The defense and intelligence communities have long struggled to collaborate and share information across organizational and national boundaries. This is largely due to the friction created by traditional perimeter and network-centric security models. These models make it difficult to securely share data outside of tightly controlled domains.
Thus, there is a growing recognition that network-centric security practices can sometimes hinder an organization's ability to collaborate efficiently with external partners – which, in turn, is prompting a move towards zero trust security, with an emphasis on faster data sharing by protecting information itself rather than networks.
In particular, there's been a growing focus on Zero Trust data access and Data Centric Security within the Department of Defense and its ecosystem. This shift signifies a departure from old and restrictive perimeter-centric security models, paving the way for a more fluid and secure data-sharing environment. The transition is driven by a critical need for more effective collaboration with external mission partners.
At the core of this transformation is data-centric interoperability.
There’s been no shortage of discussion and movement toward getting to Zero Trust data access and Data Centric Security, but data-centric interoperability is the unspoken why.
Per US DOD policy, the US will work alongside Partners to deter pacing threat actors, such as China.
It has not happened in my career where we've seen the technology benefits being faster, more secure, and cheaper, all coming together to enhance mission effectiveness.
The mandates (and funding) for future fights with Allies and Partners, like the Pacific Deterrence Initiative, as well as the Zero Trust mandates like White House's M-22-09 are forcing rapid adoption of Data Centric environments.
Programs led by USCENTCOM and INDOPACOM, such as the Coalition Partner Environment (CPE) and the INDOPACOM Mission Network (IMN) respectively, demonstrate the practical implementation of Zero Trust Data Pillar principles, notably in their ability to drastically reduce the time required to integrate new partners into a Community of Interest (COI) from months and millions to minutes and pennies.
The US DOD's move to replace all legacy Network-Centric Security (NCS) systems with a Secret Releasable Data Centric Security (DCS) framework marks a significant turning point. This transition, as showcased by CENTCOM's CPE program, has heightened coalition involvement and improved collaboration, notably in operations like Targeting and Combat Assessment/Battle Damage Assessment.
A core issue facing INDOPACOM is developing and applying data classification at scale so massive amounts of unstructured information can be shared more easily with mission partners based on identity entitlements and “need to know”.
Creating an automated data pipeline that can be easily accessible by allies requires meticulous indexing and tagging from the start so the right information can be accessed by the right people, with the right entitlements, at the right time, with minimal friction. But today, many operational teams are still relying on spreadsheet platforms to discover and classify sensitive targeting data. Simply stated, these manual homebrew methods for tagging data will not enable data centric security at scale.
So INDOPACOM is teaming up with DISA, Cyber Command, and others to institute unified and automated tagging models. NATO is also working through the Combined Communications-Electronics Board (CCEB) to drive interoperable Allied metadata tagging standards such as the Zero Trust Data Format (ZTDF) to automatically enforce information policy including: access controls, share limits, and more. All of this means engaging allies early about new training practices and tradecraft standards to support advanced data centric security capabilities.
Paul Nicholson, INDOPACOM's deputy chief information officer, acknowledges there is still much work yet to be done, but remains optimistic about the potential for automation once a robust tagging methodology is established.
“It's exciting that we now have a framework where we may be able to securely enhance the way we do battle management. There’s a long ways to go, but it opens a door where we can do this with our mission partners. It’s not just pairing a red target to a U.S. firing battery, but a red target to a partner firing battery."
The shift towards Data Centric Security models and adherence to Zero Trust principles represents a fundamental strategic redirection. This new paradigm promises greater agility, enhanced security, and operational efficiency in the realm of global defense collaborations. The defense community, by embracing these advancements, is well-positioned to operate more effectively in an increasingly complex and interconnected world.