ETSI GS CDM 002 V1.1.1 (2021-03)

ETSI GS CDM 002 V1.1.1 (2021-03)






GROUP SPECIFICATION
Common information sharing environment service
and Data Model (CDM);
System Requirements definition
Disclaimer
The present document has been produced and approved by the european Common information sharing environment service
and Data Model ETSI Industry Specification Group (ISG) and represents the views of those members who participated in this
ISG.
It does not necessarily represent the views of the entire ETSI membership.

---------------------- Page: 1 ----------------------
2 ETSI GS CDM 002 V1.1.1 (2021-03)



Reference
DGS/CDM-002
Keywords
data sharing, maritime, safety, service

ETSI
650 Route des Lucioles
F-06921 Sophia Antipolis Cedex - FRANCE

Tel.: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16

Siret N° 348 623 562 00017 - NAF 742 C
Association à but non lucratif enregistrée à la
Sous-Préfecture de Grasse (06) N° 7803/88

Important notice
The present document can be downloaded from:
http://www.etsi.org/standards-search
The present document may be made available in electronic versions and/or in print. The content of any electronic and/or
print versions of the present document shall not be modified without the prior written authorization of ETSI. In case of any
existing or perceived difference in contents between such versions and/or in print, the prevailing version of an ETSI
deliverable is the one made publicly available in PDF format at www.etsi.org/deliver.
Users of the present document should be aware that the document may be subject to revision or change of status.
Information on the current status of this and other ETSI documents is available at
https://portal.etsi.org/TB/ETSIDeliverableStatus.aspx
If you find errors in the present document, please send your comment to one of the following services:
https://portal.etsi.org/People/CommiteeSupportStaff.aspx
Copyright Notification
No part may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying
and microfilm except as authorized by written permission of ETSI.
The content of the PDF version shall not be modified without the written authorization of ETSI.
The copyright and the foregoing restriction extend to reproduction in all media.

© ETSI 2021.
All rights reserved.

DECT™, PLUGTESTS™, UMTS™ and the ETSI logo are trademarks of ETSI registered for the benefit of its Members.

3GPP™ and LTE™ are trademarks of ETSI registered for the benefit of its Members and
of the 3GPP Organizational Partners.
oneM2M™ logo is a trademark of ETSI registered for the benefit of its Members and
of the oneM2M Partners.
®
GSM and the GSM logo are trademarks registered and owned by the GSM Association.
ETSI

---------------------- Page: 2 ----------------------
3 ETSI GS CDM 002 V1.1.1 (2021-03)
Contents
Intellectual Property Rights . 4
Foreword . 4
Modal verbs terminology . 4
Introduction . 4
1 Scope . 9
2 References . 9
2.1 Normative references . 9
2.2 Informative references . 10
3 Definition of terms, symbols and abbreviations . 10
3.1 Terms . 10
3.2 Symbols . 12
3.3 Abbreviations . 13
4 Overview . 13
5 Functional requirements . 13
5.1 Architecture . 13
5.2 Infrastructure (Core Services) . 14
5.2.1 General . 14
5.2.2 Network and Communication Security . 14
5.2.3 Message Routing (Network Service) . 14
5.2.4 Identification, Authentication and Authorization . 15
5.2.5 Service Discovery (Service Manager) . 16
5.2.6 Auditing (Logging, Monitoring and Accounting) . 17
5.2.7 Administration User Interface. 18
5.2.8 Collaboration Tools . 19
5.3 Interface (Common Services) . 19
5.3.1 General . 19
5.3.2 Information Exchange . 19
5.3.3 Message Structure . 20
5.3.4 Data Model . 20
6 Performance requirements . 21
Annex A (informative): Bibliography . 22
History . 23


