The challenge
The Ministry of Defence (MOD) is developing a simulation training environment for the Royal Air Force known as Defence Operation Training Capability (Air) – DOTC(A). The environment has four challenging characteristics:
- It is to be a distributed, services-based architecture
- The system is expected to need rapid, potentially daily, reconfiguration to support ad hoc user requirements
- The users will operate at different classifications and/or national ownership (“cross domain”)
- The users will change frequently.
The MOD needed a way of achieving certification and maintaining it through-life. Previous approaches to certification in these situations had indicated lengthy activities to support each possible services orchestration (the process of integrating two or more applications and/or services together to automate a process or synchronise data in real-time).
The solution
Through Niteworks, Ascentor was engaged to find a pragmatic and sustainable approach to certification. Ascentor worked on project Stages 2 to 4.
In Stage 2, we focused on delivering a policy-compliant candidate certification process capable of meeting the customer objectives.
We developed a solution compliant with JSP 440 (security policy) and JSP 604 (Defence Manual of ICT) and technically aligned with HMG IS1&2 (information risk management standards).
The solution requires a baseline certification that details risk tolerances and information assurance (IA) conditions for connecting simulators. Each services orchestration is assessed against generic patterns established in the baseline certification, IA conditions are applied and resulting risk deltas measured.
The output is a risk statement and assurance plan for each orchestration – we expect that 90%+ of all orchestrations can operate within existing risk tolerances with no additional IA conditions attached.
The project identified dependencies on cross-domain gateway functions (that did not exist) and the need to achieve very high levels of automation to meet the assurance targets and required change frequency.
In Stage 3, we developed proof-of-concept cross-domain gateways and information filters with a target of Technology Readiness Level (TRL) 4. We based the solution on modified commercial-off-the-shelf (COTS) simulation components working with COTS XML guard components for cross-domain information transfer. The solution implements the National Cyber Security Centre (NCSC) architectural patterns for import/export between security domains.
During this stage, we identified the requirements to develop the concepts further. This included a (simulation) standards-aligned workflow for two purposes:
- To define the release control policy for a services orchestration
- To automate the deployment of the policies and associated configuration to security functions including proxies, guards, filters and security information and event management (SIEM).
During Stage 4, we delivered outstanding concepts from Stage 3 to TRL4. This included product integration and specifying the Federation Policy Definition Language (FPDL) that is used as part of a workflow to define the release control policy for a services orchestration. FPDL is derived from the grading information for the simulator, part of the workflow mechanism.
FPDL also captures the IA conditions associated with cross-domain connections – it derives an assurable specification for configuration and deployment in conjunction with the release control policy.
We completed the three project stages on time and budget.
The result
We were complimented for a significant reduction in risk to the overall DOTC(A) programme.
The work led to direct through-life cost savings for the DOTC(A) programme – when in service, it will deliver a smaller footprint and a reduction in support resources.
We presented FPDL to a wide audience at an industry conference where it received considerable support as the basis for standardisation in this area. Several influential industry and user organisations have indicated that they are prepared to support further development of FPDL as an industry standard.
The programme manager commented:
“Thanks to all who have supported and worked on the project. It has added significant value to the MOD by not only providing efficiencies in capability operation, it has provided the key that will unlock the door to 4th and 5th generation fighter mission readiness.
The team has consistently exceeded expectations not only with regards to progress made and the quality of the deliverables but with the indirect value added. They were a pleasure to work with and delivered the desired project outcomes even with the inherent riskiness of the project. This is directly attributed to the quality of the team and their willingness to consistently go the extra mile.”