Global Security Collaboration Grows
THE TRANSGLOBAL Secure Collaboration Program Strategy (TSCP)—an international government-industry partnership founded nearly seven years ago to ensure data security in defense and aerospace contracting—is continuing to expand its reach and effectiveness. It currently has 23 members, including the defense departments and other agencies of the United Kingdom, France, the Netherlands, and the United States. Among the most recently added are the U.S. Secret Service; France’s new Network and Information Security Agency; Boldon James, a provider of secure information exchange solutions; and CA, Inc., an IT management software company.
The TSCP began as a collaborative effort among the Ministry of Defense in the United Kingdom, the U.K. Council for Electronic Business, the U.S. Department of Defense, and a handful of European and American aerospace and defense contractors, including BAE Systems, Lockheed Martin, Boeing, and Rolls Royce.
“It was all about risk management on the basis that sharing information is risky, but not sharing information is impossible,” says Malcolm Carrie, head of strategy and architecture in BAE’s corporate IT office. Carrie also serves on the TSCP’s Sustainment Committee.
Each company had created a different way of sharing information, Carrie says, “They were all fine; they all worked,” he adds, “but they were all different and that was, we thought, rather expensive.”
TSCP’s first project was to develop principles and guidelines for a secure collaborative environment that any aerospace or defense contractor could use, which the collective published in their Phase 1 Design Manual in 2004. Since then, the group has tackled identity management by developing a set of standards for identity management systems. It has also created secure e-mail specifications that allow organizations to send secure e-mails to one another.
In 2007, the group opened membership to technology companies and systems integrators and last year TSCP began an initiative to attract niche software vendors. Because of the advanced persistent threat, TSCP’s governance board saw the need to pursue the expertise of smaller, niche companies, says J.P. Calderon, a TSCP membership director hired last year to lead the new membership initiative. “We need a melting pot of specialist engineers and scientific minds to be able to articulate some of the different areas that have particular risk of threat,” says Calderon.
The vendors benefit because they have the ability to influence a specification as it is being developed, which, as Carrie notes, “is good if you ultimately want to use or sell a product or service that applies the specification.” Vendors also have advance access to the specifications, all of which are ultimately published in the public domain.
Calderon says vendors are also interested because there is a growing awareness that specific companies are being targeted for specific datasets as occurred when Google’s data was hacked in China. “It’s economic, yes,” he says. “They want to build better products, better requirements, better specifications so that people buy their products, but at the same time, it’s more of trying to stay ahead of that advanced persistent threat, because nobody has a perfect system to be able to deviate a lot of that.”
In addition, Carrie calls the partnership with France’s new IT security agency significant because it’s pure security, as opposed to a defense department that wants to buy equipment. “It’s specifically about protecting government information as opposed to executing defense programs,” he explains.
Calderon notes that cyberattacks are no longer the exclusive domain of individual hackers or “teenagers in the closet.” Instead, they are often the result of a sophisticated, collaborative effort and require a similar response from organizations. “This collaborative effort is happening on the other side,” he says, “and if we don’t [collaborate] today as businesses, it’s going to become a prevalent problem.”