ETSI

---------------------- Page: 3 ----------------------
4 ETSI GS CDM 002 V1.1.1 (2021-03)
Intellectual Property Rights
Essential patents
IPRs essential or potentially essential to normative deliverables may have been declared to ETSI. The information
pertaining to these essential IPRs, if any, is publicly available for ETSI members and non-members, and can be found
in ETSI SR 000 314: "Intellectual Property Rights (IPRs); Essential, or potentially Essential, IPRs notified to ETSI in
respect of ETSI standards", which is available from the ETSI Secretariat. Latest updates are available on the ETSI Web
server (https://ipr.etsi.org/).
Pursuant to the ETSI IPR Policy, no investigation, including IPR searches, has been carried out by ETSI. No guarantee
can be given as to the existence of other IPRs not referenced in ETSI SR 000 314 (or the updates on the ETSI Web
server) which are, or may be, or may become, essential to the present document.
Trademarks
The present document may include trademarks and/or tradenames which are asserted and/or registered by their owners.
ETSI claims no ownership of these except for any which are indicated as being the property of ETSI, and conveys no
right to use or reproduce any trademark and/or tradename. Mention of those trademarks in the present document does
not constitute an endorsement by ETSI of products, services or organizations associated with those trademarks.
Foreword
This Group Specification (GS) has been produced by ETSI Industry Specification Group (ISG) European Common
information sharing environment service and Data Model (CDM).
Modal verbs terminology
In the present document "shall", "shall not", "should", "should not", "may", "need not", "will", "will not", "can" and
"cannot" are to be interpreted as described in clause 3.2 of the ETSI Drafting Rules (Verbal forms for the expression of
provisions).
"must" and "must not" are NOT allowed in ETSI deliverables except when used in direct citation.
Introduction
On October 2009 the European Commission adopted a Communication "Towards the integration of maritime
surveillance in the EU: A common information sharing environment for the EU maritime domain (CISE)", promoting to
integrate maritime surveillance activities of all public maritime sectors across Europe (Figure 1).
ETSI

---------------------- Page: 4 ----------------------
5 ETSI GS CDM 002 V1.1.1 (2021-03)

Figure 1: Schematic diagram of the CISE vision
The aim of the integrated maritime surveillance is to generate a situational awareness of activities at sea, impacting on
the denominated seven maritime sectors: Maritime Safety and Security, Border Control, Maritime Pollution and Marine
Environment Protection, Fisheries Control, Customs, General Law Enforcement, Defence, as well as the economic
interests of the EU, so as to facilitate sound decision making.
The added value of integrating maritime surveillance is to enhance the present sectoral maritime awareness pictures of
the sectoral user communities, with additional relevant cross-sectoral and cross-border surveillance data on a
responsibility to share basis. Such enhanced pictures increase Member States authorities' efficiency and improve cost
effectiveness.
Thus, the decentralized information exchange system is directed to interlink all relevant User Communities, taking into
account existing sectoral information exchange networks and planned systems, and allowing for the improvement and
development of both the existing sectoral systems, and the overarching CISE network architecture (Figure 2).
ETSI

---------------------- Page: 5 ----------------------
6 ETSI GS CDM 002 V1.1.1 (2021-03)

Figure 2: Existing sectoral information systems
To achieve the goals of the CISE vision, a series of EU sponsored projects, building up one on another, further
investigated and developed the CISE vision, starting with the elaboration of the so-called CISE principles, which were
defined as follows [i.2]:
• "CISE must allow the interlinking of any public authority in the European Union (EU) or European Economic
Area (EEA) involved in maritime surveillance."
• "CISE must increase maritime awareness based on the "responsibility-to-share" principle."
• "CISE must support a decentralized approach at EU-level."
• "CISE must provide interoperability between civilian and military information systems."
• "CISE must be compatible and provide interoperability between information systems at the European,
national, sectoral and regional levels."
• "CISE must support the reuse of existing tools, technologies and systems."
• "CISE must provide for seamless and secure exchange of any type of information relevant to maritime
surveillance."
• "CISE must support the change of services by information provider (orchestration)."
• "CISE subscribers and stakeholders should be entitled to obtain information only if they also contribute in a
way commensurate with their capabilities."
The CISE roadmap process that started with the definition of the CISE principles is shown in Figure 3.
ETSI

---------------------- Page: 6 ----------------------
7 ETSI GS CDM 002 V1.1.1 (2021-03)

Figure 3: CISE Roadmap
During the roadmap process, a range of 82 use cases was defined representing the entire range of activities of the
7 maritime sectors and their related Coast Guard activity. Out of this range of 82 use cases, 9 use cases were identified
as most characteristic and comprehensive, covering the most relevant activities of all sectors. These use cases were to
form the operational basis for the further and more detailed investigation of CISE cross- sectoral and cross border
information exchange.
The pre-operational validation project "European test bed for the maritime Common Information Sharing
Environment in the 2020 perspective", in short "EU CISE2020", based on the 9 use cases selected, defined the
requirements and developed the common architecture of the CISE information exchange network. Consequently, a total
of 12 so-called "CISE Nodes" were built, integrated and successfully tested in 9 European countries, connecting a total
of 20 sectoral legacy systems of various nature (Figure 4).

