Why a Common Data Classification Standard is an imperative for NATO (Image Credit: Crown Copyright )This week sees the start of the Coalition Warrior Interoperability Exercise (CWIX) 2020. It demonstrates the resilience of NATO and partner nations as they continue to innovate to improve interoperability, even despite COVID-19 restrictions. The event is designed for experimentation, examination and exploration of new standards, ideas and technologies.

CWIX 2020 takes place from 8th to 26th June. 19 nations are participating in the exercise and two additional nations observing. The exercise, which is focused on testing and improving interoperability, will trial about 160 capabilities. It includes two that are particularly relevant in the context of COVID-19.

Strong heritage in military messaging

For 20 years, Boldon James has been leading the way with Military Messaging Handling Systems (MMHS) using Microsoft Exchange as the core messaging service. It has involved supporting the full evolution of NATO STANAG’s (Standard NATO Agreement) from the early draft revisions through to the latest versions agreed by the member nations.

For those less familiar, over the last few years, military messaging has changed quite a lot. It has progressed from the X.400 military messaging systems onto SMTP-based solutions. These integrate with other services, environments and applications, meaning data is no longer constrained to the messaging environment alone.

Today, data-centric security is the modern approach. It means the data itself is protected rather than the applications layer. This ensures that as data moves increasingly between applications and different environments, it is protected. NATO recognised the need for this and has developed new standards focused on protecting the data and applications.

New standards for data-centric security

As part of this initiative, they have looked at a new NATO labelling approach and developed the new STANAG 4774. It defines the syntax for a Confidentiality Label, used for labelling numerous data objects.  The Confidentiality Label includes the traditional classification and caveats seen in email labelling. Critically, it now includes additional metadata, such as the creator of the label, the creation time, the expiry time and much more.

The use of this Confidentiality Label allows the data to have a clearly defined owner and facilitates the sharing of data. It also provides a level of data assurance that comes from knowing the source and integrity of the data can be quickly determined. In other words, data can be classified and protected using a common format. By using a common format, we can more easily share and protect our information, as well as provide ongoing post-release control of the information we have shared.

That said, sharing information requires a level of trust between the sharing parties. This trust is further established if the classification is bound to the shared information. The Metadata Binding Standard (STANAG 4778) is the companion document to the Confidentiality Labelling Standard. It provides a consistent method for binding the Confidentiality Label to the information throughout its lifecycle, and between the sharing parties.

Standards that are applicable to the commercial world

Sharing information is more than just sending an email. Today we have web services, databases, document repositories, etc. all regularly sharing information throughout the world. NATO has made a good start with a set of standards that are equally at home in the commercial world as they are in the defence and intelligence worlds.

At Boldon James, we have invested significant time in supporting these emerging standards. We’ve also attended previous NATO CWIX events, performing interoperability testing with vendors from other nations and providing prototype products to demonstrate how these new standards operate in an information-centric world.

This process has been invaluable on both sides. NATO can test and prove the standards they are writing, and the vendors can test their interpretation of the standard.

Data classification and military messaging solutions that support emerging NATO standards

NATO labelling and data protection approaches are evolving to address new threats and opportunities. Boldon James continues to innovate to meet these demands. By closely aligning our military messaging and data classification solutions to support the emerging NATO standards and ensure Microsoft applications and platforms are also aligned, we have ensured that our solutions are applicable for the NATO organisation and NATO nations’ environments, not just today but well into the future.

We are now ready to adopt these new standards in our secure messaging product offerings going forward. We are also looking to embark on a number of new partnerships that will further support developments in this area. As such, we are really looking forward to a fascinating CWIX this year where we will continue to explore these and other standards further. If you are interested in finding out more about NATO or these new standards, do get in touch.

Boldon JamesBoldon James is an industry specialist in data classification and secure messaging, delivering globally-recognised innovation, service excellence and technology solutions that work. Part of the QinetiQ group, a major UK plc and FTSE 250 company, we integrate with powerful data security and governance ecosystems to enable customers to effectively manage data, streamline operations and proactively respond to regulatory change. We’re a safe pair of hands, with a 30 year heritage of delivering for the world’s leading commercial organisations, systems integrators, defence forces and governments.


Please enter your comment!
Please enter your name here