As the military moves towards utilizing a Joint All Domain Command and Control (JADC2) data fabric across operations, the Army and other military departments are increasingly engaging in operations across multiple domains. In order to maintain staunch cybersecurity practices in these environments, the military must move to zero trust, Army CIO Raj Iyer said Sept. 8.
While discussing the Army’s increased used of commercial off-the-shelf (COTS) products in the Army’s build towards the JADC2, Iyer said that zero trust architecture is the only way to keep the Army secure in multi-domain operations during the Defense One Defense News Conference.
“There’s just no other way to do it other than zero trust,” Iyer said during the virtual conference. “We are heavily relying on commercial technologies to enable JADC2, we are no longer in the mode of writing our own software building our own revenue system platforms from scratch.”
“We’re going to leverage these digital technologies, and we’re rapidly integrating them on the platforms or the decision support systems for our mission command,” Iyer added.
The downside to leveraging these technologies, however, is that it “exponentially” increases the Army’s attack surface area, Iyer said. As such, the zero-trust security model can help the department change cybersecurity philosophies to keep itself protected.
“Our approach fundamentally, in terms of how we’re going to protect our data and access, all has to change from this kind of Perimeter Defense approach,” Iyer said.
Iyer said the previous cybersecurity approach has led to an increasingly siloed response that is ultimately hurting the department. Iyer said the Army is in the process of setting up a zero trust network architecture based on the reference architecture that the Defense Information Systems Agency (DISA) released for the Department of Defense in May.