Figure 4: Diagram of the EUCISE 2020 testbed set- up
ETSI

---------------------- Page: 7 ----------------------
8 ETSI GS CDM 002 V1.1.1 (2021-03)
Hybrid and complementary cross-sectoral and cross-border information exchange requires a common "data language"
within the common network architecture as well as a common set of IT- services to handle the data transfer. The
technical standardization proposal for CISE implementation was therefore directed towards a standardization process
within the framework of a professional European standardization environment in order to elaborate universal and
sustainable technical specifications for the implementation and development of CISE, as well as offering a technical
solution for other, similar information exchange regimes.

ETSI

---------------------- Page: 8 ----------------------
9 ETSI GS CDM 002 V1.1.1 (2021-03)
1 Scope
The present document defines the System Requirements for the European Common information sharing environment
service and Data Model (CDM). The requirements are based on the operational use cases described in ETSI
GR CDM 001 [i.1].
The present document addresses requirements in the following broad areas:
• Architecture.
• Infrastructure (Core Services):
- Network and Communication Security.
- Message Routing.
- Identification, Authentication and Authorization.
- Service Discovery.
- Auditing (Logging, Monitoring and Accounting).
- Administration User Interface.
- Collaboration Tools.
• Interface (Common Services):
- Information Exchange.
- Message Structure.
- Data Model.
• Performance.
2 References
2.1 Normative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
Referenced documents which are not found to be publicly available in the expected location might be found at
https://docbox.etsi.org/Reference/.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are necessary for the application of the present document.
Not applicable.
ETSI

---------------------- Page: 9 ----------------------
10 ETSI GS CDM 002 V1.1.1 (2021-03)
2.2 Informative references
References are either specific (identified by date of publication and/or edition number or version number) or
non-specific. For specific references, only the cited version applies. For non-specific references, the latest version of the
referenced document (including any amendments) applies.
NOTE: While any hyperlinks included in this clause were valid at the time of publication, ETSI cannot guarantee
their long term validity.
The following referenced documents are not necessary for the application of the present document but they assist the
user with regard to a particular subject area.
[i.1] ETSI GR CDM 001 (V1.1.1): "Common Information Sharing Environment Service and Data
Model (CDM); Use Cases definition".
[i.2] CISE Architecture Visions Document V3.0 06/11/2013.
NOTE: Available at https://webgate.ec.europa.eu/maritimeforum/en/node/4039.
[i.3] Council Decision of 23 September 2013 on the security rules for protecting EU classified
information (2013/488/EU). Official Journal of the European Union, L274, 3-52.
NOTE: Available at https://eur-lex.europa.eu/legal-
content/EN/TXT/PDF/?uri=CELEX:32013D0488&from=EN).
3 Definition of terms, symbols and abbreviations
3.1 Terms
For the purposes of the present document, the terms given in ETSI GR CDM 001 [i.1] and the following apply:
activity: One of the following activities performed by a sector:
• for the maritime safety, security and prevention of pollution sector:
- vessel traffic management;
- vessel traffic safety;
- monitoring of security of ships;
- search and rescue;
- support of response and enforcement operations (anti-piracy, SAR, salvage);
• for the fisheries control sector:
- early warning of illegal fisheries or fish landings;
- monitoring of compliance with regulations on fisheries;
- support of response and enforcement operations;
• for the marine pollution preparedness and response sector:
- monitoring of compliance with regulations;
- early warning of environmental accidents and incidents;
- support of pollution response operations;
ETSI

