9 minute read

Cyber Information Sharing in Times of Crisis

78

In an increasingly hostile cyber environment, the head of the NCI Agency’s Cyber Security Operations Branch, Emmanuel Bouillon, reveals the benefits of the Agency’s Industry Partnership Agreements to Mike Bryant

79

80

The NCI Agency has long sought to work with industry, non-profit organizations and academia for the mutual benefit of all parties. It seeks out ideas and solutions to challenges that NATO and its members face, and these same challenges can also be faced by non-NATO actors. Nowhere is this more the case than in the realm of cyber security.

The NCI Agency is the technical authority on cyber security for NATO and the lead on defending the Alliance against cyber threats. In many ways, its work with the private sector in this domain dates back to 2014, when NATO leaders endorsed the creation of the NATO Industry Cyber Partnership (NICP), a programme designed to foster cyberrelated information sharing by the Alliance with industry.

At the heart of the NICP strategy is the NCI Agency-driven programme of Industry Partnership Agreements (IPAs), which bring together large, medium and even smallerscale private enterprises that offer their own technological solutions to the cyber threat or themselves face a danger from cyber-attack.

The partners work together for mutual benefit both at a technical and operational level, sharing information on cyber threats and information security best practices, as well as cyber threat indicators and mitigation measures. The aim is to increase awareness of threats to NATO and industry partners, enhancing resilience amongst all involved.

Emmanuel Bouillon, head of the Cyber Security Operations Branch at the NATO Cyber Security Centre within the NCI Agency, explains that the NCIP and the IPA framework that the Agency runs within it, grew out of the realization that NATO and some industry partners were facing identical cyber threats. The non-commercial, NATO-unclassified IPA programme has been “extremely valuable for us to share information on cyber threats and to receive industry feedback,” he says.

Some of the strategic industry partners that have joined the programme offer a wideranging telemetry, Bouillon observes – they can provide data and feedback across their global nexus of businesses, adding significantly to the view that the NCI Agency and its Alliance partners see across the scope of NATO networks.

Their thoughts and expertise are then shared by the NCI Agency with all key stakeholders within the Alliance, not least other lead entities on cyber within NATO such as the Cyber Threat Analysis Branch (CTAB) and the Cyberspace Operations Centre, as well as individual member nations as appropriate. “We share information within IPAs in the spirit of mutual defence,” Bouillon continues. “The programme helps our partners to defend themselves from threats, while from NATO’s point of view it is vital to improve our own understanding of the wide-ranging cyber threats we face.”

Feedback and assistance offered from industry partners within the collaborative approach that the IPA programme provides, can be particularly forthcoming at times of high visibility events such as NATO summits. It’s also particularly beneficial in terms of the technologies and solutions that partners bring that are not already found within the Alliance. “But all round, it’s a win-win situation for everyone,” he says.

FROM STRENGTH TO STRENGTH

Industry partners typically sign up to the IPA framework for a period of three years, but their participation normally rolls on beyond that period. Partners also tend to sign up to the same agreements, although there might be some minor divergences in the small print on how information is shared between the company and NATO and how it might be further disseminated (or, indeed, whether the agreement is made public).

The programme continues to go from strength to strength. Bouillon confirms that the NCI Agency is working with a number of prospective new IPA partners. However, “We try to expand our partner base, but will only accept a new entrant to the IPA framework when it is mutually beneficial to do so,” Bouillon stresses – “only when it is going to benefit the programme”.

“The aim is to increase awareness of threats to NATO and industry partners, enhancing resilience amongst all involved”

The NATO Cyber Security Centre in Mons, where Emmanuel Bouillon runs the Cyber Security Operations Branch (PHOTOS: NCI Agency)

81

INDUSTRY PERSPECTIVE

Driving mission transformation

Model-Driven DevOps for NetOps. Transforming DoDIN Cyber Operations with Network Infrastructure as Code (IaC)

Andrew D Stewart

National Security and Government Senior Strategist, Cisco

Model-driven DevOps represents a game-changing digital transformation approach for NetOps to deliver enhanced network infrastructure orchestration, optimization, agility, flexibility and resiliency – the result: a DevOps-Driven Mission Intent-Based Infrastructure.

Just as agile DevOps efforts transformed application development and created more responsive and timely mission outcomes, DevOps for NetOps is a critical next step in meeting today’s and, more importantly, tomorrow’s missiondriven demands. Adopting this approach in our culture and our engineering approach to NetOps will enable military cyber professionals to finally begin operating the network like a mission platform.

DevOps for NetOps is not the goal; enabling DevOps for the network to enable Mission Transformation is The Goal.

