The military’s zero-trust plans are about to face a big test
An INDOPACOM exercise will test the military’s data-centric security strategy.
An upcoming wargame at U.S. Indo-Pacific Command will test zero-trust, the network-security approach the Pentagon is betting can keep enemies at bay, keep allies from accessing certain secrets, and keep troops connected—even in combat.
INDOPACOM is building a network dubbed the Mission Partner Environment that will allow U.S. service branches and regional partners like the Philippines and Taiwan to share the data they need without accessing unrelated classified files. Like all new Pentagon systems, it is built on zero-trust principles, which assume that every device on a network might be compromised and works to authenticate individual users instead.
INDOPACOM’s “multinational mission force network has gone 100% zero-trust,” Rear Adm. Stephen Donald, the deputy commander of U.S. Tenth Fleet, said on Monday at the Association of Old Crows’ annual conference in Maryland.
As part of Exercise Keen Edge in early 2024, INDOPACOM will test how far it has come in implementing zero-trust and how that will affect real-time information sharing and security during a fight.
“We're going to actually exercise with our multinational partners,” Donald said. “The partner is only allowed into that set of data that they are cleared for or that they are authorized for. And it's all controlled by a built-from-the-ground-up zero trust network. And we're gonna see how well that works.”
Longer-term, the Navy hopes partners will adopt zero-trust more fully into their own security frameworks and practices.
“How do we come together across all of our partnerships and build standards together, like zero trust, that we're able to incorporate into our weapon systems natively? I think that's gonna be a longer road, but we'll see how this initially plays out,” he said.
Exercises like Keen Edge build on significant work the Pentagon has already done with coalition partners to build zero-trust solutions that work for the military, Rear Adm. Susan BryerJoyner, the deputy director for command, control, communications, and computer/cyber systems on the Joint Staff, said Monday.
Eighteen months ago when she began her job, BryerJoyner said, “Everybody was talking about zero trust and every conversation about zero trust and data-centric security was talking about an enterprise network,” as in, at the large cloud level.
But while the Defense Department is embracing enterprise cloud, following in the footsteps of large companies, the department’s security requirements—particularly for those operators close to combat where adversaries are using advanced electronic warfare tactics—are very different. They require both faster and more secure data sharing than is the case in the commercial world, she said. “I looked at it and I said ‘This is not going to help in a contested environment, cyberspace environment, when we're trying to do command and control in that fight.’”
That realization led the Defense Department to stand up a series of summits called Security Interoperability in the Tactical Environment, or SITE, bringing in eight coalition partners, including the United Kingdom and South Korea.
“We can't afford the delays that are seen at the enterprise level. And so it's that level of ground work that we're doing with our coalition partners, to make sure that from the get-go we are as interoperable as possible,” she said.