---------------------- Page: 10 ----------------------
11 ETSI GS CDM 002 V1.1.1 (2021-03)
• for the customs sector:
- monitoring of compliance with customs regulation on import, export and movement of goods;
- support of enforcement operations;
• for the border control sector:
- monitoring of compliance with regulations on immigration and border control crossings;
- support of enforcement operations;
• for the general law enforcement sector:
- monitoring of compliance with applicable legislation in sea areas where police competence is required;
- support to enforcement and response operations;
• for the defence sector:
- monitoring in support of defence tasks such as national sovereignty at sea;
- combatting terrorism and other hostile activities outside the EU;
- other CSDP tasks as defined in Articles 42 and 43 of TEU.
consumer: participant requesting Service over CISE network, only consuming but not providing information
CoopP: project financed by the European Commission in 2013 defining the CISE use cases and the first version of the
CISE data and service model
cross-border: (exchange of information) between EU or EFTA countries
cross-sector: (exchange of information) between two or more Sectors
EUCISE 2020: FP7 pre-operation validation project on CISE
NOTE 1: The project defined and developed the existing CISE Network and software (2014-2019).
NOTE 2: More information on the project can be found at http://www.eucise2020.eu/.
EU RESTRICTED: classified information covered by the definition of EU security classification levels [i.3]
NOTE 1: EU classified information is any information or material designated by the EU security classification, the
unauthorized disclosure of which could cause varying degrees of prejudice to the interests of the
European Union or of one or more of the Member States.
NOTE 2: The following EU security classification levels are defined:
 EU TOP SECRET: information and material the unauthorized disclosure of which could cause
exceptionally grave prejudice to the essential interests of the European Union or of one or more of
the Member States.
 EU SECRET: information and material the unauthorized disclosure of which could seriously harm
the essential interests of the European Union or of one or more of the Member States.
 EU CONFIDENTIAL: information and material the unauthorized disclosure of which could harm
the essential interests of the European Union or of one or more of the Member States.
 EU RESTRICTED: information and material the unauthorized disclosure of which could be
disadvantageous to the interests of the European Union or of one or more of the Member States.
legacy system: software designed to perform specific tasks and that exposes certain functionalities through interfaces in
the domain of the maritime surveillance
NOTE: In the present document, Legacy Systems are maintained by Public Authorities. Legacy Systems are the
originator and final destinations of messages exchange in CISE.
ETSI

---------------------- Page: 11 ----------------------
12 ETSI GS CDM 002 V1.1.1 (2021-03)
message: one of the structured sentences exchanged between Participants to discover, request and provide Services
node: set of software components providing CISE infrastructure and access point to CISE network
node administrator: role assumed by a User to manage CISE network Participants and CISE Node software, hardware
and network connections
node configuration manager: role assumed by a User to manage the declaration of Services in the CISE network
participant: legacy system connected to the CISE network for exchanging data supporting one or more of the Sectors
in performing their Activities
provider: participant providing Service over CISE network
public authority: any organization or legal entity that has an interest in maritime surveillance information
NOTE 1: An authority can be local, regional, national or European.
NOTE 2: This organization may have responsibilities linked to one of the seven sectors of maritime surveillance.
sea basin: sea area
NOTE: The following sea areas are identified:
 Atlantic.
 Baltic Sea.
 North Sea.
 Mediterranean.
 Black Sea.
 Outermost Regions.
 Arctic Ocean.
sector: user community involved in maritime surveillance
NOTE: The existing sectors are the following:
 maritime safety, security and prevention of pollution by ships;
 fisheries control;
 marine pollution preparedness and response, marine environment;
 customs;
 border control;
 general law enforcement;
 defence.
service: formalized way to exchange information between Participants in CISE network following Service Oriented
Architecture (SOA) principles
UNCLASSIFIED: information not covered by the definition of EU security classification levels [i.3]
user: person appointed by the Public Authorities, interacting directly with CISE or with a Legacy System connected to
CISE
3.2 Symbols
Void.
ETSI

