Cross-domain Solution - Unintended Consequences

Unintended Consequences

In previous decades, multilevel security (MLS) technologies were developed and implemented that enabled objective and deterministic security, but left little wiggle room for subjective and discretionary interpretation. These enforced mandatory access control (MAC) with near certainty. This rigidity prevented simpler solutions that would seem acceptable on the surface. Automated information systems have enabled extensive information sharing that is sometimes contrary to the need to avoid sharing secrets with adversaries. The need for information sharing has led to the need to depart from the rigidity of MAC in favor of balancing need to protect with need to share. When the ‘balance’ is decided at the discretion of users, the access control is called discretionary access control (DAC) that is more tolerant of actions that manage risk where MAC requires risk avoidance. Allowing users and systems to manage the risk of sharing information is in some way contrary to the original motivation for MAC.

The unintended consequences of sharing can be complex to analyze and should not necessarily be left to the discretion of users who may have a narrow focus on their own critical need. These documents provide standards guidance on risk management:

1. "Recommended Security Controls for Federal Information Systems & Organizations". Computer Security Division - Computer Security Resource Center. National Institute of Standards and Technology (NIST). 2009-08. http://csrc.nist.gov/publications/PubsSPs.html., SP 800-53 Rev3
2. "Security Categorization and Control Selection for National Security Systems". The Committee on National Security Systems (CNSS). http://www.cnss.gov/Assets/pdf/CNSS-1253.pdf., Instruction No. 1253