In an increasingly connected and data-driven world, cyber threats are more prevalent than ever, and that includes the front lines of battle, where network capabilities are often limited. Rising cybersecurity concerns have prompted defense leaders to apply a more elevated and sophisticated approach to cyber resiliency, namely a Zero Trust approach. A Zero Trust architecture assumes an organization’s network is compromised, and it denies access by default.
Zero Trust has become progressively important as more commercial off-the-shelf (COTS) solutions are being woven into military systems. And while many advantages stem from the adoption of COTS solutions like more rapid technological availability to warfighters in-theater, several cybersecurity concerns come with them, including more points of vulnerability on which bad actors can capitalize.
“Ancillary and secondary systems don’t get a lot of attention, yet they touch critical systems,” explained Jacob Noffke, a senior principal cyber engineer for Raytheon Intelligence and Space (RI&S), a Raytheon Technologies business, in a recent RI&S blog post. “We have to get away from the notion that they’re not important or they’re not an attack vector because those [COTS systems] can be used to pivot attacks against a mission-critical system such as a weapon system.”
Correcting this flawed perception of COTS cyber vulnerability is an important first step in enacting a Zero Trust architecture for defense leaders. An equally important second step is understanding the layers needed to harden cybersecurity and boost cyber resiliency in those solutions for these crucial defense systems.
“Nowadays, you can’t simply rely on one solution,” Noffke said in the same post. “You need multiple solutions working together to create a holistic defense.”
Noffke pointed to RI&S’ Countervail and Boot Shield combination, a prime example of software and hardware working together to turn general-purpose machines like laptops into secure, mission-specific machines imperative to the warfighter’s readiness. By employing both a software and hardware solution, like Countervail and Boot Shield respectively, the system’s integrity is further insulated from cyber threats in-theater, allowing warfighters to confidently leverage their systems for the mission at hand.
“These are the things that combatant commanders need to think about in the field,” Brad Bradshaw, a retired U.S. Army command sergeant major and RI&S product manager for the cyber resiliency team, said in the post from RI&S. “It’s a matter of national security, and a multi-layered solution can boost the resiliency of an entire network operation.”
You can read the full post from RI&S on the importance of a layered Zero Trust approach here.