<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:TimesNewRomanPS;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:TimesNewRomanPSMT;
panose-1:2 11 6 4 2 2 2 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph
{mso-style-priority:34;
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle25
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:21514188;
mso-list-template-ids:1672147736;}
@list l1
{mso-list-id:350448173;
mso-list-template-ids:718181576;}
@list l2
{mso-list-id:569851839;
mso-list-template-ids:1747380208;}
@list l3
{mso-list-id:709644112;
mso-list-template-ids:-274545558;}
@list l3:level1
{mso-level-start-at:7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4
{mso-list-id:838276348;
mso-list-template-ids:-1791718252;}
@list l4:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l4:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l5
{mso-list-id:1129058114;
mso-list-type:hybrid;
mso-list-template-ids:-1862101856 -96319762 67698691 67698693 67698689 67698691 67698693 67698689 67698691 67698693;}
@list l5:level1
{mso-level-start-at:0;
mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;
mso-fareast-font-family:Calibri;
mso-bidi-font-family:"Times New Roman";}
@list l5:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l5:level3
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l5:level4
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l5:level5
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l5:level6
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l5:level7
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Symbol;}
@list l5:level8
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:"Courier New";}
@list l5:level9
{mso-level-number-format:bullet;
mso-level-text:;
mso-level-tab-stop:none;
mso-level-number-position:left;
text-indent:-.25in;
font-family:Wingdings;}
@list l6
{mso-list-id:1562206206;
mso-list-template-ids:-1000857840;}
@list l6:level1
{mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l6:level2
{mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l6:level3
{mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l6:level4
{mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l6:level5
{mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l6:level6
{mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l6:level7
{mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l6:level8
{mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l6:level9
{mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;}
@list l7
{mso-list-id:1913008536;
mso-list-template-ids:-1168859772;}
@list l7:level1
{mso-level-start-at:4;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="#0563C1" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:16.0pt">Dear Mehran and the SM&C WG,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:16.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:16.0pt">Yesterday, on 29 Jun 21, you held an SM&C WG meeting where one of the topics on the agenda was the CESG Poll results on SM&C MO Ref Model, CCSDS 520.1-P-1.1, as identified in CESG poll CESG-P-2021-04-002.
Since I had voted to disapprove this document, for a set of clearly stated reasons, I did you the courtesy of coming to the meeting so that I could answer any questions and clarify any concerns you might have. From my point of view the outcome of that meeting
was quite unsatisfactory, and I wish you all to understand why. I would not normally take the time to do this, but in this situation a clear and unambiguous response seems warranted.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:16.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:16.0pt">I’m going to start by providing a little background about where I am coming from since there appears to be a lack of understanding of the role that I, and all other CESG members, play in CCSDS processes.
I am the CCSDS Systems Engineering Area Director (SEA AD). As such I am responsible for the SEA and the Security WG which is within that Area. As one of the six CCSDS Area Directors (AD) I am also a member of the CCSDS Engineering Steering Group (CESG),
which has responsibility for reviewing and approving every single document that the CCSDS produces. <o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:16.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:16.0pt">It seems that I must remind you that the CCSDS Organization and Processes document, CCSDS A02.1-Y-4, guides and controls all of our work. I have taken the liberty of extracting, and underlining, the key sections
that you appear to have forgotten or are unaware of:<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<b><span style="font-size:16.0pt;font-family:"TimesNewRomanPS",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">2.3.2.2 CESG Operating Principles
<o:p></o:p></span></b></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:16.0pt;font-family:"TimesNewRomanPSMT",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">d) </span><i><span style="font-size:16.0pt;font-family:"TimesNewRomanPS",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">Consistency</span></i><span style="font-size:16.0pt;font-family:"TimesNewRomanPSMT",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">.
An important job of the CESG is to watch over the output of all of the WGs to help prevent CCSDS specifications that are at odds with each other. This is why ADs and DADs are required to review the drafts coming out of Areas other than their own as part of
the consensus process leading up to their adoption into the program of work. <u>
The quality of the CCSDS Recommended Standards comes both from the review that they get in the WGs and the review that the WG products get from the CESG.
</u></span><u><span style="font-size:18.0pt;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%"><o:p></o:p></span></u></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:16.0pt;font-family:"TimesNewRomanPSMT",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">e) </span><i><span style="font-size:16.0pt;font-family:"TimesNewRomanPS",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">Anticipation</span></i><span style="font-size:16.0pt;font-family:"TimesNewRomanPSMT",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">.
