Perspectives

Coalition Connectivity for Modern Warfare

control center

 

Booz Allen accelerates data-centric solutions for the globally connected battlespace. Commanders require a zero trust-hardened system to connect allies and partners, deliver mission-critical data at the speed of battle, and protect sensitive data with advanced encryption. Our data-centric technology advances the Mission Partner Environment (MPE), one of the key lines of effort in Joint All-Domain Command and Control (JADC2)—an initiative to synchronize efforts across U.S. forces and global coalition partners. 

 

Combatant commands can advance data-centric decision making now

“User experience and speed of collaboration improve with our data-centric architecture. We simplify network connectivity so that commanders have secure data at their fingertips, and mission-critical data sharing is reduced from hours to minutes.”

In combined operations, critical data must securely and rapidly traverse clearance levels, warfighting platforms, foreign and domestic networks, and end-user devices. In the current paradigm, this is a time-intensive, manual process that requires an analyst to monitor disparate coalition networks across numerous terminals and distill information at various classification levels for command and control. In addition, it often requires a cybersecurity technician to stand up network gateways to share the data across classification levels, which can take hours or even days. In a world of escalating cyber threats, this laborious approach is no longer feasible. 

Data-centric solutions will accelerate the Mission Partner Environment (MPE), one of the key lines of effort in Joint All-Domain Command and Control (JADC2)—an initiative to synchronize efforts across U.S. forces and global coalition partners. 

Building for an Interconnected Future

Data-centric security speeds up data sharing because it secures data more rapidly than network-centric safeguards and ensures a more seamless user experience. In a data-centric environment, each piece of data—file, email, frame of video—is tagged with its security metadata and encrypted. This allows the data to exist on the same physical infrastructure and has the potential to make current red and black networks gray.

A zero trust architecture for a data-centric system ensures the system knows the exact identity of each user and the access granted to that user based on clearance, role, nationality, and other factors considered by the mission planners. It is driven by three principles that protect data in transfer: assume a breach; never trust, always verify; and allow only least-privileged access based on contextual factors. 

While the Department of Defense (DOD) builds toward the MPE vision to enable coalition collaboration in a data-centric environment, combatant commands can employ flexible innovations in zero trust architecture to build to the future now. 

Zero-Trust Security Architecture

There are four core components of a zero-trust security architecture for trusted data sharing between coalition systems with various networking permissions.

  • Identity, credential, and access management (ICAM)
  • Attribute-based access control (ABAC)
  • Granular data encryption
  • Visibility and analytics

Underlying these four components is model-based systems engineering (MBSE), a methodology that creates a digital model of the system to ensure the requirements, design, and validation across its evolving lifecycle. 

“A data-centric security approach ensures secure collaboration and the efficient sharing of sensitive information across coalition networks and domains. It must be based on an open standard, available to all partners, and compatible in any technology environment.”

1. Identity, Credential, and Access Management

Mitigating the vulnerabilities of single-factor authentication methods such as passwords—which are easily hacked, stolen, or forgotten—identity control and access management (ICAM) uses a combination of authentication methods working in concert. Proven in security-critical fields such as healthcare and finance, ICAM requires verification through identity characteristics such as name; credentials such as an online ID; and compliance with policies such as location. Used in a zero-trust framework, it ensures the “right person with the right credentials is accessing the right information at the right time,” as a Department of Homeland Security primer puts it.

2. Attribute-Based Access Control

Parameters for who can access what—and under what circumstances—must be able to change as rapidly as the situation. Attribute-based access control (ABAC) enables specificity through defining characteristics relating to elements such as the user (rank, nationality); the requested action (view, download); the document type (classification level, format); and the circumstances (location, level of conflict). ABAC evaluates characteristics against all parameters before access is granted. This way, an ally could view a sensitive document only in certain locations and situations, for example. 

