|
|
|
 |
|||||||||||||||||||||||||||||||||
The Royal Air Force (RAF) Logistics Information Technology System (LITS) is a rare example of a very large - and very successful - secure system development where the security policies and practices have been published. These four papers provide a introduction to this programme, and contain many useful tips, still valid today, for anyone about to embark on purchasing a large, networked system that has to be secure. If you work in UK Government, or have an interest in the aerospace industry, you should find these papers particularly interesting. All the papers are British Crown Copyright, and we would like to thank the Controller of HMSO for permission to make these papers web-accessible. The first paper, Information Security in a Complex Defence System Procurement: A Personal Management Experience was presented at the Canadian Computer Security Symposium in May 1993. This was very much a cook-book on how to extend the project management and system development methodologies in use in the UK Ministry of Defence at that time to handle information security. It was widely adopted by other defence systems in the UK in the years that followed. Security Policy in a Complex Logistics Procurement was presented later that year at the 1993 Computer Security Applications Conference in the US. It documented the theoretical work that was necessary to apply the generic guidance on information security available from CESG (the UK national security authority) to a large, networked, multi-stage programme. CESG must be thanked for their support in preparing this paper, including permission to publish openly the outline of their approved security documentation lifecycle. Once again, much of the innovation within this paper subsequently became part of the officially adopted UK Government approach. Managing Information in Large Defence Procurements: the Royal Air Force LITS Experience (another long title!) was presented at the 1995 Canadian Computer Security Symposium. This paper recorded the LITS security team’s experiences in assessing the security knowledge, experience and capabilities of bidders to specify and develop the LITS system, and also the benefits to that process from early start “quick results” development contracts. The final paper of the set, Implementing Security Policy in a Large Defence Procurement, was published at the 1996 Computer Security Applications Conference. This reported our first experiences of system implementation and in particular a growing realisation that both UK national security policy and the role of the RAF were changing radically as a consequence of the end of the Cold War and the dissolution of the Warsaw Pact. In consequence, the security threat to LITS was changing, and the design and implementation strategy had to adapt to and encompass the consequential change to both operational and security requirements. |
||||||||||||||||||||||||||||||||||
|
17 January, 2003 |
|
