![\"\"](\"http:\/\/spaceweekly.com\/wp-content\/uploads\/2021\/06\/cybersecurity_lock.jpg\")
DefenceTalk<\/p>\nDefenceTalk<\/p>\n
HANSCOM AIR FORCE BASE: Personnel from the AFNet Sustainment and Operations Branch at Hanscom Air Force Base are partnering with the Air Combat Command Directorate of Cyberspace and Information Dominance to develop a modern software-based perimeter that will deliver zero trust capabilities to applications across the Air Force.<\/p>\n
Defined by the Air Force as a \u201cdata or application access strategy that assumes all resource requests originate from an untrusted source,\u201d zero trust networks grant access for individual requests only after establishing confidence in both the user and the device through identity verification and connection context attributes.<\/p>\n
\u201cThe concept of zero trust has been around for many years, but recent cyberattacks and the heightened cyber threat landscape have elevated the need to implement zero trust architectures,\u201d said Raju Ranjan, an AFNet Sustainment and Operations Branch engineer. \u201cLast year\u2019s National Institute of Standards and Technology special publication and the Department of Defense\u2019s reference architecture helped us better understand this strategy, and it\u2019s now a DOD mandate for all agencies to use a zero trust architecture model.\u201d<\/p>\n
Vincent Maguire, the branch\u2019s lead engineer, said the zero trust concept is a paradigm shift in how the Air Force secures its applications.<\/p>\n
\u201cWith the architecture we have now, we\u2019ve focused on hardening our network and then trusting users connected to it with a CAC (Common Access Card),\u201d he said. \u201cBut with zero trust, users can be on any network in the world, because we don\u2019t start off with the premise of trust. We establish trust at the time of a transaction and we build different levels of trust depending on how healthy the machine is and the user\u2019s identity.\u201d<\/p>\n
ACC is developing the concept and strategy for the Air Force to move forward on zero trust, the AFNet Sustainment and Operations Branch is leading the integration efforts and the Platform One team is tackling the development, security, and operations piece, Maguire said.<\/p>\n
\u201cBased on the strategy ACC\u2019s provided, Raju is leading a team of engineers that is building a software-based zero trust boundary,\u201d he said.<\/p>\n
Ranjan added the concept also offers consistency, agility and savings.<\/p>\n
\u201cCurrently, our boundary stack drives significant cost, and this concept could reduce those costs by as much as two or three times less than the current price,\u201d he said.<\/p>\n
The Massachusetts National Guard\u2019s 126th Cyber Protection Battalion recently spent a week at the Lantern, also known as the Hanscom Collaboration and Innovation Center, proving the value proposition for micro segmentation work designed to help increase the project\u2019s security, said Lt. Col. Darren Edmonds, the Lantern\u2019s director.<\/p>\n
Stephen Haselhorst, ACC Directorate of Cyberspace and Information Dominance chief technology officer, emphasized how \u201crevolutionary\u201d this project is for the Defense Department.<\/p>\n
\u201cIt\u2019s an architecture adapted from cloud-based technologies used by the Air Force Platform One team that have never been used on legacy networks in the DOD, that we know of,\u201d he said. \u201cIt\u2019s embracing a lot of modern concepts of DevSecOps, such as automation and orchestration necessary for zero trust to exist. The work that Raju is leading at Hanscom (AFB) is pretty groundbreaking.\u201d<\/p>\n
Lauren Knausenberger, the Air Force\u2019s chief information officer, agreed innovative projects like this one are key to accelerating our warfighting advantage, by simplifying digital access for our Airmen and Guardians, without sacrificing security.<\/p>\n
\u201cZero trust safely unlocks access to next-generation Joint All-Domain Command and Control warfighting capabilities by enabling seamless data sharing with our partners and allies, and greater freedom of maneuver for our warfighters,\u201d she said. \u201cAt the same time, zero trust capabilities also impose greater costs on any adversaries trying to disrupt these efforts. The inventive approach the Hanscom (AFB) and ACC teams bring to this project is exactly the mindset we need to succeed in a future fight.\u201d<\/p>\n
The project is currently in the research and development phase, with many collaborators helping to move the effort forward, including the 16th Air Force, the Air Force Systems Networking office, the Cyber Capability Center, MITRE and others.<\/p>\n
Haselhorst said the project\u2019s proof-of-concept test is expected to conclude later this summer and two bases will serve as pilot locations for the boundary stack this fall. Air Force-wide deployment is targeted for fiscal year \u201823.<\/p>\n
Maguire said ACC\u2019s timeline for Air Force-wide deployment aligns perfectly with the AFNet Sustainment and Operations Branch\u2019s five-year roadmap, which also targets FY23 for a zero trust Air Force network.<\/p>\n
The project is currently unfunded, but ACC has an FY23 budget submission that should provide the funds needed to move forward.<\/p>\n
Haselhorst said the combined efforts of the AFNet Sustainment and Operations Branch\u2019s perimeter work and the Lantern\u2019s micro segmentation work will give the Air Force a solid foundational start in the zero trust journey.<\/p>\n
\u201cThe team at Hanscom (AFB) is helping transition zero trust from a buzzword to reality,\u201d Haselhorst said. \u201cThe truly innovative solutions they\u2019re helping us develop will increase the security posture of the Air Force, while enabling Airmen to execute their mission anywhere, anytime.\u201d<\/p>\n