ACC looks to Zero Trust architecture for network security

  • Published
  • By Haley Brown
  • Air Combat Command Public Affairs

Air Combat Command hosted industry partners from companies including Google, Microsoft, Unisys, Cisco and Palo Alto on January 23-24, 2020, at the MITRE Corp facility in Hampton, Virginia, for the ‘ACC Zero-Trust Summit’, to discuss a potential zero trust architecture for the U.S. Air Force.

ACC Directorate of Cyberspace and Information Dominance (A6) is taking initiative to field a new network approach to ensure that the service’s network becomes stronger in the current information operations environment.

The aim of zero trust architecture (ZTA) will allow Airmen to move away from a Perimeter-based model of defending the network, to an identity and data-centric security model.

Lt. Col. James Lotspeich, Chief Technology Officer, ACC/A6, believes that it is vital to the Air Force to ensure that the information and resources that are stored are safe from adversaries, and by implementing a ZTA infrastructure, this could be possible.

“Zero trust is a concept that basically assumes that our network is already compromised,” said Lotspeich. “It is an application of technology, policy and strategy, so that we can protect our resources, specifically the data that’s on our network, in a manner that limits how that data can be exfiltrated by adversaries.” 

The transition to ZTA in conjunction with modern data strategy, will enable the Air Force to leverage new technologies and associated security features through the use of defined attributes of network users and data.

“It’s a comprehensive strategy that covers network security,” said Lotspeich. “There’s a lot of different technological pieces to it that we’re working on, but it’s really a strategy that drives how we move forward with our networks and the way that we communicate today.”

The objectives of the ACC Zero-Trust Summit included achieving common terms for ZTA, ensuring industry partners understand the Air Force’s strategy and associated technology gaps, developing the military’s short-term and long-term ZTA goals, and more.

“The first step in giving someone access to data, is you need to know who they are and that’s a difficult thing to do at scale,” said Rick Moon, Identity Solutions Branch Enterprise IT and Cyber Infrastructure Division/HNI the ‘Enterprise Information Technology and Cyber infrastructure Division’ of HN, the ‘Command, Control, Communications, Intelligence and Networks Directorate. “Knowing who’s accessing your resources, knowing where they’re coming from and what resources they want to access, is all very important, and you need something at an enterprise level to give that consistent user experience that our warfighters want.”

Moon said he believes that Identity Credential Access Management (ICAM) and Common Access Card (CAC) credentials play a crucial role in ZTA.

“Binding a human to a digital identity is really hard to do, said Moon. “A lot of companies have really cool looking credentials but their business model is quite different from the DoD, --We  have to know who is entering our system so rather than getting rid of the CAC, we’ll use it to derive other credentials from that CAC.”

Lt. Gen. Chris Weggeman, the deputy commander of ACC, said ZTA is the future of cyber security within the Air Force.

“I’m passionate that zero trust networks are the key for how we achieve cyber space superiority in the 21st century against the nation states and the ‘cyber hacktivists’ that are out there trying to deny our freedom of maneuvering from, and through cyber space,” said Weggeman about the service’s need to identify positive paradigm shifts. “Zero trust is not about a widget or a capability, it’s about a strategy.”