<u>The CESG must be able to look ahead and anticipate new standards that stakeholders will most likely require</u>, and begin prospective planning for their development so that there is sufficient time to complete them once a hard requirement emerges. This
implies working with technology and experimental communities to vector research resources into the standardization process.
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:16.0pt">And<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<b><span style="font-size:16.0pt;font-family:"TimesNewRomanPS",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">2.3.2.3 CESG Responsibilities
</span></b><span style="font-size:18.0pt;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:16.0pt;font-family:"TimesNewRomanPSMT",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">The CESG is specifically responsible for the following:
</span><span style="font-size:18.0pt;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:16.0pt;font-family:"TimesNewRomanPSMT",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">a) <u>maintaining and upholding the overall technical quality and consistency of the evolving set
of CCSDS Recommended Standards and Practices</u>; </span><span style="font-size:18.0pt;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:16.0pt;font-family:"TimesNewRomanPSMT",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">b) providing the CCSDS-wide forum where the work programs of the Areas may be coordinated and synchronized
in the <u>context of an overall architecture for space- mission cross support</u> and the needs of individual customers;
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:16.0pt;font-family:"TimesNewRomanPSMT",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">i) <u>periodically reviewing the technical work of each Area to ensure that it is progressing toward
common goals</u>, that the process of consensus is being observed and that the needs of CCSDS stakeholders (2.2) are being satisfied in a timely manner (the ADs shall be responsible for reporting on all work items within their Area);
</span><span style="font-size:18.0pt;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto;margin-left:.5in">
<span style="font-size:16.0pt;font-family:"TimesNewRomanPSMT",serif;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%">j) <u>identifying “red flag” items where technical work in a proposed CCSDS document is not of the
required quality or nature</u>, where technical work is not progressing satisfactorily, where resources are inadequate, or where significant issues exist, and raising these to the attention of the CMC for corrective action;
</span><span style="font-size:18.0pt;color:#2F5597;mso-style-textfill-fill-color:#2F5597;mso-style-textfill-fill-alpha:100.0%"><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:16.0pt">I am providing this as a reference because you seemed to be of the impression that having a discussion between the SM&C WG and the Sec WG three years ago was sufficient “to disposition” the security and other
issues that I identified in my PID. It is not. And, as we shall see, the earlier interactions with the SecWG did not, in any event, “disposition” the issues that were raised three years ago (Fall 2018). Based on my review it is clear that these issues remain
and they are viewed by me, and the SecWG, as being even more serious now than they were then.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:16.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:16.0pt">An abbreviated form of the key issues that I raised in the CESG PID were these:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:16.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;font-family:"Times New Roman",serif;color:black">There are two major issues that must be contended with, and neither of them are adequately addressed: 1) The SM&C MAL is undergoing
a major revision, one of which is to remove the COM, but that is not addressed; 2) a solid security approach, for single systems, but most especially for multi-mission systems, is essential, but the mechanisms in this document remain vague, weak, and poorly
articulated.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;font-family:"Times New Roman",serif;color:black">Since one of the stated desires is to use this framework for major, multi-mission, and multi-agency, deployments we also looked at it
from that point of view. The following comment, quoted from one [SecWG] reviewer, should provide further insights:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;font-family:"Times New Roman",serif;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in"><span style="font-size:16.0pt;font-family:"Times New Roman",serif;color:black">"I have read all the MO books and followed the SM&C WG for ten years now (although its meetings always conflict with my own WGs). When
I have a hard time figuring out how security fits into MO services, a non-CCSDS reader can expect even more difficulty.<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in"><span style="font-size:16.0pt;font-family:"Times New Roman",serif;color:black"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:1.0in"><span style="font-size:16.0pt;font-family:"Times New Roman",serif;color:black">JSC gave up active participation in SM&C WG due to a perceived lack of ROI for our missions. Compared to the mature operational capabilities
already implemented for ISS in custom software, MO services were viewed as redundant. The single most important features deemed lacking, which would have recommended MO above a custom implementation, were precisely those security capabilities necessary to
support multiple complex missions across multiple agencies/contractors each with their own access restriction requirements. But work on MO security services has been deferred indefinitely by the SM&C WG (and reading the MO 2.0 list of topics, appears to be
absent yet again).”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:16.0pt;font-family:"Times New Roman",serif"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;font-family:"Times New Roman",serif;color:black">Another point to be made, in the context of CCSDS "reference model" Magenta Books is that MB are intended to be normative content. This
permits them to not be "directly implementable", but it also requires that they "provide normative, controlling, guidance rather than purely descriptive material." While the word "normative" is used a lot, and there is liberal use made of UML diagrams, which
give the appearance of concrete recommendations, on closer examination all of the figures are abstractions and there are really no concrete examples to reference and tie these abstractions to reality. At almost every turn these very real concrete concerns
are just dismissed as "implementation" or "deployment" details. This makes the document vague and does not provide concrete examples to substantiate that the stated claims can be achieved. This is especially true of the security sections, but it is also
true throughout, particularly where multi-mission deployments are considered.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:16.0pt">I am going to just focus on the security issues for now, but the others also remain unresolved. During the telecon you asserted that the SM&C WG
had met with the SecWG three years ago and that all of the security concerns that they had raised at that time had been resolved. I told you that even though I do have a strong background in distributed systems architectures and secure systems I had consulted
with members of the SecWG just prior to submitting my PID. They confirmed my concerns and completely supported my analysis.
