Information Sharing and Security in Dynamic Coalitions Charles E. Phillips, Jr. Computer Science & Engineering Dept. 191 Auditorium Road, Box U-155 The University of Connecticut Storrs, CT 06269-3155 Tel: 860.486.5582 Fax: 4817 [email protected] T.C. Ting and Steven A. Demurjian Computer Science & Engineering Dept. 191 Auditorium Road, Box U-155 The University of Connecticut Storrs, CT 06269-3155 Tel: 860.486.4818 Fax: 4817 {steve, ting}@ engr.uconn.edu ABSTRACT Today, information sharing is critical to almost every institution. There is no more critical need for information sharing than during an international crisis, when international coalitions dynamically form. In the event of a crisis, whether it is humanitarian relief, natural disaster, combat operations, or terrorist incidents, international coalitions have an immediate need for information. These coalitions are formed with international cooperation, where each participating country offers whatever resources it can muster to support the given crisis. These situations can occur suddenly, simultaneously, and without warning. Often times, participants are coalition partners in one crisis and adversaries in another, raising difficult security issues with respect to information sharing. Our specific interest is in the Dynamic Coalition Problem (DCP), with an emphasis on the information sharing and security risks when coalitions are formed in response to a crisis. This paper defines the DCP and explores its intricate, challenging, and complex information and resource sharing, and security issues, utilizing real-world situations, which are drawn from a military domain. Categories and Subject Descriptors C.2.4 [Computer-Communication Networks]: Distributed Systems - Client/server, distributed applications, distributed databases. J.7 [Computers In Other Systems]: Command and control, military, process control . K.6.5 [Management Of Computing And Information Systems]: Security and Protection – Authentication, insurance, invasive software (e.g., viruses, worms, Trojan horses), physical security, unauthorized access. General Terms Management, Design, Security. Keywords Access Control, Distributed Systems, Information Security, Dynamic Coalitions 1. INTRODUCTION Information security was recognized with the advent of the first multi-user computer system for sharing information resources, and as we begin the 21st century, this need has become more significant as countries join together to securely share information at the global level [33]. Information sharing in a secure fashion is a daunting challenge, since we must deal with information content that ranges from the simple to the complex (e.g., intelligence reports, financial information, travel records, citizenship records, military positions and logistical data, map data, etc.) in an interoperable environment that is constantly changing. Recently, numerous mandates have emerged to address information sharing. For example, a vital part of U.S. National Security Strategy states, “whenever possible we must seek to operate alongside alliance or coalition forces, integrating their capabilities and capitalizing on their strengths” [38]. This concept is refined further in our Department of Defense Directives [25] and NATO’s interoperability and security concerns [1]. The same information sharing and distributed security concerns have driven many of the U.S. Military’s automation plans and initiatives. However, “currently, there is no automated capability for passing command and control information and situational awareness information between nations except by liaison officer, fax, telephone, or loaning equipment” [1]. From the U.S. National Security Strategy to NATO's definition of interoperability, from non-government agencies to their military counterparts, sharing information in a secure manner is recognized as essential. Our interest for this paper is in secure information sharing that is required in response to a crisis, e.g., natural disaster (earthquake), humanitarian relief (refugee camps), international incidents (terrorism or spy plane), war (Gulf War), or combat operations other than war (Bosnia). Figure 1 depicts five near simultaneous crises in the European Theater. While these crises have different counties involved, there must be information sharing between them to manage resources effectively throughout the theater of operations. With every crisis solution, there is an accompanying information sharing risk. To handle a crisis, a coalition -- an alliance of governmental, military, civilian, and international organizations -- is formed with the primary concern being the most effective way to solve the crisis. The Dynamic Coalition Problem (DCP) can be defined as the inherent security, resource, and or information sharing risks that occur as a result of the coalition being formed quickly, yet still finding information and resource sharing a necessity for crisis resolution [36]. The events of September 11 have clearly illustrated the DCP and the difficult issues facing coalitions in Permission to make digital or hard copies of all or part of this work forpersonal or classroom use is granted without fee provided that copiesare not made or distributed for profit or commercial advantage and thatcopies bear this notice and the full citation on the first page. To copyotherwise, or republish, to post on servers or to redistribute to lists,requires prior specific permission and/or a fee. SACMAT’02, June 3-4, 2002, Monterey, California, USA. Copyright 2002 ACM 1-58113-496-7/02/0006…$5.00. 87information sharing. In the three months following that event, the death toll went from 6,000 to 3,040, and most of the reduction has been traced to “…duplicate reports and confusion in the hours and days immediately following the attack” [CNN.com], which for our purposes, corresponds to multiple databases and inconsistencies in reporting and updating information. The lack of management and sharing of information in this regard clearly illustrates one of the main problems facing a coalition in a crisis. In addition, this information must be securely shared in an easy, efficient, scalable, and reliable way, to facilitate the tasks of the dynamic coalition without compromise and loss of confidentiality. Our focus in this paper is to delineate the critical challenges of DCP with an emphasis on sharing and security, which will be