---------------------- Page: 12 ----------------------
13 ETSI GS CDM 002 V1.1.1 (2021-03)
3.3 Abbreviations
For the purposes of the present document, the following abbreviations apply:
AUI Administration User Interface
CISE Common Information Sharing Environment
CSDP Common Security and Defence Policy
CT Collaboration Tools
DM Data Model
EEA European Economic Area
EFTA European Free Trade Association
EU European Union
FP7 Seventh Framework Programme of the European Union
GR Group Report
IAA Identification, Authentication and Authorization
IE Information Exchange
IT Information Technology
JRC Joint Research Center
LMA Logging, Monitoring and Accounting
MR Message Routing
MS Message Structure
NC Network Communication
SAR Search And Rescue
SD Service Discovery
SOA Service Oriented Architecture
TCP/IP Transmission Control Protocol/Internet Protocol
TEU Treaty on European Union
4 Overview
Most of the system requirements in the present document are originally inherited from the EUCISE 2020 project.
However, not all the operational and technical requirements identified during the procurement phase of the EUCISE
2020 project have been included. The requirements have also been edited and modified so that they do not appear in
their original form in the present document.
Requirements have been divided into functional and performance requirements. Functional requirements have been
further divided into architecture, infrastructure and interface requirements.
5 Functional requirements
5.1 Architecture
CISE aims to provide direct information exchange capability between European Public Authorities across borders and
sectors by enabling direct machine-to-machine and human-to-human connections via a common network. In some cases
there is need to exchange also classified information up to EU RESTRICTED level.
CISE infrastructure involves high amount of hardware components, communication lines and software modules
installed, maintained and controlled by multiple actors. Thus, the probability of an occasional failure occurring in some
part of the network is quite high. However, CISE is intended to support 24/7 activities.
The following requirements aim to secure that CISE supports information exchange between relevant legacy systems, is
resilient to occasional modifications and failures in some part of the network and is able to support also the exchange of
classified information:
[Fun-Arc-01] CISE architecture shall support Services versioning that allows two or more versions of the same
Service to coexist.
ETSI

---------------------- Page: 13 ----------------------
14 ETSI GS CDM 002 V1.1.1 (2021-03)
[Fun-Arc-02] CISE architecture shall be designed to be resilient to the unavailability of network or Services
provided by a Participant. It shall recover automatically when these Services or the network are
available again.
[Fun-Arc-03] CISE architecture should provide mechanisms for handling classified information up to EU
RESTRICTED level.
[Fun-Arc-04] CISE architecture shall be designed in such a way that the failure of any component does not
prevent any other non-dependent components from functioning.
[Fun-Arc-05] CISE architecture shall provide TCP/IP connection to exchange information among Legacy
Systems.
5.2 Infrastructure (Core Services)
5.2.1 General
CISE infrastructure provides the environment for information exchange. It handles the identification, authentication and
authorization of participants, facilitates service discovery and exchange and stores information on network activities and
performance. Clause 5.2 documents requirements related to the CISE infrastructure and its functions.
5.2.2 Network and Communication Security
Information exchanged via CISE network is intended to support Public Authorities carrying out their Activities. These
include baseline operations, targeted operations and response operations as described in ETSI GR CDM 001 [i.1]. Some
of the information exchanged can be classified, sensitive or contain personal data. It is important that Participants are
able to trust that all the information is exchanged timely, unchanged and protected from eavesdropping.
The following requirements intend to secure the integrity and security of data exchanged via CISE network:
[Fun-NC-01] CISE shall prevent unauthorized access to the CISE network.
[Fun-NC-02] CISE shall guarantee integrity and origin of any data stored or transported in CISE network.
[Fun-NC-03] At transport layer, CISE shall ensure information exchange over a secure channel.
[Fun-NC-04] All Messages exchanged through CISE shall be asynchronous to decouple the CISE infrastructure
from Legacy Systems.
[Fun-NC-05] CISE shall implement a mechanism for prioritizing the Messages.
[Fun-NC-06] Any Messages transported shall not block the delivery of any other Messages.
[Fun-NC-07] CISE shall implement a retry mechanism including a number of retransmissions and delay
between consecutive retransmissions to ensure the proper delivery of Messages in case of an error.
The mechanism shall be configurable.
5.2.3 Message Routing (Network Service)
ETSI GR CDM 001 [i.1] describes information exchange needs between CISE Participants in different operational
scenarios. Depending on the nature of the event and actors involved, information exchange could be initiated either by
the Provider or the Consumer. Starting point for the information exchange could be, for example, one of the following:
• Participant needs information and knows who can provide it.
• Participant needs information but does not know who can provide it.
• Participant has information and knows who needs it.
• Participant has information but does not know who needs it.
• Participant needs information on regular basis and knows who can provide it.
ETSI

---------------------- Page: 14 ----------------------
15 ETSI GS CDM 002 V1.1.1 (2021-03)
The following requirements describe the identified message patterns needed and the general messaging rules:
[Fun-MR-01] CISE shall support the PULL pattern. In this pattern, a Participant (Consumer) requests
information from a known
...