Major security incidents require cross-border cooperation with the national security authorities and other public safety agencies. The purpose of the REDIRNET (Emergency Responder Data Interoperability Network) consortium was to provide a true Europe-wide interoperability that is non-reliant on specific technology or proprietorial system. In a technical sense, the REDIRNET provides a communication solution for the exchange and sharing of information via voice, data, images, video, CCTV and remote sensors. In order to develop such capacity, it is necessary to ensure adequate security of the system and data protection.
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Information Security Aspects of the Public Safety Data Interoperability Network
1. Information Security Aspects of the Public Safety
Data Interoperability Network
Blaž Ivanc
blaz.ivanc@determinanta.si
European Intelligence and Security Informatics Conference (EISIC) 2016
Session: Risk and crisis management, 18 August 2016, Uppsala, Sweden
2. INTRODUCTION
› Major security incidents require cross-border cooperation
› The purpose of the REDIRNET consortium is to provide a true
Europe-wide interoperability that is non-reliant on specific
technology or proprietorial system
» REDIRNET will provide a communication solution for the exchange and sharing
of information via voice, data, images, video, CCTV and remote sensors
› REDIRNET achievements will be valued in the smart cities
projects
» The concept of a smart city controls key infrastructure and security aspects in
order to ensure high security to the inhabitants
» In order to develop such capacity, it is necessary to ensure adequate security of
the system and data protection
3.
4. PUBLIC SAFETY DATA INTEROPERABILITY AND
INFORMATION SECURITY ASPECTS
› The definition of interoperability in communication systems
between different services for public protection and disaster
relief
» „capability of two organizations or discrete parts of the same organization to
exchange decision-critical information and to use the information that has been
exchanged“
› Challenges:
» interoperability, broadband connectivity, lack of coverage, destroyed
infrastructure and technological gaps with commercial technologies
› Communication in the public safety agencies is slowly shifting
from predominantly audio messages to media enriched
broadband communication.
» At the time of emergency response: sensitive voice information, videos, images,
maps, data from different records …
5. › The range of approaches to address the security aspects
» Security risks have been identified for each key component of the
REDIRNET system already during the design.
» The implemented security mechanisms and good practices correspond
to the proposed risk mitigation strategies.
» During security guidance, monitoring and system evaluation, we used a
number of operational and technically specific approaches not explained
in detail.
• typical methods and techniques in the field of penetration testing
• attack modeling (during the design and development)
» We also produced several security documents intended for both
developers and end-users.
SECURITY ASPECTS IN THE DEVELOPMENT AND
INTEGRATION OF THE REDIRNET SYSTEM
6. SECURITY ASPECTS IN THE DEVELOPMENT AND
INTEGRATION OF THE REDIRNET SYSTEM
› Security requirements of the REDIRNET system
» It is necessary for agencies to have the ability to decide what resources
should be shared or disclosed to their partners at any given moment.
» Communication with and within the system must be secured and
encrypted.
» Even if the information is not classified (such as EU Sensitive) it cannot
be transmitted over unprotected channels in plain text form.
» Storage of all the data gathered by agencies should be encrypted and
protected.
7. › System components based on high-level architecture design
SECURITY ASPECTS IN THE DEVELOPMENT AND
INTEGRATION OF THE REDIRNET SYSTEM
8. › Security overview of system components and security
assessments
» Overview of security mechanism
for individual system component
• REDIRNET Platform ()
• Main Switch
• Core Data Storage
• Ontology Services
• Collaboration Web
• Open-source Gateway
• Plug-in(s)
SECURITY ASPECTS IN THE DEVELOPMENT AND
INTEGRATION OF THE REDIRNET SYSTEM
9. SECURITY ASPECTS IN THE DEVELOPMENT AND
INTEGRATION OF THE REDIRNET SYSTEM
› Checklist for assessing the security measures in place to
protect the REDIRNET Platform implementation
» REDIRNET Platform is a vital part of the REDIRNET, providing various
infrastructure services to the system and hosts the core REDIRNET
components.
• Auditing
• Privacy protection
• Implementation and operation
• Strong keys and cryptographic
mechanisms
• Infrastructure and operations ()
10.
11. SECURITY ASPECTS IN THE DEVELOPMENT AND
INTEGRATION OF THE REDIRNET SYSTEM
› High-level security assessment of the REDIRNET system
» ENISA technical guidelines - 25 security objectives in seven security
domains:
• Governance and risk management
• Human resources security
• Security of systems and facilities
• Operations management
• Incident management
• Business continuity management
• Monitoring, auditing and testing
12. CONCLUSION
› The main approaches in addressing the security aspects of
the REDIRNET system were presented
› Major emergency responses require coordination between
various public safety agencies in several countries
» In this respect, concern for system security and data is crucial
» Certain adjustments that will result from the subsequent coordination of a
large number of integrations with the existing systems of public safety
agencies are expected
» Challenge: specific security „wishes“ of some end-users