Adopting this approach is likely as much a (if not greater) cultural challenge than it is a technical one. Military cyber professionals must understand the technology and break down the cultural and technical impediments that prevent the adoption of realizing all the potential of infrastructure-as-code (IaC). In fact, continued technology advances will accelerate the ability and need to deliver dynamic ‘mission-intent-based infrastructure’ to support all domain command and control mission outcomes while, simultaneously, the DoD seeks more transformation from DevOps-driven application development – NetOps must respond!

A DevOps Mindset

The network is fundamental to connect users, devices, applications, data and services no matter where they reside - from edge to cloud; however, much of network administration has not changed meaningfully in 30 years. As digital services are delivered more frequently through adoption of DevOps for software development that focuses on services or applications, gaps and weaknesses are quickly identified in the supporting hybrid cloud network infrastructure. Network operators face increasing pressure to move faster – often at the sacrifice of fundamental, scalable network architecture and security best practices – while at the same time, they are being held responsible for helping mitigate risks and respond to threats. This challenge demands a cultural shift – requiring a DevOps mindset inclusive with network infrastructure.

The demand for new features and faster delivery of services has driven the need to develop software and applications faster - thus, driving the rapid virtualization and ‘cloudification’ of IT infrastructure. Failure to transform to a DevOps approach for network infrastructure aligned with the Continuous Integration/Continuous Deployment (CI/CD) process is not an option. A model-driven DevOps approach enables network operators to maneuver the network at machine speed through a deliberate process.

Challenges

Although much focus around DevOps is being applied to applications, most NetOps teams are still operating the same way they have been for the last 30 years. The reasons for this fall into several categories that require exploration.

As with most challenges in the cyber domain, the challenges for implementing DevOps for Network Infrastructure span both cultural and technical issues. There are several broad cultural hurdles that act as impediments to the implementation of a DevOps approach to IaC which must be addressed simultaneously by any organization. Leaders must offer operators the opportunity to learn and implement these capabilities while helping the whole organization to understand that DevOps for NetOps increases security, reduces complexity and helps ensure better compliance through standardization and CI/CD processes that support testing and validation before deployment.

Realizing Change and Transforming the Mission

By committing to following a DevOps Roadmap and understanding the supporting DevOps for NetOps

fundamentals, NetOps teams must re-evaluate how they operate network infrastructure – today! The physical network cannot be the bottleneck for digital mission transformation - it must be an enabler. Applying a DevOps Roadmap for network infrastructure can be undertaken in five deliberate steps that are aligned with the CI/CD process:

• architecture - build architecture focusing on standardization, • simulation - simulate architecture as a virtual twin, • automation - automate deployment in the simulated environment, • testing - create/validate deployment tests in the simulation, • deployment - use automation to deploy into production.

Realizing change means changing the old mindset and creating a new culture of thinking. Previously, most have thought of the network itself as the Source of Truth (SoT). By embracing a DevOps approach, the SoT of a network is embodied in the central repository, or digital twin, of all information that is needed to configure the network to a desired state. With that view in mind and moving into the future, all network operations are transformed into a push of SoT data into a device in whole or in part. Although many NetOps teams fundamentally know or understand this, moving to a model-driven approach is a hard, but necessary, transition to make.

Once accepted, viewing all automation operations as simply a push of data from the SoT into the infrastructure simplifies the IaC approach. Further, by DevOps Roadmap

The Process

Consumable Infrastructure

Infrastructure As Code

CI / CD Process

Mission & Business Processes • Represent all network devices through a data model • Interact with the devices though an API

• Take the source of truth (the data model of the devices that has been moved to a source code manager such as GIT and represent the data structure in the source code manager) • Develop a NETWORK DIGITAL TWIN > Wrap in the automation of infrastructure as code

Instantiate a NETWORK DIGITAL TWIN • Test configurations and changes implemented via automation to ensure it is accomplished programmatically ensuring that it is done the same way every time • Establish a cycle of CI/CD to integrate new capabilities that are tested and evaluated prior to deployment

Implement mission-driven business processes to operationalize new capabilities – taking advantage of the automation validated via the CI/CD process

Encapsulation of Commanders Intent that enables network maneuver at machine speed – in response to threats, to reduce risk and/or enable war time modes.

leveraging CI/CD principles to properly test and validate changes to infrastructure before they are made in production, network operators can enjoy all the possibilities and benefits of a model-driven DevOps approach to move at scale and speed. Embracing this approach in the culture of NetOps teams is a must to move forward.

cisco.be

This article is from: