The Pentagon's cutting-edge exercises for Combined Joint All-Domain Command and Control (CJADC2) aim to revolutionize military operations by dynamically — and securely — sharing data between global mission partners, across borders and domains.
A recent Defense One article highlights the DoD’s upcoming international carrier strike group exercise. The joint coalition exercise will bring together multiple allied partners, including the U.S., U.K., and Australia, and will push the boundaries of dynamic, cross-domain data sharing. The mission? To quickly stand up, alter, and deprecate data sharing capabilities across a variety of combatant commands and foreign nations in a military exercise going down to the tactical edge.
This bold initiative underscores the importance of data-centric security, granular access controls, and the innovative application of zero trust principles, all of which are crucial not only in military contexts, but also for enterprises and organizations across sectors.
Dynamic Data Sharing in a Zero Trust Framework
The Pentagon's experiment is centered around the concept of connecting allies across domains, and is part of the DoD’s Global Information Dominance experiments (GIDE). This initiative seeks to unify the various branches of the U.S. military—Army, Navy, Air Force, Marine Corps, and Space Force—into a cohesive, interconnected network, adding allied mission partners when needed. Ultimately, the exercises will enhance situational awareness, decision-making, and operational efficiency by enabling different systems and platforms to communicate and share data in real time.
In 2025, the DoD will be taking CJADC2 to another level with international exercises designed for dynamic, cross-domain data sharing in the field. Together with the U.K., Australia, and other allied partners, the DoD will be putting cross-domain collaboration to the test — taking vessels through different ports, quickly creating “data bridges” to dynamically share information with the right individuals, systems, and devices, at the right time.
This represents a significant shift from traditional siloed military operations to a more integrated and collaborative approach across allied partners, improving responsiveness and adaptability in diverse and complex combat scenarios.
Granular Access Control and Zero Trust
A pivotal aspect of the Pentagon's experiment is the implementation of granular access control mechanisms. Granular access control allows for the precise definition and enforcement of who can access specific data and under what conditions. This is particularly important in a military setting, where unauthorized access to sensitive information can have catastrophic consequences.
It’s important that these access controls are dynamic enough to change in real time, as DoD CIO Daniel Holtzman described during a Defense One Cloud Workshop: “How do we sail that fleet through this partner that wasn't a partner yesterday, [where] there's now a partner who needs to connect to us? And we don't have a year and a half to build the new [cross-domain solution] and get it installed and get it authorized and put a U.S. person there.”
Zero trust architecture complements these controls by operating on the idea that no user or device should be trusted by default, regardless of whether inside or outside the network perimeter. This model requires continuous verification of user identities and access privileges, significantly reducing the risk of data breaches and ensuring that access to information is strictly controlled.
The Role of Data-Centric Security
Central to the success of this initiative is the implementation of robust data-centric security measures. Data-centric security focuses on protecting data itself rather than just the networks and systems that store and transmit it. This approach ensures that sensitive information remains secure regardless of where it travels or who accesses it — and it treats each data object with the appropriate safeguards and limitations to ensure that highly sensitive information is only shared in the appropriate contexts.
This is facilitated by technologies like the ODNI-standard Trusted Data Format (TDF), a framework that enables the application of granular policy controls directly to data objects, ensuring that only authorized users, systems, or devices can access or modify the data. This level of control is essential for maintaining the integrity and confidentiality of critical information in a highly interconnected, Zero Trust military environment.
For Mission Success, Data Must Move
Holtzman highlighted another important point: We can no longer sacrifice data sharing in the name of data protection. We have the technology — and the obligation — to do both, especially when life-saving missions are on the line.
“The challenge, I think, is everybody's trying to do the right thing. Their motive is right,” Holtzman said of mid-level officials and officers who inhibit the free flow of data. “Their desire is right. But their goal is, the most important thing is to protect the data. Don't share. Protect. When our goal is the mission. And that shift in thinking is what we're trying … through GIDE to show, how does the warfighter get to vote? How do they practice and train and do inventive things if you don't give them the opportunity to do that? That's really what GIDE is about.”
Indeed, data needs to be accessible — and free to move — in order to drive innovation and dynamic problem-solving. Smart military strategies must be informed by comprehensive intelligence. The upcoming CJADC2 exercises will put secure data-sharing capabilities to the test and demonstrate what’s possible when allies are given the ability to share sensitive information in real time, securely and confidently.
Governing access to data, protecting it, and sharing it with the right individuals who need access, is the ultimate goal and desired outcome of exercises like CJADC2.
What Enterprises Can Learn from the Pentagon
While this experiment primarily focuses on military applications, the underlying principles of data-centric security and zero trust have far-reaching implications for enterprises and organizations across sectors. Businesses across many industries face similar challenges in securing sensitive data and ensuring it can be shared securely and efficiently with partners, clients, and stakeholders. The stakes may not be “national security” high, but they are still remarkable when you think about the vast seas of data related to healthcare, identity theft, critical infrastructure, and criminal justice.
Commercial enterprises can enhance their security postures by adopting a balanced approach to zero trust, emphasizing defensive and offensive strategies. Defensive measures protect against external threats, while offensive strategies focus on securing data intentionally shared within and outside the organization. This dual approach helps prevent unintentional data loss and promotes safe, productive data sharing.
Virtru's data protection solutions, built on the Virtru Data Security Platform, exemplify how enterprises can implement these concepts effectively. By integrating encryption, granular policy controls, and robust key management into everyday workflows, Virtru enables organizations of all kinds — from the federal intelligence community to a small doctor’s office — to maintain control over their data, even when shared across diverse platforms and environments.
The lessons learned from the Pentagon's experiment will undoubtedly shape the future of secure, efficient, and interconnected operations across all sectors, informing best practices for how we collectively protect, share, and gain valuable insights from the data we must share.
