ĢƵ

Coalition Connectivity for Modern Warfare

control center

Building for an Interconnected Future

Data-centric security speeds up data sharing because it secures data more rapidly than network-centric safeguards and ensures a more seamless user experience. In a data-centric environment, each piece of data—file, email, frame of video—is tagged with its security metadata and encrypted. This allows the data to exist on the same physical infrastructure and has the potential to make current red and black networks gray.

A zero trust architecture for a data-centric system ensures the system knows the exact identity of each user and the access granted to that user based on clearance, role, nationality, and other factors considered by the mission planners. It is driven by three principles that protect data in transfer: assume a breach; never trust, always verify; and allow only least-privileged access based on contextual factors.

While the Department of Defense (DOD) builds toward the MPE vision to enable coalition collaboration in a data-centric environment, combatant commands can employ flexible innovations in zero trust architecture to build to the future now.

Zero-Trust Security Architecture

There are four core components of a zero-trust security architecture for trusted data sharing between coalition systems with various networking permissions.

  • Identity, credential, and access management (ICAM)
  • Attribute-based access control (ABAC)
  • Granular data encryption
  • Visibility and analytics

Underlying these four components is model-based systems engineering (MBSE), a methodology that creates a digital model of the system to ensure the requirements, design, and validation across its evolving lifecycle.

“A data-centric security approach ensures secure collaboration and the efficient sharing of sensitive information across coalition networks and domains. It must be based on an open standard, available to all partners, and compatible in any technology environment.”

1. Identity, Credential, and Access Management

Mitigating the vulnerabilities of single-factor authentication methods such as passwords—which are easily hacked, stolen, or forgotten—identity control and access management (ICAM) uses a combination of authentication methods working in concert. Proven in security-critical fields such as healthcare and finance, ICAM requires verification through identity characteristics such as name; credentials such as an online ID; and compliance with policies such as location. Used in a zero-trust framework, it ensures the “right person with the right credentials is accessing the right information at the right time,” as a puts it.

2. Attribute-Based Access Control

Parameters for who can access what—and under what circumstances—must be able to change as rapidly as the situation. Attribute-based access control (ABAC) enables specificity through defining characteristics relating to elements such as the user (rank, nationality); the requested action (view, download); the document type (classification level, format); and the circumstances (location, level of conflict). ABAC evaluates characteristics against all parameters before access is granted. This way, an ally could view a sensitive document only in certain locations and situations, for example.

3. Granular Data Encryption and Tagging

Communication is slowed when networks must be specially configured to share data with new participants. Encrypting data at a granular level in a trusted data format (TDF) enables rapid and secure sharing across diverse technology environments. With TDF, a secure “envelope” is placed around sensitive data—in formats such as PDF, email, images, videos, and sensor inputs. The “envelope” is addressed, stamped, and sealed with a common standard for mission-approved partner use. Data tagging ensures that users with the appropriate credentials can gain attribute-based access. For additional security assurance, an advanced cross-domain solution scans the data at ingestion to verify that no data is leaked beyond the security level indicated by the tag.

4. Visibility and Analytics

Visibility and analytics further harden a zero-trust security architecture against adversarial penetration. Visibility helps to identify, monitor, and assess the data being shared across mission partner networks to ensure it is secure. Continuous analytics head off suspicious events before they happen. Analytics enable mission partners to monitor data usage and detect anomalies that could indicate a security breach or other malicious activity.

Ongoing Model-Based Systems Engineering

Model-based systems engineering (MBSE) establishes a digital model that provides a “single source of truth” for stakeholders across the lifecycle of a system. A subset of digital engineering, it enables the modeling of requirements and architecture and facilitates simulation and requirements allocation.

For a collaborative zero trust environment, MBSE enables the close monitoring of requirements and flows across combatant commands and mission partners for continued development and seamless implementation. With a common database for solution management, analysts can generate performance reports with a single click.

MBSE offers ease and automation for flagging and tracking cybersecurity concerns, measuring performance, analyzing collected data, and forecasting performance. Notably, it enables rapid changes, adoption of new technologies, and integration of other systems—all essential in this rapidly developing space.

“A picture is worth a thousand words. A digital model is worth a thousand pictures.”

Speed Progress with Industry Partners

Although the shift to a data-centric environment will be revolutionary, technically the change will be evolutionary—as the enabling technologies already exist. Zero trust is used by business: Every time users sign in to their Google accounts or approve a bank transfer via text, zero trust security is safeguarding the process. It’s already empowering government: When veterans access digital health records from the Veterans Administration, zero trust security is actively protecting their personal information.

Industry is therefore poised to help DOD accelerate the data-centric future. What private companies don’t have is the knowledge of how to adapt their technologies to address the military’s specific goals for multilateral data sharing across a multitude of military use cases.

Now is the time for DOD to give industry periodic updates about its process and anticipated needs. It can bring industry into relevant training exercises for defense stakeholders to sample the innovation of multiple partners and begin to visualize how the military can make the most of industry’s investments. At the same time, innovators in diverse companies will have a chance to improve their technologies’ readiness.

These steps would allow defense leaders to accelerate modernization for MPE while gleaning learnings to inform the official procurement process. As threats from competitor nations increase, DOD’s knowledge of how to use zero trust solutions to combat the adversary can therefore be ever-evolving—to ensure tomorrow’s defense coalitions can stay ahead of what’s next.

Get Defense

More Defense Insights

1 - 4 of 8