ESA Security ConOps
|ESA Program Overview||ESA Foundation||ESA Artifacts||ESA Initiatives||ESA Tools and Templates||ESA Reference Materials||Glossary|
|ESA Requirements||ESA Concept of Operations||ESA Description Document||ESA Pattern Diagram Repository|
|Annex A: Data Loss Prevention||Annex B: Cloud Security||Annex C: Secure Enterprise Application Delivery||Annex D: Secure Enterprise Systems Administration||Annex E: Vulnerability Management System|
Overview of GC ESA Concept of Operations (ConOps) and Current Environment
The GC ESA ConOps summarizes the current environment, challenges, and trends of the GC Enterprise IT/IS infrastructure from a security perspective, the desired target environment, the strategy to achieve the target state via the ESA initiative, and the governance and management framework to enable the transformation and continuous assessment and improvement of GC information security programs. The main body of the ConOps, at the organizational level, addresses the GC leadership’s intended way of operating the organization, and serves as the basis for the organization to direct the overall characteristics of the future business. The audience for this document consists of GC managers, IT professionals, implementers, and sustainment personnel responsible for IT/IS planning, implementation, operation, and risk assessment activities. The annexes to the ConOps are Operational Concept (OpsCon) documents that describe system characteristics of a specific to-be-delivered capability from the user’s viewpoint. An OpsCon describes what the capability will do (not how it will do it) and why (rationale).
The GC enterprise IT/IS infrastructure is acquired, deployed, operated, maintained, and used by 130+ GC agencies and departments spread across the country and around the world, consisting of independent policies and assets resulting in a variety of solutions and security postures. The current operational state of the GC IT/IS enterprise is one based on separate systems serving individual departments, agencies, and work groups starting the transition to consolidated elements based on commoditized IT services to lower costs. The goal is to simultaneously increase security aspects of the GC IT/IS infrastructure and operations.
The GC IT/IS community must provide, maintain, and operate IT assets and services required to conduct the business operations of the GC, including providing GC services to millions of public users. The GC IT/IS enterprise is large in scope and geography, yielding a challenging operational, maintenance, and security environment.
For more information, please read the GC ESA ConOps Main Body document.
Challenges in the GC Enterprise
Several challenges within the current operation of the GC enterprise require attention as the GC IT/IS infrastructure and support systems and personnel evolve. These challenges span several areas and are discussed in subsequent sections:
- Distributed and inconsistent operational practices
- Inability to quickly identify and adapt to an ever-changing threat environment
- Lack of timeliness in detecting and responding to incidents
- Inadequate configuration and asset management capabilities that limit the ability to identify and fix vulnerabilities
- Inconsistent department-specific personnel security practices and lack of a GC-wide authoritative identification scheme
- Limited ability to effectively and securely locate and share information
- Lack of consistent GC-wide practices to manage community risk in an increasingly interconnected and shared environment
For more information about the challenges in the GC enterprise, please read the GC ESA ConOps Main Body document.
GC Enterprise Trends
This section discusses the driving forces and trends in the GC enterprise and how they are shaping the operational and security environment of the GC.
GC IT Transformation Agenda
During Canada's Government Technology Event (GTEC 2013) keynote address, GC CIO Corinne Charette presented the three main themes driving the GC IT transformation agenda:
- A renewal of TBS policy suite in order to enable and sustain whole-of-government approaches to IT modernization
- Improved delivery of external services through modern, integrated eServices
- The continuing consolidation of back office applications, and the ongoing modernization of mission critical systems enabling program delivery
Changes to the security approach in the GC information environment are responsive to the needs of the business processes of the GC. In order to support GC business needs while adopting new technology and responding to new threats, the ESA must provide agility, flexibility, scalability, and easy adoption of new features while supporting ease of use for end users, administrators, and security personnel.
The general trends shaping the future of the GC IT/IS infrastructure and incompatible software solutions. The department-specific patchwork of aging infrastructure and incompatible software solutions. The aging component, functional duplication, and associated maintenance costs are the impetus for the push to consolidate the infrastructure onto modern solutions based on state-of-the-art technology and open standards. Collapsing data centres, networks, enterprise applications and adopting a common toolset for end users aims to significantly lower the associated costs while increasing the interoperability of deployed solutions and security posture of the resultant GC IT/IS infrastructure.
In August 2011, Shared Services Canada (SSC) was created to fundamentally transform how the GC manages its IT infrastructure and to maintain and improve IT service delivery, generate savings and implement government-wide solutions that are modern, reliable, and secure. Under the authority of the Shared Services Canada Act, SSC's mandate is to standardize and consolidate the government's administrative services as directed by the Governor in Council. Based on Order-in-Council direction received, SSC must provide services related to email, data centres, and networks. SSC's focus is standardizing and consolidating IT infrastructure through initiatives that will deliver one email solution, a government-wide footprint of fewer than 20 data centres, and a single government-wide network.
