5 minute read
Documentation 5G networks, “fake news” and disinformation
NAPMA further expands its SINA Secure Remote Access capability
The NATO AEW&C Programme Management Agency (NAPMA) uses a SINA 1 solution, enabling staff members to securely work with classified and unclassified data simultaneously. In December 2017, the specific NAPMA infrastructure which includes the SINA solution was granted security accreditation by the NATO Office of Security. Furthermore, the agency recently decided to extend the solution.
The following interview was conducted by secunet, the German company that developed the SINA solution. Stephan Sauer who was heading NAPMA’s Information Management Branch from February 2017 to March 2019 elaborates on the initial challenges and how the SINA solution solved them. 2
Secunet: Who and what is NAPMA and what is the organization’s mission? Stephan Sauer: The NATO Airborne Early Warning & Control (NAEW&C) Programme Management Organization (NAPMO) was created in 1978. This organization is responsible to the North Atlantic Council for the NAEW&C Programme – which, in short terms, is the NE-3A aircraft, the NATO AWACS. The NAEW&C Programme Management Agency (NAPMA) is the executive agency of NAPMO. Within the responsibilities granted to NAPMA, the agency manages all aspects of the Programme from acquisition through delivery and on through Life Cycle Management of the NE-3A.
secunet: Within NAPMA, what do you and your team look after? What are your key operational responsibilities, goals & objectives? Stephan Sauer: NAPMA’s Information Management Branch is the Information Management (IM) and Information Technology (IT) service provider of the agency. Its mission is to enable NAPMA with IM/IT services and capabilities needed to perform NAPMA’s executive, administrative, and project management functions in an effective and efficient manner. The availability and control of information is critical to NAPMA’s organizational success. Currently, NAPMA operates a small secure dedicated CIS environment centered on Microsoft technology to provide office automation and external connectivity located at one site in Brunssum, The Netherlands. The main services provided to the users are e-mail (MS Exchange), document management (MS SharePoint) and an enterprise resource planning system (SAP). With the extension of the SINA laptops and secure smartphones, around 70% of the NAPMA staff is now equipped with a SINA laptop.
secunet: When working in such an operational environment you need to be able to securely receive, store, work on and transmit sensitive and/or highly-sensitive data. What kind of CIS policies & processes do you need to follow to ensure compliance? Stephan Sauer: As with other NATO entities, NAPMA shall comply with NATO-wide IT related and CIS Security policies, directives, and guidelines. At NAPMA those policies, directives, and guidelines are further tailored to NAPMA’s business requirements while maintaining a security accreditation by the NATO Office of Security (NOS). A prominent milestone was achieved
Photo: NAPMA
in December 2017 when NOS granted security accreditation authorizing the NAPMA NR Main CIS to store, process, or transmit information up to and including NATO RESTRICTED (NR). This accreditation included the SINA implementation at NAPMA. With regard to the capability to securely store, process, or transmit sensitive data, it is mandatory for NAPMA to keep control and ownership of the information. Likewise, supervisory control of all external IT services/support shall remain with NAPMA. From this perspective, SINA is a great capability for NAPMA’s IT to meet this requirement.
secunet: When you and your team formulated your requirements for a secure remote access capability, what were the key objectives and challenges you were seeking to address? Stephan Sauer: Intent was to enable staff to work on- and off-site, on- and off-line with the same functionality as the inhouse NAPMA NR workstations and with a similar performance. The challenge was to implement a service that not only meets the user requirements, but also fits into NAPMA’s framework regarding e.g. pricing, quality of service, and implementation timelines. In addition, NAPMA strived for a system that provides the user with two strictly separated workspaces: First, a managed workspace for NAPMA business like on any other NAPMA workstation for up to and including NATO RESTRICTED. Second, a low cost (e.g. license free) and low maintenance workspace allowing web-browsing and basic office applications during business travel (e.g. no content filtering on internet
Stephan Sauer is a German Air Force General Staff Officer. From 2014 to 2017 Mr. Sauer had been the Executive Officer of the NAPMA General Manager. During this period, he established the Information Assurance Section at NAPMA deriving initial Information Assurance requirements for the Final Lifetime Extension Programme of the NE-3A (AWACS). In 2017 he took over as Chief the Information Management Branch responsible for providing IT services to the agency. In April 2019, Mr Sauer left NAPMA and joined the German Armed Forces’ Cyber and Information Domain Service (CIR).
access to allow check-in for flights, etc.). In 2015, we obtained the SINA SRA capability and, in 2018, we decided to triple the size of the infrastructure. One of the reasons for this was that the NAPMA users have been very pleased with the SINA devices regarding performance and user handling.
secunet: What are the key benefits your network and system administrators as well as your daily users have encountered and voiced back to you? Stephan Sauer: After three years of operation I may summarize that the SINA solution has fully met the users’ as well as administrators’ expectations regarding these criteria. The fact, that in three years of using 30 SINA devices NAPMA just had to open 12 support tickets, speaks for itself. With regard to the extension of the SINA devices at NAPMA, it is a fair statement that the new SRA users have fewer difficulties handling their “unknown” SINA device than they have with adapting to the software change that took place in parallel from Win 7 to Win 10 and to the new version of MS Office. The network and system administrators benefit very much from the smooth integration of the backend and the devices into the existing IT infrastructure. Managing the capability does not require a lot of effort. Using the same software images on the SINA, as well as remaining desktop computers, is more than beneficial. Positive feedback is also coming from CIS Security staff, who is pleased to see the separation of the restricted business workspace and the less protected session for Internet access.
secunet: Thank you Mr Sauer for this interview. We wish you success in your next position at the German Armed Forces’ Cyber and Information Domaine Service (CIR).
1 SINA (Secure Inter-Network Architecture) is a high-security solution that secunet has developed on behalf of the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, BSI). SINA has already been successfully used for many years by public authorities and the armed forces, both in Germany and abroad. 2 The interview was conducted before Lt Col Sauer left NAPMA.
MORE INFORMATION: Jerome Kühnert secunet International GmbH & Co. KG Kurfürstenstr. 58, 45138 Essen, Germany