3. Granular Data Encryption and Tagging

Communication is slowed when networks must be specially configured to share data with new participants. Encrypting data at a granular level in a trusted data format (TDF) enables rapid and secure sharing across diverse technology environments. With TDF, a secure “envelope” is placed around sensitive data—in formats such as PDF, email, images, videos, and sensor inputs. The “envelope” is addressed, stamped, and sealed with a common standard for mission-approved partner use. Data tagging ensures that users with the appropriate credentials can gain attribute-based access. For additional security assurance, an advanced cross-domain solution scans the data at ingestion to verify that no data is leaked beyond the security level indicated by the tag.   

4. Visibility and Analytics

Visibility and analytics further harden a zero-trust security architecture against adversarial penetration. Visibility helps to identify, monitor, and assess the data being shared across mission partner networks to ensure it is secure. Continuous analytics head off suspicious events before they happen. Analytics enable mission partners to monitor data usage and detect anomalies that could indicate a security breach or other malicious activity.

Ongoing Model-Based Systems Engineering

Model-based systems engineering (MBSE) establishes a digital model that provides a “single source of truth” for stakeholders across the lifecycle of a system. A subset of digital engineering, it enables the modeling of requirements and architecture and facilitates simulation and requirements allocation.

For a collaborative zero trust environment, MBSE enables the close monitoring of requirements and flows across combatant commands and mission partners for continued development and seamless implementation. With a common database for solution management, analysts can generate performance reports with a single click.

MBSE offers ease and automation for flagging and tracking cybersecurity concerns, measuring performance, analyzing collected data, and forecasting performance. Notably, it enables rapid changes, adoption of new technologies, and integration of other systems—all essential in this rapidly developing space.  

“A picture is worth a thousand words. A digital model is worth a thousand pictures.”

Speed Progress with Industry Partners

Although the shift to a data-centric environment will be revolutionary, technically the change will be evolutionary—as the enabling technologies already exist. Zero trust is used by business: Every time users sign in to their Google accounts or approve a bank transfer via text, zero trust security is safeguarding the process. It’s already empowering government: When veterans access digital health records from the Veterans Administration, zero trust security is actively protecting their personal information.

Industry is therefore poised to help DOD accelerate the data-centric future. What private companies don’t have is the knowledge of how to adapt their technologies to address the military’s specific goals for multilateral data sharing across a multitude of military use cases.

Now is the time for DOD to give industry periodic updates about its process and anticipated needs. It can bring industry into relevant training exercises for defense stakeholders to sample the innovation of multiple partners and begin to visualize how the military can make the most of industry’s investments. At the same time, innovators in diverse companies will have a chance to improve their technologies’ readiness.

These steps would allow defense leaders to accelerate modernization for MPE while gleaning learnings to inform the official procurement process. As threats from competitor nations increase, DOD’s knowledge of how to use zero trust solutions to combat the adversary can therefore be ever-evolving—to ensure tomorrow’s defense coalitions can stay ahead of what’s next.

Meet the Authors

Click to view Brian Orr
Brian Orr
Click to view Imran Umar
Imran Umar

Get Defense Insights

More Defense Insights

Solutions
Mission Partner Environment
Mission Partner Environment
Mission Partner Environment

Learn more about Booz Allen’s solutions to connect allies and coalition partners across domains and borders. Read More

Solutions
Solutions
JADC2: Information Warfare in Action
JADC2: Information Warfare in Action
JADC2: Information Warfare in Action

Develop JADC2 faster with mesh networking, edge computing, and analytics at the edge. Read More

Solutions
Locations
Join Booz Allen in Hawaii and Across the Indo-Pacific
Join Booz Allen in Hawaii and Across the Indo-Pacific
Join Booz Allen in Hawaii and Across the Indo-Pacific

Build your future with our Indo-Pacific team, headquartered in our state-of-the-art Honolulu office. Read More

Locations

Tags

Analytics Cybersecurity Consulting Defense Military

Related Insights

Article

Read More

Article
Article

Read More

Article
Article

Read More

Article
Article

Read More

Article
1 - 4 of 8