Step by step: Secure email road map meets A&D’s rigorous standards

The Transglobal Secure Collaboration Program (TSCP) released its Secure Email Specification, which seeks to eliminate email’s inherent identity and data transmission security flaws, allowing users to safely send and receive sensitive information user-to-user and desktop-to-desktop.

01/14/2008


The Transglobal Secure Collaboration Program (TSCP) released its Secure Email Specification, which seeks to eliminate email’s inherent identity and data transmission security flaws, allowing users to safely send and receive sensitive information user-to-user and desktop-to-desktop.

The requirements were defined and endorsed by TSCP members, including the U.S. Department of Defense (DoD); U.K. Ministry of Defence (MoD); BAE Systems; Boeing; EADS; Lockheed Martin; Northrop Grumman; Raytheon; and Rolls-Royce.

The implementation is based on TSCP-defined specifications available publicly on www.tscp.org . The specification lists step-by-step instructions organizations must follow to assign vetted identity information to all email senders and recipients.

The currently deployed implementation was constructed with commercial-off-the-shelf (COTS) solutions; open-source software; and a commercial trusted third-party service called CertiPath. The resulting architecture guarantees that information only travels to and from trusted parties.

“The most basic collaboration tool is email, but it was never designed for security,” says Jim Cisneros, deputy CIO of Future Combat Systems for Boeing, and chair of the TSCP. “Trusting the authenticity and accuracy of email is imperative for government organizations, prime contractors, and our suppliers to jointly develop new technologies and respond to emerging threats.”

TSCP is in the process of preparing to assist current DoD programs in implementing Secure Email, for information currently classified as Controlled Unclassified Information, which includes For Official Use Only (FOUO) and Sensitive But Unclassified (SBU) information. The MoD also expects to deploy the capability enterprisewide in 2008 for classifications up to “U.K. Restricted.”

Prime contractors will adopt the specifications on an ongoing basis across equivalent levels of proprietary information, thereby increasing the urgency for suppliers to have compatible email frameworks.
“Sending‘Restricted’ email to allies and suppliers is far more complex than it sounds, requiring a proven architecture behind the scenes to ensure maximum safeguards,” says John Cook, info advisor for the U.K. MoD.  “Secure Email will become increasingly essential to do business with the MoD.” 

How it works
Secure E-mail requires organizations to have three components:






Unlike other secure email implementations, TSCP’s Secure E-mail ensures in real time that the sender’s and receiver’s identities are known at a common level of assurance and are both still valid, and the underlying identity management systems can be trusted. That assurance, once vetted, is used to grant access to sensitive information. This prevents, for example, former employees from logging in and receiving “restricted” data.

"The TSCP is transforming email from one of the most extensively used but least trusted collaboration capabilities to one that can be trusted with sensitive information," says Paul Grant, deputy information sharing executive, Information Sharing Office, DoD."

The Secure E-mail specification will be regularly updated to support export control processes, intellectual property protection, and feedback from members and non-members alike.





No comments
The Engineers' Choice Awards highlight some of the best new control, instrumentation and automation products as chosen by...
The System Integrator Giants program lists the top 100 system integrators among companies listed in CFE Media's Global System Integrator Database.
The Engineering Leaders Under 40 program identifies and gives recognition to young engineers who...
This eGuide illustrates solutions, applications and benefits of machine vision systems.
Learn how to increase device reliability in harsh environments and decrease unplanned system downtime.
This eGuide contains a series of articles and videos that considers theoretical and practical; immediate needs and a look into the future.
Robot advances in connectivity, collaboration, and programming; Advanced process control; Industrial wireless developments; Multiplatform system integration
Sensor-to-cloud interoperability; PID and digital control efficiency; Alarm management system design; Automotive industry advances
Make Big Data and Industrial Internet of Things work for you, 2017 Engineers' Choice Finalists, Avoid control design pitfalls, Managing IIoT processes
Motion control advances and solutions can help with machine control, automated control on assembly lines, integration of robotics and automation, and machine safety.
This article collection contains several articles on the Industrial Internet of Things (IIoT) and how it is transforming manufacturing.

Find and connect with the most suitable service provider for your unique application. Start searching the Global System Integrator Database Now!

Big Data and bigger solutions; Tablet technologies; SCADA developments
SCADA at the junction, Managing risk through maintenance, Moving at the speed of data
Flexible offshore fire protection; Big Data's impact on operations; Bridging the skills gap; Identifying security risks
click me