<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:16.0pt">Because of your statements just after the SM&C meeting on Tuesday, 29 June, I again contacted the SecWG to determine what their knowledge was of the
situation. These are the replies I got:<o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt"><o:p> </o:p></span></p>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-left:.5in"><b><span style="font-size:18.0pt;color:black">From:
</span></b><span style="font-size:18.0pt;color:black">"Biggerstaff, Craig (JSC-CD42)[SGT, INC]" <craig.biggerstaff@nasa.gov><br>
<b>Date: </b>Tuesday, June 29, 2021 at 10:17 AM<br>
<b>To: </b>Howie Weiss <Howard.Weiss@parsons.com>, Peter Shames <peter.m.shames@jpl.nasa.gov>, "Sheehe, Charles J. (GRC-LCN0)" <charles.j.sheehe@nasa.gov><br>
<b>Cc: </b>"Radulescu, Costin (US 9300)" <cradule@jpl.nasa.gov><br>
<b>Subject: </b>RE: [EXTERNAL] RE: Issues with SM&C MO Ref Model treatment of security topics<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;color:#1F497D">Security analysis produced by ESA, posted in the SM&C WG meeting materials from
<b>Fall 2018</b>:</span><span style="font-size:16.0pt"><o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo2">
<![if !supportLists]><span style="font-size:16.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:16.0pt;color:#1F497D"><a href="https://urldefense.us/v3/__https:/cwe.ccsds.org/moims/docs/MOIMS-SMandC/Meeting*20Materials/2018/Fall/MOS_Security_CCSDS_161018.pptx?d=w6be12e1a154d41a7b3fe4a126d59adde__;JQ!!PvBDto6Hs4WbVuu7!ZASh8ARy3w73YAeFEYVr5ReOkHVZ9zONUObvTqad9T6Cd0q3CPf5BB6B9ADG18oVUXI$">https://cwe.ccsds.org/moims/docs/MOIMS-SMandC/Meeting%20Materials/2018/Fall/MOS_Security_CCSDS_161018.pptx?d=w6be12e1a154d41a7b3fe4a126d59adde</a></span><span style="font-size:16.0pt"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;color:#1F497D"> </span><span style="font-size:16.0pt"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;color:#1F497D">More security analysis produced by ESA, posted in the SM&C WG meeting materials from
<b>Fall 2019</b>:</span><span style="font-size:16.0pt"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;color:#1F497D"> </span><span style="font-size:16.0pt"><o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo2">
<![if !supportLists]><span style="font-size:16.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:16.0pt;color:#1F497D"><a href="https://urldefense.us/v3/__https:/cwe.ccsds.org/moims/docs/MOIMS-SMandC/Meeting*20Materials/2019/Fall*202019/Security_Authentication*20and*20Access*20Control*20for*20MO*20Services_final.pdf__;JSUlJSUlJSU!!PvBDto6Hs4WbVuu7!ZASh8ARy3w73YAeFEYVr5ReOkHVZ9zONUObvTqad9T6Cd0q3CPf5BB6B9ADGFD2KSgo$">https://cwe.ccsds.org/moims/docs/MOIMS-SMandC/Meeting%20Materials/2019/Fall%202019/Security_Authentication%20and%20Access%20Control%20for%20MO%20Services_final.pdf</a></span><span style="font-size:16.0pt"><o:p></o:p></span></p>
<p class="MsoListParagraph" style="margin-left:1.0in;text-indent:-.25in;mso-list:l5 level1 lfo2">
<![if !supportLists]><span style="font-size:16.0pt;font-family:Symbol"><span style="mso-list:Ignore">·<span style="font:7.0pt "Times New Roman"">
</span></span></span><![endif]><span style="font-size:16.0pt;color:#1F497D"><a href="https://urldefense.us/v3/__https:/cwe.ccsds.org/moims/docs/MOIMS-SMandC/Meeting*20Materials/2019/Fall*202019/Security_Proposed*20modification*20of*20standards_final.pdf__;JSUlJSU!!PvBDto6Hs4WbVuu7!ZASh8ARy3w73YAeFEYVr5ReOkHVZ9zONUObvTqad9T6Cd0q3CPf5BB6B9ADG0IOL8Yo$">https://cwe.ccsds.org/moims/docs/MOIMS-SMandC/Meeting%20Materials/2019/Fall%202019/Security_Proposed%20modification%20of%20standards_final.pdf</a></span><span style="font-size:16.0pt"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;color:#1F497D"> </span><span style="font-size:16.0pt"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;color:#1F497D">You will find many of the same issues in these documents that Howie and I identified in reply to your email. I could not find any SM&C WG meeting minutes that mentioned
