A methodology for the structured security analysis of interconnections

Effective and efficient cooperation within future military operations increasingly requires the sharing of information among coalition partners and other organisations, as envisioned by the NATO Network-Enabled Capabilities (NNEC) study. It is therefore necessary that military communication infrastructures can be interconnected to facilitate the information sharing. This information sharing requires a high level of assurance on the security of interconnections. However it is often difficult to identify the appropriate security requirements, due to the complexity as a result of the differences between the applicable security policies. The methodology aims to provide a structured approach to define the appropriate security requirements and enable the determination of a balanced set of security measures for an interconnection. By decomposing the interconnection on a conceptual level into smaller parts, compartments can be defined that address a subset of the entire complexity. Between all these compartments as well as the own and other domain Security Policy Enforcement Points (SPEPs) can be defined. The division into compartments is based on the classification level, security policy and operational responsibility for the information. By determining the threat significance, trust level and threats for each individual SPEP specific security requirements and assurance requirements can be defined.