Coast Guard Goes All-In on Zero Trust Architecture
Coast Guard photo
CHARLESTON, South Carolina — In order to strengthen cybersecurity and implement zero trust architecture, the Coast Guard must invest in understanding data, a service official said.
Zero trust architecture refers to evolving cybersecurity paradigms that prioritize protecting data by repeatedly authenticating, authorizing and validating system, application and data access.
Implementing zero trust architecture presents a change to how the Coast Guard approaches security, especially when the Defense Department and the individual services have differing requirements.
“We need to focus on better identity management, focusing on the data side of that,” Capt. Andrew Campen, engineering services division lead at the Command, Control, Communication, Computer, Cyber and Intelligence Service Center at the Coast Guard, said at a panel at the Eastern Defense Summit in December. “[We must] realize that data is the piece that’s important, not the system itself. Identity management is key for us. Understanding data is key for us.”
Successfully implementing a zero trust architecture is incredibly difficult in the digital age, especially with the vast amount of mobile devices and defense and security technology.
“I think we’re also challenged here as we get into today’s world, all the new mobile devices, all these new toys that we’re bringing to the table,” Rear Adm. Chad Jacoby, assistant commandant for acquisition and chief acquisition officer of the Coast Guard, said. “We want to introduce them to our IT environment. How do we do that from a zero trust architecture perspective? It’s going to be very difficult.”
Though achieving zero trust architecture is critical to safely conduct multi-domain operations, protecting other data is also crucial.
“A lot of departments out there with commercial environment needs, we need to protect our data, whether it’s our health records, our financial data,” Campen said. “We want to secure our personnel data in the Coast Guard and our operational data to make better decisions as well.”
Zero trust architecture is complex, and the Coast Guard must focus on understanding data and understanding the different roles it can play, Jacoby said.
“There’s the server workstation zero trust architecture to solve, but there’s also the operational technology zero trust architecture to solve, and it allows me to bring that from the center and say that our embedded systems on our ships, aircraft and shore stations need to meet the same mandate,” he said. ND
Topics: Maritime Security