that a security discussion occurred, much less listed any actions.</span><span style="font-size:16.0pt"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;color:#1F497D"> </span><span style="font-size:16.0pt"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;color:#1F497D">Craig</span><span style="font-size:16.0pt"><o:p></o:p></span></p>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt;color:#1F497D"> </span><span style="font-size:16.0pt"><o:p></o:p></span></p>
<div>
<div style="border:none;border-top:solid #E1E1E1 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal" style="margin-left:.5in"><b><span style="font-size:16.0pt">From:</span></b><span style="font-size:16.0pt"> Weiss, Howard <Howard.Weiss@parsons.com>
<br>
<b>Sent:</b> Tuesday, June 29, 2021 10:53 AM<br>
<b>To:</b> Shames, Peter M (JPL-312B)[JPL Employee] <peter.m.shames@jpl.nasa.gov>; Sheehe, Charles J. (GRC-LCN0) <charles.j.sheehe@nasa.gov>; Biggerstaff, Craig (JSC-CD42)[SGT, INC] <craig.biggerstaff@nasa.gov><br>
<b>Cc:</b> Radulescu, Costin (JPL-9300)[JPL Employee] <cradule@jpl.nasa.gov><br>
<b>Subject:</b> Re: [EXTERNAL] RE: Issues with SM&C MO Ref Model treatment of security topics<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:16.0pt"> <o:p></o:p></span></p>
<p style="margin-left:.5in"><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">Peter</span><span style="font-size:18.0pt"><o:p></o:p></span></p>
<p style="margin-left:.5in"><span style="font-size:18.0pt;font-family:"Calibri",sans-serif">…<o:p></o:p></span></p>
<p style="margin-left:.5in"><span style="font-size:11.0pt;font-family:"Calibri",sans-serif"><o:p> </o:p></span></p>
<p style="margin-left:.5in"><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">From my recollections, we last met with them at the NASA/Ames meeting a couple of years ago. Daniel Fischer typically acted as the liaison between Security
and SM&C, mostly because he worked for Mario and Mario had been the head of SM&C. From a technical perspective, we mostly worked with Sam. I believe we gave them a very detailed list of issues at the Ames meeting but I'd have to dig around to see if I have
it. Daniel, as the primary interface, might have more than I have. I remember that the list of issues was lengthy and detailed. </span><span style="font-size:18.0pt"><o:p></o:p></span></p>
<p style="margin-left:.5in"><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black"> </span><span style="font-size:18.0pt"><o:p></o:p></span></p>
<p style="margin-left:.5in"><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black">howie</span><span style="font-size:18.0pt"><o:p></o:p></span></p>
<p style="margin-left:.5in"><span style="font-size:18.0pt;font-family:"Calibri",sans-serif;color:black"> </span><span style="font-size:18.0pt"><o:p></o:p></span></p>
<div id="Signature">
<div name="divtagdefaultwrapper">
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:12.0pt;font-family:"Tahoma",sans-serif;color:black"> </span><span style="font-size:16.0pt"><o:p></o:p></span></p>
</div>
<div class="MsoNormal" align="center" style="margin-left:.5in;text-align:center">
<span style="font-size:12.0pt;color:black">
<hr size="0" width="100%" align="center">
</span></div>
<p class="MsoNormal" style="margin-left:.5in"><b><span style="font-size:12.0pt;font-family:"Verdana",sans-serif;color:black">HOWARD WEISS,
</span></b><b><span style="font-size:10.0pt;font-family:"Verdana",sans-serif;color:black">CISSP</span></b><span style="font-size:12.0pt;color:black">
<br>
</span><span style="font-size:12.0pt;font-family:"Verdana",sans-serif;color:black">7110 Samuel Morse Drive<br>
Columbia, MD 21046<br>
443-430-8089 (office) / 443-494-9087 (cell) <br>
<a href="mailto:howard.weiss@parsons.com">howard.weiss@parsons.com</a><br>
