Tech

US, Canada reach ‘monumental’ ICAM milestone they hope to expand across NATO

Pentagon CIO Leslie Beavers briefed DefenseScoop on a recent ICAM pilot project milestone the U.S. reached with its partner up north.

By Brandi Vincent

December 3, 2024

Listen to this article

0:00

This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment.

Source: Getty Images

The Pentagon’s Chief Information Office achieved a major milestone last week via a joint pilot project with its Canadian counterpart that’s meant to pave the way for a first-of-its-kind technology solution that federates identity, credential, and access management (ICAM).

In an exclusive interview Tuesday, Department of Defense acting Chief Information Officer Leslie Beavers briefed DefenseScoop on this unfolding pursuit — and the overarching aims for expanding it to enable the U.S. military, Canada and their other closest international partners to work more seamlessly and securely together on combined operations.

“At the heart of interoperability between nations is trust and cooperation. And ICAM is partially a technology solution, but the more challenging part is the cooperation portion and the solution,” Beavers explained.

Putting it simply, ICAM for the DOD refers to a broad approach for establishing and maintaining trusted environments where users can tap into authorized resources — like databases and information systems — while ensuring the department knows who is on the network at any specific time. It’s also a key element of the broader zero-trust architecture concept that the Pentagon is currently moving toward.

While many ICAM capabilities are already functioning across the Pentagon, there’s much room for improvement, and innovation — particularly with international allies.

“We were talking about ICAM when I walked in the building in 2018 and I hadn’t seen any really noticeable progress. That’s why I went all in last year to make headway on ICAM. And so, I think we’re to the point where we’ve got good momentum. We’ll keep building on these lessons, and then we’ll take it to the next level and make a functional, scalable, sustainable and secure network for our allies and partners, as well as the joint force,” Beavers said.

The CIO and members of her team meet every six months with their counterparts across the Five Eyes alliance, comprised of the U.S., Canada, Australia, New Zealand and the United Kingdom.

When a new top information official from the Canadian Forces, Ross Ermel, joined those meetings fairly recently, Beavers said they immediately “just kind of hit it off.” With shared intent to accelerate ICAM interoperability between the nations, Beavers and Ermel volunteered to collaboratively scope the complex challenges down from the large chunks they’d been going after to a much smaller problem they could pilot a technical solution for and work out the policy issues around to ultimately make some meaningful headway.

“And we had a big win last week when we made that happen for 35 people. It sounds like a small number, but it was the first technology solution where we truly federated our identity, credential and access management. That means that the U.S. identity provider computer trusted the Canadian certificates coming through, and vice versa. So that is a big step,” Beavers said.

Though she didn’t share the name of the ICAM capability or any platforms that might be involved in the pilot, the CIO confirmed that this is associated with a combined IT system that the U.S. and Canada built together and have been using for years — but the identity piece has always been managed on the American side only.

In federating it, the Pentagon team is now expanding its “trust” to the systems of another nation.

“So this enables them to log in from Canada, using their own identity provider to get access to these combined systems that we both use. So, it sounds small, but it is quite monumental,” Beavers told DefenseScoop.

Building momentum on these smaller-scale “baby steps,” she said the next steps involve working through the engineering and policy challenges to expand it with other Five Eyes partners in a way that should also work with every member of the NATO alliance down the line.

“We’re using kind of this small use case as the pathfinder, and then we’re building on those lessons, with an eye on exporting to NATO,” Beavers explained.

She and Ermel are set to spotlight this work at the NATO Edge Conference on Wednesday.

When previewing this latest progress for DefenseScoop, Beavers added that she’s hopeful the nations involved right now will go all in on building out the solution and accelerating the overall adoption — “because the follow on will be an update to [Allied Communications Publication 240], which is the Five Eyes directive on how to set up networks.”

Notably, the CIO and her team also consider this work to be “foundational” and “a major enabler” to the Pentagon’s plan for fully realizing next-generation, Combined Joint All-Domain Command and Control (CJADC2) that leaders believe will be a key to winning in future warfighting constructs.

“The important thing to understand is this is part of a three-step journey that gets us to full interoperability with allies and partners,” Beavers noted.

Step one encompasses instituting zero trust in the cloud. ICAM is the second piece that allows the DOD to know and trust who accesses its information in the clouds and makes them all function together. And the third step is attribute-based access control, which Beavers said occurs at the application level.

“So, we are making steady progress, and by the end of next year — with a bit of luck — we should have those three solved, at least in a simple use case, which will jump-start us as a community to build out a lot more functionality,” the CIO told DefenseScoop.