Figure 1: Information Sensitivity Classifications in the Tactical Environment

Mel Crocker General, Dynamics Canada
2007 CROSSTALK The Journal of Defense Software Engineering   unpublished
N et-centric warfare is about employing information age concepts to increase combat power in war and mission effectiveness in operations other than war [1] . By linking sensor networks, command and control networks, and shooter networks, warfighters can achieve efficiencies in the full spectrum of operations by sharing information in a common operating environment. Unity of effort across organizational, national, technical and spatial boundaries is necessary. Warfighters have a duty to share
more » ... ormation with others, and in the tactical environment it is not always obvious who needs the information and exactly how that information will be used. In some respects, sharing information is a leap of faith that the recipient will treat the information properly, not abusing the implied trust. This article introduces aspects of the tactical environment and some of the complexities of sharing information in a tactical network, describes the security challenges and suggests a high-level security architecture that applies adequate measures without compromising the information sharing needs of the warfighter. Secure solutions to these types of complex net-centric problems are made achievable with the increased assurance that can be placed on well-developed and tested software. The Tactical Information Environment Information in modern tactical networks is generated from multiple sources: global positioning system receivers, unmanned and manned sensors, observations and recordings of individuals, higher command and intelligence networks, the Internet, and a variety of other sources. In modern operations, information must flow quickly from sensors to fusion processes to analysts and decision makers and, finally, to those who must execute action. Taking more than a few minutes from detection to action often significantly reduces the effectiveness of operations. Beyond the need for quick and wide information flow, the tactical information environment is also made complex with differences in information sensitivity. As one moves from the fighting echelon of a tactical deployment back to national headquarters, there are fundamental differences in the sensitivity of data. For tactical elements in direct contact with the enemy, the majority of information processed is highly time perishable and generally focused on the following questions: Where am I? Where are my buddies? Where is the enemy, and what are his capabilities? Within a tactical headquarters environment, the information becomes more sensitive as plans are generated, intelligence is analyzed, and the larger tactical environment is monitored. Current government sensitivity labels and handling are based on definitions of sensitivities that were created for nationally sensitive information, only loosely relevant in the tactical environment. Executive Order 12958 describes three subjective classifications based on the damage resulting from compromise: TOP SECRET -exceptionally grave damage; SECRET -serious damage; and CONFIDENTIAL -damage to the national security [2] . These are relatively subjective groupings based on an interpreter's understanding of the anticipated impact of unauthorized disclosure and centered on national security. There is no time perishable consideration and all consideration is toward the affect on national security, not the impact on tactical operations; national security and tactical operations are related but are not the same thing. Figure 1 illustrates the five types of information and where they likely fit in current classifications. The figure introduces the term tactical sensitive for information falling between confidential and unclassified; it describes much of the information handled in a tactical environment. Beyond the varied information sensitivities, warfighters also face the significant challenge of information overload and determination of correct distribution. To deal with this, Alberts and Hayes suggest that systems must transition from information push designs toward information post and smart pull designs. Moving from a push to a post and smart pull approach shifts the Cross-Domain Information Sharing in a Tactical Environment Net-centric warfare in the full spectrum of operations mandates information sharing among non-traditional partners across security domains. This information sharing requires the exploitation of complex technologies and generates significant security challenges. Traditional information assurance solutions to support cross-domain information sharing have focused heavily on preventive measures, restricting information flow and reducing the risk of information compromise. This constraint on information flow directly opposes the duty of the warfighter to share information. A holistic solution involving robust software components, auditing, and permission management will reduce the risks of unauthorized information exposure to adequate levels without imposing severe information flow constraints.