<a href="https://urldefense.us/v3/__https:/gcc02.safelinks.protection.outlook.com/?url=http*3A*2F*2Fwww.parsons.com*2F&data=04*7C01*7Ccraig.biggerstaff*40nasa.gov*7C90ede06a3a6140fe2b2708d93b192a7a*7C7005d45845be48ae8140d43da96dd17b*7C0*7C0*7C637605801541132868*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C1000&sdata=0lRDT1*2BjXW5dxdT2nUeYZRc7XFumhb28F0NwPGrS*2B3U*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJQ!!PvBDto6Hs4WbVuu7!ZASh8ARy3w73YAeFEYVr5ReOkHVZ9zONUObvTqad9T6Cd0q3CPf5BB6B9ADGTZx92g8$">www.parsons.com</a></span><span style="font-size:16.0pt"><o:p></o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:10.0pt;font-family:"Tahoma",sans-serif;color:#339966">Please consider the environment before printing this message</span><span style="font-size:16.0pt"><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="margin-left:.5in"><span style="font-size:12.0pt;font-family:"Tahoma",sans-serif;color:black"> </span><span style="font-size:16.0pt"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<div>
<div class="MsoNormal" align="center" style="margin-left:.5in;text-align:center">
<span style="font-size:18.0pt;color:black">
<hr size="0" width="100%" align="center">
</span></div>
<div>
<div>
<div>
<p class="MsoNormal"><span style="font-size:16.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:16.0pt">I downloaded the presentation and the paper that Daniel Fischer and his colleagues from ESA had provided back in Fall 2018 and again in Fall 2019.
In their analyses they identified, and carefully documented, the very same issues that I had raised. And they described the basis of their concerns in even greater depth, pointing out that the documented SM&C security mechanisms are susceptible to even fairly
primitive “man in the middle” attacks, let alone more sophisticated approaches. At that time, three years ago, they also proposed specific fixes and extensions that could have been adopted to fix these problems. It appears that these issues were swept aside
then, much as you chose to do yesterday. It also seems clear, given what was in the document and SM&C plans presented in the last CESG and CMC meetings, that in the intervening three years nothing has been done, and according to you, there are no plans to
fix this now.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:16.0pt">I must conclude that the statements you made yesterday about “We met with the SecWG 3 years ago and they agreed that we did everything we needed to.”
were inaccurate and rather misleading. In point of fact these same issues remain, the limitations of not having adequate security for multi-mission systems remans, and the potential consequences of not having adequate security have increased. I must also
point out that the way that these issues were handled, previously, and in yesterday’s meeting, are in violation of CCSDS principles for consensus operation. There is no part of the documented CCSDS process that says “ignore issues and brush them aside”.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:16.0pt">I do not believe that we can allow these issues to be ignored any longer, and that the CESG, as the appointed guardians of CCSDS architecture, processes,
document content, and quality, must insist that these issues are remedied before this document can be published.<o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:16.0pt">Regards, Peter Shames<o:p></o:p></span></p>
</div>
</div>
</div>
</div>
<p class="MsoNormal"><span style="font-size:14.0pt"><o:p> </o:p></span></p>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:14.0pt;font-family:Helvetica">________________________________________________________<br>
<br>
Peter Shames<br>
CCSDS Systems Engineering Area Director<br>
<br>
Jet Propulsion Laboratory, MS 301-490<br>
California Institute of Technology<br>
Pasadena, CA 91109 USA <br>
<br>
Telephone: +1 818 354-5740, Fax: +1 818 393-6871<br>
<br>
Internet: <a href="Peter.M.Shames@jpl.nasa.gov"><span style="color:blue">Peter.M.Shames@jpl.nasa.gov</span></a><br>
________________________________________________________<br>
<br>
We must recognize the strong and undeniable influence that our language exerts on our ways of thinking and, in fact, delimits the abstract space in which we can formulate - give form to - our thoughts.<br>
<br>
Niklaus Wirth</span><span style="font-size:14.0pt"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:16.0pt"><o:p> </o:p></span></p>
</div>
</body>
</html>