Personnel from the AFNet sustainment and operations branch at Hanscom AFB, Mass. and Air Combat Command’s (ACC) directorate of cyberspace and information dominance are teaming to develop “a modern software-based perimeter”–a Zero Trust Architecture (ZTA)–to protect cyber applications from intrusion and interference across the U.S. Air Force, the service said.
ZTA assumes networks are compromised and instead focuses on the defense of applications’ data. Zero trust networks “grant access for individual requests only after establishing confidence in both the user and the device through identity verification and connection context attributes,” per the Air Force. Plans call for the service to begin implementing ZTA in fiscal 2023.
Zero Trust holds promise in deterring and defeating cyber threats from nations and hackers, ACC has said.
In January last year, MITRE Corp. held an “ACC Zero-Trust Summit” at MITRE offices in Hampton, Va., to discuss the architecture with ACC and companies, such as Google [GOOGL], Microsoft [MSFT], Unisys [UIS], Cisco [CSCO], and Palo Alto Networks, Inc. [PANW] (Defense Daily, July 16, 2020).
Raju Ranjan, an AFNet sustainment and operations branch engineer, said that the concept of ZTA is not new, yet recent cyberattacks and heightened cyber threats to DoD have added urgency to establishing ZTA in DoD. “Last year’s National Institute of Standards and Technology special publication and the Department of Defense’s reference architecture helped us better understand this strategy, and it’s now a DOD mandate for all agencies to use a zero trust architecture model,” he said in a June 27 statement.
ACC has been at the forefront of Pentagon efforts to implement a Zero Trust Architecture, which gathered steam after the recent compromises of software supplied by Microsoft [MSFT] and SolarWinds [SWI] to non-DoD federal agencies (Defense Daily, Apr. 14).
The new ZTA appears to promise significant flexibility for front line forces. While current practice focuses on hardening cyber networks and trusting users connected to them with a Common Access Card, future DoD users will be able to use any network around the world, as long as users gain the trust required to use such networks at specific levels of trust.
While ACC is developing the concept and strategy for the Air Force to move forward on zero trust, the AFNet sustainment and operations branch is leading the integration efforts, and the Platform One team is addressing development, security, and operations of ZTA.
The Massachusetts National Guard’s 126th Cyber Protection Battalion “recently spent a week at the Lantern, also known as the Hanscom Collaboration and Innovation Center, proving the value proposition for micro segmentation work designed to help increase the project’s security,” Air Force Lt. Col. Darren Edmonds, the Lantern’s director, said in a statement.
Stephen Haselhorst, the chief technology officer for the ACC directorate of cyberspace and information dominance, said that ZTA is adapted “from cloud-based technologies used by the Air Force Platform One team that have never been used on legacy networks in the DOD, that we know of.”
“It’s embracing a lot of modern concepts of DevSecOps, such as automation and orchestration necessary for zero trust to exist,” he said.
ZTA will enable next-generation Joint All-Domain Command and Control (JADC2) and create costs for adversaries trying to disrupt U.S. military C2, per Lauren Knausenberger, the Air Force’s chief information officer.
Defense Secretary Lloyd Austin recently approved the Pentagon’s JADC2 strategy (Defense Daily, June 4).