The dramatic reduction in the cost of infrastructure to support a given number of users and services is due to the emergence of virtualization and cloud technologies and cloud technologies, allowing orders of magnitude reduction in data centre footprint and resource requirements to serve the same user base. These technologies are fundamental to collapsing data centres and lowering operational costs. The move to cloud solutions allows the rapid scaling of enterprise application solutions to serve end users, leading to such as SSC's Email Transformation Initiative.
Adopting standards-based solutions enables the use of outsourced infrastructure and services to satisfy GC business needs, allowing the GC to pay for the resources and software usage as needed without deploying and maintaining IT in GC owned and operated data centres. Pay-as-you-go services push the technology obsolescence and refresh cycle from the department CIO's risk list to cloud vendors and at the same time, increase vendor responsibility for implementing security risk mitigation strategies.
GC has signaled its intentions to modernize and streamline its back office information technology. The Government of Canada's Economic Action Plan 2012 states that the GC is "... committed to streamlining, consolidating and standardizing administrative functions and operations within an across organizations." As such, the GC is identifying opportunities for savings and efficiencies in the way the back office is managed. TBS is analyzing the diversity of applications deployed throughout the GC to provide additional consolidation target over time.
Standardizing administrative business processes through optimized IT applications will enable improved service delivery and streamlined government administration. Implementing a common approach across government to processes, service delivery, and standard IT system solutions will also reduce duplicative maintenance and repetitive upgrades. The initial focus will be developing one enterprise IT platform for four core areas: HR, Finance, Web, and Records Management. Moving to common IT systems for the back office is a prerequisite for transforming internal services.
As outlined in the Privy Council's Blueprint 2020, to support the development of "a revitalized and world-class public service equipped to serve Canada and Canadians," a set of guiding principles has been defined and include:
- An open and networked environment that engages citizens and partners for the public good
- A whole-of-government approach that enhances service delivery and value for money
- A modern workplace that makes smart use of new technologies to improve networking access to data and customer service
- A capable, confident, and high-performing workforce that embraces new ways of working and mobilizing the diversity of talent to serve the country's evolving needs
While the GC is seeking ways to empower its workforce and make it more productive, this needs to be done in a secure, reliable, and cost-effective manner. Technology can evolve at a rapid pace and the GC must be agile in its approach to address new and promising technologies as they near market maturity. The GC must determine how these types of devices can/should be used to help empower the GC workforce and develop comprehensive strategies to ensure the security functionality and secure management of these devices.
To that end, TBS is adapting policy instruments to set clear direction for the adoption of mobile devices. An objective of ESA is to establish the building blocks needed to support the delivery of the Blueprint 2020 vision - providing authorized users with access to GC data and in mobilizing the work force in a way that maintains the security posture of the GC enterprise.
Information assurance and cyber security are achieved when there is confidence that information and information systems are protected against attacks and that services are delivered continuously in a trusted fashion to authorized individuals through the application of security services to provide availability, integrity, authentication, confidentiality, and non-repudiation. The application of these services should be based on the "protect, detect, and react paradigm". This means that in addition to incorporating protection mechanisms, organizations must expect attacks and must also incorporate attack detection tools and procedures that allow them to react to and recover from these attacks.
The various initiative groups which are made up of initiatives that will help the GC reach its target environment include:
- Computer and Network Protection
- Asset and User Protection
- Integrated Network Operations Centre
- Integrated Security Operations Centre
- Risk and Compliance Management
- Assured Information Sharing
- Threat Intelligence and Analysis
For more information about these initiative groups and their respective initiatives, please read the GC ESA ConOps Main Body document.
Common Operational Concepts
This section defines the operational concepts that are common to all ConOps Annexes (e.g. system operational concept (OpsCon) documents). It is important to establish a common vocabulary for discussing the operational environment, and to define a common set of human users who perform specific functions within that environment.
GC end users of the IT/IS infrastructure are part of the community formed by 350,000+ federal government employees and 100,000+ federal government business enterprise employees. Public end users of GC services include the 35 million citizens of Canada and the billion of potential international visitors to the country of Canada, either in person or via the Internet. The GC enterprise include 485 data centres, 50 wide are networks (WANs), over 4000 local area networks (LANs) and 100+ different email systems supporting the operations of the GC in over 3000 government buildings. The system addressed by this ConOps is the GC enterprise IT/IS infrastructure. The system encompasses unclassified and classified networks. The image to the right shows the GC enterprise IT/IS infrastructure as a black box and identifies the relevant actors from an operational point of view. The set of actors will remain constant even though GC roles may change over time or vary by department. A single GC role may assume multiple responsibilities, or a responsibility may be shared by multiple roles (e.g. the members of a committee).
An important aspect of the roles in the context and table views is that an individual in the organization may have more than one role. For example, a department may have a single person responsible for both the Information Security Architect and Information System Security Professional roles. Some roles are department-based. However, the Risk Executive and associated security assessment and authorization roles reside in an independent organization. For a description of the set of actors, please read the GC ESA ConOps Main Body document.
