Army Evaluates Zero Trust Cybersecurity for JADC2
The Army wants to implement a zero trust cybersecurity framework as it transforms itself into a data-centric force. The service has seen how the technology can safeguard critical decision-making data that it wants to harness for future operations.
The Army recently heard pitches about technology that can protect critical decision-making that the Pentagon will process for future operations.
Raytheon Intelligence and Space demonstrated its Operational Zero Trust platform to service officials at this year’s Project Convergence experiment hosted by the Army, according to the company. Raytheon showcased the platform during the experiment’s inaugural “technology gateway” held in October at Yuma Proving Ground, Arizona, which served as an opportunity for Army officials to assess emerging technologies in operational environments.
During Raytheon’s presentations, the company used a digital model to scale Operational Zero Trust to accommodate different Army command levels and demonstrated the platform’s ability to detect and respond to malicious attacks in a warfighting environment, said Greg Grzybowski, account executive for the Defense Department Cyber Defense Account at Raytheon.
Project Convergence allows the Army to test technologies for joint all-domain command and control, also known as JADC2. The Pentagon-wide effort aims to link platforms through a single network that quickly transfers decision-making data between multiple sensors and shooters.
The data harnessed by the service for joint operations will need to be protected as it moves between endpoints, Grzybowski said.
“The idea here is you have to defend the data at all points, hence policy enforcement points and endpoint protection. If you’re doing that, the best way to do that is a zero trust design,” he said.
Zero trust cybersecurity is a framework that requires all users to be authenticated and authorized after every digital interaction. In addition, data in JADC2’s network cannot be trusted after it is collected and transferred until it is also verified, Grzybowski said.
The Army signaled it wants zero trust cybersecurity as part of its modernization efforts. The service released an updated cloud plan in October that, for the first time, included the implementation of zero trust architecture as one of its priorities.
“We’ve actually heard the Army and [Defense Department] talk about data as a new ammunition,” he said. “If I can’t secure every zero and one as it moves across the network, then there’s all kinds of attack surfaces that can be compromised.”
Operational Zero Trust combines technologies that act as data endpoint protections from Raytheon and other industry partners, including both zero trust policy enforcement points and cyber resiliency technologies, he said. This gives operators the ability to “plug and play” zero trust and cyber resiliency technology specific to their needs, he added.
Each partner’s endpoint protection employs different elements of cybersecurity for Army infrastructure — such as protecting its networking layer or mandating user access — that act as a defense mechanism against an adversary’s attack, Grzybowski said.
The “brains” of Operational Zero Trust is the company’s REDPro ZTX platform, Grzybowski said. It identifies malware attacks from endpoints and either responds to the attack or sends attack information to a higher command level for further analysis, he said. This can be done with preprogrammed scripts or by an operator, he added.
Raytheon hopes it can demonstrate how Operational Zero Trust can benefit the Army’s data security goals through further tests on service equipment in integration labs and in the field, he said.
“We’re trying to let the customer know in any way we can that it’s not a technology limitation,” he said. “It’s really about how you buy it and how you deploy it and how you work together across services that will get you interoperability.”