Federal civilian agencies are racing to meet the Biden administration’s Sept. 30 deadline to move toward zero trust principles. While the Department of Defense (DoD) has more time – until FY2027 – to address many of the core objectives in its zero trust strategy, all government sectors are keenly focused on modernizing security to guard against cyber threats that are growing in number and sophistication.
Yet zero trust packs an impact that is broader than improving cyber defenses. The concept also enables secure information sharing for near-real-time decision-making at the tactical edge, a General Dynamics Information Technology (GDIT) cybersecurity expert said in a recent interview.
“Zero trust is more than just a way to lock down data,” noted John Sahlin, vice president of cyber solutions in GDIT’s defense division. “Anytime people talk about zero trust, they [often] focus on protecting data from an insider threat or advanced persistent threat. Those are all great use cases. But zero trust is actually a key to secure mission sharing.”
“You can use the dynamic access control policies, the nature of zero trust, to make decisions at the transaction level, about whom I’m sharing data with and under what conditions,” Sahlin added. “That enables … interoperability on the fly.”
Zero trust continues to make inroads across military operations and the broader Federal mission set, with organizations taking zero trust to the tactical edge. Chief among them is GDIT, which worked with the U.S. Army and its allies, including Japan and Australia, to deliver tactical zero trust capabilities during the Talisman Sabre and Yama Sakura exercises.
The Talisman Sabre military exercise in Australia marked the first time a zero trust capability was fielded at the tactical edge and integrated with foreign mission partners. The focus on zero trust is a key part of GDIT’s new technology investment strategy, which offers nine digital accelerator solutions – including zero trust – for government, defense, and intelligence market customers.
The DoD has increasingly focused on zero trust since releasing a zero trust strategy in 2022 that called for every part of the agency to “adopt a zero trust mindset.” GDIT was recently awarded a $922 million contract to modernize DoD’s U.S. Central Command’s (CENTCOM) enterprise IT infrastructure to, among other things, increase CENTCOM’s zero trust effectiveness.
In military or civilian environments, implementation of zero trust at the tactical edge differs significantly from enterprise and data center environments, Sahlin said.
Managing data and networks in edge environments often involves limited bandwidth and connectivity, deployment complexity, and security challenges. Tactical environments compound these challenges because of complex geography, expansive operating environments, diverse mission partners, and different requirements for access to mission data, Sahlin said.
Sahlin experienced firsthand the challenges of the tactical edge in military deployments during the Talisman Sabre and Yama Sakura exercises. Talisman Sabre was notable because it demonstrated a zero trust capability in the field to support denied, disrupted, intermittent, and limited operations – contested battlefield environments with little to no internet connectivity.
As for the Yama Sakura exercises, Sahlin recalled, “We were demonstrating the ability to put a tactical zero trust capability in the hands of the U.S. warfighters to allow them to share mission data with the Australian Defense Force and the Japanese ground forces. In addition, we were able to share data with a number of coalition partners on the fly because there are so many smaller nations with whom we need to share our mission space.”
Beyond its military applications, zero trust at the edge is important to government missions across a variety of domains, including humanitarian assistance, disaster recovery, and law enforcement.
“There are a lot of use cases where [we would want to operate at the] tactical edge in a disconnected or intermittent bandwidth mode, even outside of the military space,” Sahlin said.
Implementing zero trust is a large, complex undertaking. The key to a successful deployment is building a modular architecture, Sahlin said. A modular architecture enables organizations to break the process into incremental steps so they can leverage existing infrastructure, implement capabilities gradually, and optimize costs. Modular design also provides flexibility and scalability, as well as enhanced interoperability with other security solutions, setting the groundwork for future zero trust capabilities.
“You know, it’s never just about zero trust – it’s all about executing a mission, and the mission might require a hybrid multi-cloud environment, a software factory, or other capabilities. So that modularity and interoperability with existing infrastructure and with other digital accelerators is really critical,” Sahlin said.
View the entire discussion for more insights on zero trust at the tactical edge.