DOD to demonstrate zero trust, data-centric security capabilities with allies during live exercise
The Defense Department plans to demonstrate new security frameworks during a live, multinational exercise next year as part of a larger effort to mature Combined Joint All-Domain Command and Control (CJADC2).
The Pentagon is planning to implement a novel mission partner environment architecture on a live network in support of a maritime mission being led by the United Kingdom in 2025. The goal is to employ zero trust and data-centric security capabilities on a federated architecture, composed of “multiple secure, collaborative data services between partners and hosted users,” a spokesperson for the office of the Joint Chiefs of Staff told DefenseScoop in a statement.
“This enables us to create a global information sharing capability,” the spokesperson said.
The event will leverage previous work done by the Pentagon’s Project Olympus, according to a department news release. Led by the Joint Staff’s J-6 directorate for command, control, communications and computers/cyber, the effort looks to solve challenges that prevent international allies and partners from sharing critical warfighting data by testing, developing and integrating various enabling technologies via experiments and demonstrations.
During the 2025 maritime mission, the United States, United Kingdom and Canada will utilize zero trust and data-centric security capabilities that were previously tested during Project Olympus 2024, including the Indo-Pacific Mission Network and Collaborative Partner Environment, according to the spokesperson.
Other international participants include Norway, Australia, Chile, Spain, France, India, Italy, Japan, Republic of Korea, Malaysia, Oman, New Zealand and Singapore.
“As part of this activity, we will assess command and control effectiveness and performance and CJADC2 capability maturity relative to a primary line of effort within the CJADC2 Strategy, Modernize Mission Partner Information Sharing,” the spokesperson said.
CJADC2 is the department’s new warfighting concept that aims to connect disparate systems operated by the U.S. military and international partners under a single network to enable rapid data transfer between all warfighting domains.
Although the Pentagon announced earlier this year that it had developed a “minimum viable capability” for CJADC2, there are still a number of technology and policy hurdles that inhibit the department’s ability to effectively share information with allies. As a result, the U.S. is adopting new mechanisms — such as zero trust and data-centric security standards — that allow for protected information sharing.
“We’ve historically looked at security as the antithesis for information sharing,” Jim Knight, the United Kingdom’s lead for Project Olympus, said in a Pentagon news release. “The security folks come in and want to sort of clamp down. With zero trust and data centric security, they are security mechanisms, but they are enabling information sharing.”
Zero trust is a cybersecurity framework that assumes adversaries are already moving through IT networks, and therefore requires organizations to continuously monitor and validate users and their devices as they move through the network.
The strategy differs from traditional “perimeter-based” security models that assume all users and devices can be trusted once already inside a network. It requires Pentagon components to modernize their IT infrastructures, as well as adopt new governance processes.
“I think that’s a key focus point,” Knight said. “For the first time, we’re getting that balance right in terms of applying more security. And by applying more security, we’re getting greater information sharing.”