Army signals security & "Clansmen" series radios

[Owen Lewis]

----- Original Message -----
From: "Brian Gladman" <brg@gladman.plus.com>
To: <ukcrypto@maillist.ox.ac.uk>
Sent: 08 September 2000 11:04
Subject: Re: Army signals security & "Clansmen" series radios


> From: "Owen Lewis" <oml@eloka.demon.co.uk>
> To: "ukcrypto" <ukcrypto@maillist.ox.ac.uk>
> Sent: Thursday, September 07, 2000 11:56 PM
> Subject: Re: Army signals security & "Clansmen" series radios
>
> [snip]
> > > But returning to crypto, there is very little integration of encrypted
> > > communications in NATO since each NATO nation takes a national
approach
> to cryptographic information protection (guess why).
> >
> > Well, working out from there, and on the basis that allies - most
> > particularly in operations - must sometimes communicate securely, one is
> > left to conclude that either national systems are used under some
> particular
> > form of arrangement to secure those systems or that must be at least one
> > allied system or there is some mixture of both approaches
>
> By far the most common approach is to deploy liaison officers. For example
> US officers with their hands on US kit and US information are deployed to
> work in the command cells of the other Nations involved.

I'm so glad you said that. I did not think that I could possibly do so. But
no doubt you recognised my drift.

You do undersell the scale of the liaison though. It is not one harrassed
officer with an OTP strapped to his leg attempting to encrypt/decrypt all
the intenational traffic. Rather, there are many liasion officers or even
liaison cells dispersed across all HQs whose formations share a common
boundary. Each liaison offer of cell with have his own little communications
node with a capacity comensurate with the volume of traffic experienced.
This international liaison is not unique. National formations with common
boundaries also exchange liaison officers (who may or mayt not have their
own means of communication directly with their own formation. It is indeed a
well inderstood and useful procedure.
>
> > > The sharing of sensitive
> > > information between NATO nations is fraught with many difficulties
> >
> > True. But, surely, only in deciding what may be shared, with whom it may
> be
> > shared  and, possibly, when
> > it should be shared. The rest is largely mechanics that should follow on
> > from those decisions. As is common knowledge, in peactime (including
> > so-called police actions) the NATO national forces remain under several,
> > national command. In time of war, the national forces declared to NATO
> come
> > under the NATO command structure, which is almost the only part of the
> NATO
> > military structure to be maintained in time of peace. Now for that
> structure
> > to prepare adequately for war - and to safely control six figures of
armed
> > men during several weeks of training manoevres, some secure inter-allied
> > secure communications would seem essential, nicht war?  Can you imagine
> the
> > potential for chaos, accidental loss of life and even political mistake
if
> > close and secure liaison was impossible?
>
> Yes but the technical means for doing this, except at the top command
> layers, is via deployed national systems and the exchange of liason
> officers.

The points are:

    1. The lateral flow of infomation occurs securely and the system works

    2. You do not addess the matter that NATO (internationally staffed) HQ's
are largely independent of national infrastructures and manager to
communicate securely between themselves. Secure comms for national liaison
cells are only required for communicating to and from the National HQ's
>
> > I might agree  that NATO HQ's may not intercommunicate with the most
> > modern or efficient of secure communications but function, somehow, they
> > do.
>
> I don't agree here since gateways involving cryptographic translation
> between a number of different cryptographic domains are essentially new
> territory for which there are no precedents.  Such gateways require
> cryptograpic capabilities from the nations involved and also need a level
of
> integration into the respective national means of key management.

But those are new goalposts and it is not essential to use them to play the
game - as already well discussed

All the
> nations involved will want to develop and deploy very high assurance
> 'guards' in the various connections to such a gateway and the gateway
itself
> represents a truly horrendous point of vulnerability which makes its
design
> and construction an impossible challenge.  This is a mad way to go in
> technical terms but that is often what politics demands (as we have seen
> with RIP).

There is a deal to be said for KISS. The fact remains that, to date, the
cheapest and most secure firewall is an air break.
>
>
> Cryptography is still the last bastion of nationalism within the
> government/defence sphere

Would that were so. How do you suppose our armed forces ended up with a
rifle foisted on them that is world-class only in the derision heaped on it?

and this makes it difficult to predict what will
> happen.  I think that politics will dominate and this means that technical
> logic cannot be used to predict the outcome.

Absolutely.

I suspect that a European
> Defence Force will simply be a repeat of NATO experiences on a smaller
scale
> since I cannot see the major European nations trusting each other's
national
> cryptography.

It will be very interesting to see, as it will be equally interesting to see
information security policy and capability develop to serve the other EU
institutions.

Paradoxically, as the quality and assurance of commercial
> cryptographic solutions improves over the coming decade, we might well
find
> that these offer an effective solution for military traffic that requires
> limited or shorter term protection

There is, of course nothing new in that. Enigma was developed as a
commercial system. Hagelin/Crypto AG have a long if somewhat chequered
history of supplying crypto systems to the military.

Owen