions.com, (703) 409-7828

Mr. Donald Timian (Army Test and Evaluation Command) donald.timian@atec.army.mil.

Ms. Donna Gregg, (Johns Hopkins Applied Physics Lab)  Donna.gregg@jhuapl.edu

Workshop Advisors:

Technical Advisor:

Working Group 1- Refining a Framework for Lifecycle Information Assurance
Chair: Dr. Carol Woody, Software Engineering Institute – CERT 
Co-chair: Capt David Caswell, NSA
Recorder: TBD

Working Group 2- Evaluation and Analysis of "Net Ready" KPP's in DoD Information Systems
Chair: Mr. Robert Aaron (Accepted)
Co-chair: TBD

Working Group 3- Issues of Information Assurance in Information Sharing
Chair: Mr. Jeffrey Gerald, CINTT  

Working Group 4- Advances and Opportunities to Support Information Assurance Analysis
Chair: Ms. Mary Aurelia Horejs, NSA
Co-chair: Ms. Lara Diamond, NSA
Recorder: TBD

Synthesis
Mr. Jeff Osborn, JHU/APL
Co-chair: Mr. Michael Skroch, Sandia National Labs
Recorder: TBD

6. Attendance

Facility limitations will cap attendance at approximately 175 people. 

7. Deliverables

8. Milestones

9. Planning and Organizing Committee

All Workshop and Working Group Chairs, Advisors, etc, listed above, plus:

Brian Engler, MORS Staff
Natalie Kelly, MORS Staff
Colette Burgess, MORS Staff
Dr. Andrew Loerch, MORS Bulldog

10. Administrative

Name: Transforming Information Assurance for Netcentric Operations: Providing Assured Information for National Security

Dates: 6 -8 March 2007 with an optimal Tutorial on Monday, 5 March 2007

Location: Johns Hopkins, APL

Registration Fees/Tuition:

Entire Workshop
Non-Government/Non-Member: $750
Non-Government/Member: $675
Government/Non-Member: $640
Government/Member: $575

Plenary Only
All/Non-Members: $375
All/Members: $325

Maximum Attendance: 175 in Plenary Room

11. Tentative Agenda

Some of our links are in portable document format (pdf); they will be indicated by this symbol . To read these files you must have Acrobat Reader^®. You can download Acrobat Reader^® by following this link .

Please read our disclaimer.
Send mail to corrina@mors.org with questions or comments about this web site.
Copyright © 1997-2006 Military Operations Research Society
Last modified: March 15, 2007