Connect with us

Hi, what are you looking for?

Smart Bombs: Military, Defense and National Security

JADC2 Needs A New, Robust Security Architecture

The Pentagon. Image: Creative Commons.

JADC2 Matters: Military power is becoming dominated by information and the networks that allow data to be rapidly collected, moved, integrated, and exploited. The U.S. military is investing in advanced networks that will ensure that users can access information necessary for conducting operations at the “speed of relevance.” 

Big Data and Military: Enter JADC2

The U.S. military is becoming a data-intensive organization. The ability to connect sensors to shooters in near-real-time is viewed as critical to fighting a modern conflict. Each of the armed services is developing its own network to accomplish this. To be truly effective, these networks must also connect to relevant databases at any time. Ultimately, these networks will connect not only the entire defense establishment but also all relevant parts of the U.S. government and coalition partners. This will allow rapid, seamless communications and data sharing from headquarters in the U.S. to soldiers at the tactical edge. 

The Department of Defense (DoD) recognized that it was necessary to move beyond service-specific networks and provide a means for connecting sensors, shooters, and data sources wherever they are located. The Joint All-Domain Command and Control (JADC2) concept would provide the means to share information across the services and potentially with other parts of the U.S. government. Allies, coalition partners, and even the private sector could be included. As described in a recent analysis by the Congressional Research Service: “JADC2 envisions providing a cloud-like environment for the joint force to share intelligence, surveillance, and reconnaissance data, transmitting across many communications networks, to enable faster decisionmaking.”

The centrality of networks to the American way of war is not lost on others. Our adversaries are already are targeting the U.S. government, military, and defense industrial networks. Some of these attacks have been extremely sophisticated, allowing the attacker not only to penetrate existing defenses but remain in the networks for protracted periods of time. These networks are going to be a key target for adversaries.

The problem will get worse as networks expand to include more users, nodes, and devices. DoD envisions the creation of what has been termed an “Internet of Battlefield Things” (IoBT). This will involve the full realization of pervasive sensing, computing, and communication across all echelons down to the individual soldier at the tactical edge. JADC2 must be able to support the IoBT. 

Battlefield Data in Scale

The scale and complexity of these networks require new security measures. Network managers must have a picture of who is on a network, know if they are authorized to access requested information, and possess the means to defend against attempts to penetrate them. This will require that the defense department fully pursue emerging capabilities to identify, credential, and manage user access.

It is already evident that traditional approaches to network security, which emphasize perimeter defenses, are inadequate for the explosion in DoD networks. The Pentagon has recognized the reality that networks will be penetrated and that unauthorized users and devices will connect to the network. This is even more of a concern as JADC2 expands to connect outside the military services. The only way to deal with this problem is to adopt an approach to cybersecurity that examines and verifies every action on a network. DoD acknowledges this reality in its formulated Zero Trust strategy, the essence of which is to require validation of every digital transaction.

But how can JADC2 operate based on Zero Trust when networks are expanding at an ever-increasing pace along with demand for access to more sensors and databases, some of which will not be owned by the defense department? Zero Trust will have to function in an environment marked by the creation of expedient networks and the involvement of parties well beyond DoD. 

Getting the Untrusting to Trust

The answer is for the defense department to deploy a highly automated system that provides the key elements to support a Zero Trust strategy. These are the user’s identity and credentials or access privileges, and the ability to continuously monitor and manage network access. It is clear that in order to meet its goals, JADC2 must have the ability to ensure the legitimacy of every user, device, and transaction. 

A solution being pursued by the Defense Information Systems Agency (DISA) for DoD is called Identity, Credentialing and Access Management (ICAM). According to DoD’s ICAM strategy, agencies of the Pentagon must be able to identify, credential, monitor, and manage subjects that access federal resources, including information systems, facilities, and secured areas across their respective enterprises. ICAM will allow for the creation of multi-factor digital identities, the credentialling and authentication of users, and the making of access management decisions based on verified identities and credentials. 

In order to be effective and secure, JADC2 must be based on a security architecture, which is common across all military services and defense organizations. There need to be common standards, definitions, policies, and processes. ICAM is intended to provide the means to validate every digital transaction and provide critical real-time monitoring of network activities while not compromising on the speed with which information can be moved. This is absolutely critical if JADC2 is to be able to meet its promise.

General Dynamics Information Technologies is under contract with the Defense Information Security Agency to provide an ICAM solution to support the defense department enterprise. But more is needed. The vision for JADC2 involves connecting all elements in the defense environment down to the tactical edge. Achieving this goal is an enormous task in itself. At the same time, JADC2 needs to have a security system that supports Zero Trust by ensuring that users are identified, their credentials are appropriate, and that access to the network is secure. ICAM looks to be a good way of achieving this goal without compromising JADC2’s operations. 

Author Biography:

Dan Gouré, Ph.D., is a vice president at the public-policy research think tank Lexington Institute. Gouré has a background in the public sector and U.S. federal government, most recently serving as a member of the 2001 Department of Defense Transition Team. He is also a 19FortyFive Contributing Editor. 

Written By

Dr. Goure is Senior Vice President with the Lexington Institute, a nonprofit public-policy research organization headquartered in Arlington, Virginia. He is involved in a wide range of issues as part of the institute’s national security program.