Can zero trust enable secure and efficient information-sharing between the U.S. military and its international partners? The Pentagon plans to find out during the upcoming Keen Edge exercise and other events in the Indo-Pacific region.
Zero trust is a cybersecurity concept and framework that assumes networks are already compromised and require constant monitoring and authentication to protect critical info. Department of Defense components are expected to move to that model by 2027, and bringing overseas allies into the fold could be critical for interoperability.
“There’s a great proof of concept going on in [U.S. Indo-Pacific Command] right now. Their multinational mission force network has gone 100% zero trust, if you will … We’re going to actually exercise this with our multinational partners,” Rear Adm. Stephen Donald, deputy commander of U.S. 10th Fleet, said Monday at the Association of Old Crows annual symposium.
The effort will be part of the next iteration of Keen Edge, which is slated for early 2024. Keen Edge is a biennial exercise that traditionally has involved U.S. and Japanese forces, but Australia is being added as part of a broader push for enhanced trilateral military cooperation.
“Keen Edge 24 (KE24), historically a bilateral Japan Joint Staff (JJS) and U.S. Indo-Pacific Command (USINDOPACOM) command post exercise, will now include the participation of Australia. KE24 will commence on 31 Jan – 7 Feb in various locations throughout the region. KE24 is designed to increase our integrated joint operational capability, refine command and control procedures, and improve interoperability among the participating countries to respond to a variety of crises and contingencies in the Indo-Pacific region,” Indo-Pacom said in a statement to DefenseScoop on Tuesday.
Under the planned construct for the event, “the [international] partner is only allowed into that set of data that they are cleared for [and] that they are authorized for. And it’s all controlled by a built-from-the-ground-up, zero-trust network. We’re gonna see how well that works,” Donald said.
“Right now, you know, it’s a login, multi-authentication factor-based network that then … layers in the appropriate encryption mechanisms so that everything from point A to point B is encrypted. You get a virtual desktop that you can view all the data in. You don’t get necessarily to print stuff out. I think we’re still working through some of that. But you get access to the data … and onboarding seems to be relatively easy through this sort of portal approach,” he added.
Donald sees potential opportunities to expand cooperation over time.
“I think the longer-term piece is, how do we come together across all of our partnerships and build standards together, like zero trust, that we’re able to incorporate into our weapon systems natively? I think that’s going to be a longer road. But we’ll see how this initiative plays out,” he added.
The Pentagon is pursuing a warfighting construct called Combined Joint All-Domain Command and Control (CJADC2) to connect the various sensors, shooters and data streams of the U.S. military services and their international partners, under a more unified network. However, there are security and interoperability challenges associated with that.
Assured command and control, battlespace awareness, and managing cyber and space capabilities will be critical in the future, Donald noted. Allies and partners will need to be part of that equation.
“It is an incredible problem. But I think we have some … technology solutions before us — things like zero trust. Really architecting that well seems to be a solid approach. The other approach is … taking some of our legacy systems and making them as secure and trusted as possible — and then onboarding that,” Donald said. “I think with zero trust, we can really earnestly start sort of a … bring-your-own-device sort of setup for partnerships.”
“We have to figure out if we can get this right,” he added. “Next year … we’ll have probably more information because this will have been rolled out. We’ll use it in a couple multinational exercises in the Pacific Rim, and we’ll have some key lessons learned.”