In Depth

United Defense

By Katherine Walsh

December 20, 2007 — CSO —

Collaboration is a business fundamental—but it’s challenging in industries like aerospace and defense, where information sharing has big benefits but big implications if not done securely. Finding the balance is part of Jeff Nigriny’s goal as U.S. outreach advocacy director of the Transglobal Secure Collaboration Program (TSCP). Protecting the intellectual property of members like Boeing, BAE Systems and Raytheon while simultaneously encouraging collaboration within the industry isn’t easy. But Nigriny—who, in addition to his role at TSCP also serves as CSO of Exostar and president and COO of CertiPath—is up to the challenge.

CSO: Can you explain TSCP’s basic mission?

Nigriny: To establish an aerospace and defense industry approach to protecting sensitive information based on interoperable trust mechanisms.

The goal is to answer three questions anytime a piece of data is being considered for sharing. In terms of identity management: Who is this person that I’m giving the data to? There is also access control and privilege management: What am I going to let you see and do? And finally, information management and resource management marking: What have I got?

Given the complexity of the industry, what are the hurdles TSCP faces?

The first is scalability. We are attempting to create specifications to work on a global scale. We are, in a sense, trying to “boil the ocean” with the diverse needs of international government organizations and private companies. The second challenge is divergent or competing specifications. TSCP is going into its sixth year, and the one thing we have observed is how expensive and complicated true interoperability can be among disparate organizations. Other efforts trying to accomplish similar or overlapping things will erode our ability to achieve interoperability on a global scale. That said, TSCP’s Governance Board and Liberty Alliance’s Board of Directors just agreed to an exchange program. We will be cross-represented to ensure that both bodies’ works are represented at the other to minimize redundancies.

What is the most difficult thing about trying to foster information sharing among defense agencies and organizations?

Organizations this large have a difficult time with change management and business transformation. TSCP in many ways represents a major disruptive technology. Even after TSCP finishes a new specification, it can take a long time for it to be adopted into production despite a high commitment level from each member.

Systems integrators and software developers are eligible for membership. Why?

In the same way you wouldn’t expect to find a top-notch wing engineer at Microsoft, our members are not as good at creating security features in other companies’ security software. We are very interested in bringing in vendors aligned with our area of interest and engaging them in a dialogue about our requirements, why we believe it applies to their technology and how their technology can and should be changed to adopt them. Also, our strong desire to get our specifications to as many people and organizations as possible speaks to interoperability. Once a vendor has decided to put the TSCP requirements into its products, that vendor becomes a voice for us, and their customers have the infrastructure to be compliant with TSCP.

• Email
• Print
• Comments
• Digg This
• SlashDot