Cyber

GDIT tests zero-trust capability for tactical units at multilateral exercise

GDIT and its strategic cyber partner Fornetix demonstrated a zero trust at-the-edge capability at Talisman Sabre.

August 31, 2023

Joint Pacific Forces conduct Air Assault training during the Joint Pacific Multinational Readiness Center (JPMRC) rotation at Townsville Field Training Area (TFTA), Townsville, Australia, August 1, 2023. Talisman Sabre is the largest bilateral military exercise between Australia and the United States advancing a free and open Indo-Pacific by strengthening relationships and interoperability among key Allies and enhancing our collective capabilities to respond to a wide array of potential security concerns.(U.S. Army photo by Spc. Mariah Aguilar)

General Dynamics Information Technology and its strategic cyber partner Fornetix tested a zero-trust capability focused specifically at the tactical level during the major multinational military exercise Talisman Sabre this summer.

Zero trust, a concept and framework that assumes networks are already compromised and require constant monitoring and authentication to protect critical information, is typically thought of as an enterprise capability for more static networks. However, these capabilities will be needed to protect the integrity of data for units operating systems at the tactical edge, especially as the Army is moving to merge its tactical and enterprise networks into a single global unified system.

At the most basic level, what GDIT was tasked to do at the event — working primarily with U.S. Army Pacific and I Corps — was demonstrate the ability to share collaboration data with coalition partners based on country of origin and job function.

These tools included SharePoint and chat functions.

“What we were asked to do was effectively provide an access control gateway for a basic collaboration applications — SharePoint, chat, things like that — as a first step toward figuring out what mission partner environment data-sharing would look like in theater, particularly in a contested theater, like the” Indo-Pacific region, John Sahlin, vice president of cyber solutions at GDIT’s defense division, told DefenseScoop in an interview.

So-called data sovereignty is one of the biggest needs for the U.S. military. Information and data is tightly held and classified, which often makes it difficult to share and operate alongside coalition partners. This is especially problematic as the U.S. military expects to fight as part of a multinational coalition. As a result, it needs a way to securely share data and authenticate the right users have access.

The need at the tactical level is to help share data when sharing agreements might be loose or non-existent.

“What happens at the tactical edge when I now have to share data, because of the mission with a country with whom we don’t have an established bilateral” or multilateral agreement with, Sahlin said. “We had to give the maneuver commander the ability to make those decisions and to make policy definition in the theater, but then have that not interfere with their ability to participate as part of the enterprise when we’re not in that [denied, disrupted, intermittent and limited] contested environment mode.”

GDIT’s involvement in providing a zero-trust capability at the tactical edge stemmed from conversations a couple of years ago as GDIT and its partner were working with the Defense Information Systems Agency on enterprise level zero-trust capabilities and began discussing how they could be applied to the tactical level with U.S. Indo-Pacific Command.

“We needed no kidding, a zero-trust capability in order to help Indo-Pacom support the mission of ultimately fighting in that theater. This exercise was the first step to doing that,” Sahlin said, referring to Talisman Sabre.

The initial focus was on brigade-sized units.

The scope was somewhat narrow at first: demonstrate identity, credential, and access management (ICAM) capabilities for U.S. and Australian defense forces. However, Sahlin said, that grew as the exercise played out.

“By the time we were done, we were integrating data-sharing with multiple foreign mission partners, basically making in-theater decisions about adding new countries to the mix. And we were doing integration with not only Army I Corps, but with the 1st Marine Division. This turned into a truly coalition and joint data-sharing platform,” he said. “Even though it was limited to collaboration apps, what we’re able to accomplish in a very short period of time was pretty darn stunning.”

He added that the work began to demonstrate the essential tenets of Combined Joint All-Domain Command and Control (CJADC2), the Pentagon’s new concept for warfare that envisions how systems across the entire battlespace from all the military services and key international partners could be more effectively and holistically networked and connected to provide the right data to commanders for better and faster decision-making.

“If you think about the CJADC2 [concept] is supposed to be bringing sensors to shooters dynamically and making the maneuver commander in-theater decisions about how I’m going to bring new data sources into my environment and with whom I’m going to share what type of data,” Sahlin said.

The demonstration moved beyond ICAM capabilities and static access control by adding the ability to dynamically monitor user behavior and make changes on the fly while continuing to add more mission partners.

“If, for instance, you have access to a chat room because of your job function or the unit you belong to, but then you start behaving in a way that is inappropriate for that room, you no longer have access — not because of the statically defined roles and attributes, but, because of your behavior,” Sahlin, said, as an example.

“We were also fielding the capability to do data level segmentation and incorporate devices. We incorporated not only users, but non-person entities, like vehicles and things like that and paired them with the activity, so now you could do device-based access control or vehicle-based access control. We very quickly moved beyond the scope of what DOD defines as ICAM and started doing a lot more,” he said.

Additionally, GDIT and its partner sought to demonstrate that these capabilities can work in a denied, disrupted, intermittent and limited (DDIL) military operating environment.

“A lot of people who are saying, ‘Well, that’s great as an enterprise, but it completely breaks down at the tactical tiers. You can’t do this in a DDIL environment, for instance,’” Sahlin said, regarding preconceived notions prior to the exercise. “That was one of the things that we were able to demonstrate was the ability to do that in, let’s call it, challenged connectivity.”

Sahlin said he’s hopeful that GDIT gets awarded a contract to provide this to the Army, however, there are no immediate follow-on plans to continue testing this at other exercises.

“I would certainly recommend taking this to more complex exercise events, working with new data, not just collaboration data, but sensor data and other types of more complex data feeds that are more mission related,” he said. “I’d ideally like to take those to different AORs [geographic regions] as well. The Indo-Pacom AOR is super exciting and super important strategically, but we do operate in every AOR in the globe.”