GC Enterprise States
The notion of states for the whole of the GC enterprise is best analyzed with a layered approach as shown in the image to the left. The GC enterprise as a whole is always in a 'Normal' operations state, constantly changing, but providing required services to employees and citizens continuously. In order to understand 'Normal' mode, the next layer explores the behaviour of the subsystems that make up the GC enterprise. Subsystems of the GC enterprise experience state transitions due to the deployment of new systems, retirement, or upgrade of older systems, maintenance activities, component failures, or cyber attacks on the enterprise. The same set of subsystem states apply to an IT/IS solution temporarily deployed for an excursion of Canadian dignitaries to an overseas meetings or a special event in Canada, such as the Olympics or a G-8 meeting.
The next layer includes additional sub-states. From a security perspective, the Operational, Failed, and Maintenance states include activities associated with disaster response and incident response, depending on the nature of the security issue and the chosen course of action. The Pre-Deployment state includes the specification and design of the system to include updates to policy instruments, requirements, acquisition, and security assessment and authorization. Decommissioning includes securing data contained on the system and properly wiping or destroying components to prevent leakage of sensitive information from the GC enterprise. These operational states are describes further in the GC ESA ConOps Main Body document.
GC Operational Environment
This section looks at the way actors within the GC ecosystem interact with the GC enterprise IT/IS infrastructure from an operational perspective. The operations are presented at a high level, focusing on the security aspects of the operation. The operations are framed in the typical day in the life of a particular actors to pull out security operations experienced throughout the typical day.
These operational scenarios support the generation of more detailed operational analysis models (use cases) as the ESA is further defined in system operation concept (OpsCon) annexes.
ESA ConOps Annexes (OpsCons)
Annex A: Data Loss Prevention
This annex to the GC ESA ConOps Main Body explores the operational aspects from the users' and operators' perspective for a GC-wide data loss prevention (DLP) capability to detect and prevent the unauthorized exfiltration of protected GC information, including information creation, security event generation, policy detection and enforcement, loss remediation, etc.
The audience for this document consists of GC Department and agency managers, engineers, and GC users affected by implementation of the ESA.
Click here to download the GC ESA ConOps Annex A: Data Loss Prevention document.
Annex B: Cloud Security
This annex to the GC ESA ConOps Main Body explores the operational aspects from the users' and operators' perspective for a cloud security capability to protect GC information and services supported by private, hybrid, and public cloud deployment models.
A number of candidate operational scenarios are identified to help clarify the scope of the GC secure cloud technological and operational paradigm; modeling stakeholder interactions, potential security risks, and associated organizational impacts. The scenarios highlight broad topics such as cloud policy establishment, cloud services acquisition, integration with security systems, incident detection and response, cloud monitoring and maintenance, changing cloud providers, etc.
The audience for this document consists of GC department and agency managers, engineers, and GC users affected by implementation of the ESA.
Click here to download the GC ESA ConOps Annex B: Cloud Security document.
Annex C: Secure Enterprise Application Delivery
This annex to the GC ESA ConOps Main Body describes the system concept for a Secure Enterprise Application Delivery capability within the GC enterprise IT/IS infrastructure. This document complies with ISO/IEC/IEEE 29148 and describes the current enterprise application delivery capabilities of the GC IT/IS infrastructure, justifies why changes are necessary, and describes the concepts associated with the new architecture detailed in the GC ESA Description Document (ESADD) Main Body document.
The target audience for this document is GC department and agency managers, architects, developers, implementers, and sustainment personnel responsible for IT/IS planning, implementation, operation, and risk assessment activities and it provides operational context to the GC ESA Description Document (ESADD) Main Body document.
Click here to download the GC ESA ConOps Annex C: Secure Enterprise Application Delivery document.
Annex D: Secure Enterprise Systems Administration
This annex to the GC ESA ConOps Main Body describes the system concept for a Secure Enterprise System Administration capability within the GC enterprise IT/IS infrastructure. This document expands on the motivation for better protection of management of services, defines a set of operational needs, and identifies candidate solutions in the form of notion architecture views. This document does not define a phased approach to achieving a GC-wide secure administration capability, as this is the purpose of the companion Implementation Strategy (IS) document.
The audience for this document is GC department and agency managers, architects, developers, implementers, and sustainment personnel responsible for IT/IS planning, implementation, operation, risk assessment activities, and provides operational context to the GC ESA Description Document (ESADD) Main Body document.
Click here to download the GC ESA ConOps Annex D: Secure Enterprise Systems Administration document.
Annex E: Vulnerability Management System
This annex to the GC ESA ConOps Main Body explores the operational aspects from the users' and operators' perspective for a vulnerability management system capability that pervades all aspects of the GC IT/IS infrastructure and continuously monitors GC IT/IS assets to reduce the attack surface wherever possible. The Vulnerability Management system supports the cyber resiliency goals of anticipating and withstanding attacks on the GC IT/IS infrastructure.
The audience for this document consists of GC Department and agency managers, architects, developers, implementers, and sustainment personnel responsible for IT/IS planning, implementation, operation, and risk assessment activities.
Click here to download the GC ESA ConOps Annex E: Enterprise Vulnerability Management System document.