How the Army is always testing, training on zero trust

The Army tackled one of its toughest challenges: Creating a common operating picture for all of its allied partners.

The recent Yama Sakura 85 exercise demonstrated how the Army, the Australians and the Japanese could securely share information by using an architecture based on zero trust principles.

Col. Rett Burroughs, the chief information officer & G6 for the Army’s I Corps, said over the course of the 10-to-12 day training event last December, the Army successfully brought their allied leaders onto a single and secured network at the tactical edge.

“What we are looking at is properly being distributed across the entirety of the Pacific. We could have a command and control node anywhere in Australia, Thailand, Philippines, Japan, Korea, Hawaii, Guam or Alaska, and back here at Joint Base Lewis McChord, Washington so that now every node has roles and responsibilities. How do we ensure that conductivity happens across all of those different nodes that are very disparate and spread out? And then how do we leverage the technology of transport to ensure that we’re getting applications all the way to the edge?” Burroughs said on Ask the CIO. “We spent months preparing to ensure we had right safeguards in place. In its simplest form, in the application for the warfighter, which is definitely my area of concern, it brought the Australians and the Japanese together because before it was the Australians and the Americans, and then it was the Americans and the Japanese. The Australians couldn’t be in the same Tactical Operations Center as the Japanese. Now we have the ability for the first Australian division commander to talk directly with senior generals from the Japanese Ground Force Command.”

Burroughs said in previous exercises, the Americans and Australians would talk, and then the Americans and Japanese would talk, with the Army acting as the “go-between” for the Australians and Japanese. And Burroughs readily admits everyone knows what happens when you play the game of telephone.

“Our goal here was to establish one common operating picture and the ability to voice video chat, and share specific information,” he said. “The application of this proved critical in the ability for staff to make informed recommendations, and for commanders to make informed decisions. We weren’t just slinging all this data just because commanders need and want everything.”

Broader application than just the Army

The success of the Yama Sakura 85 exercise proved this shared network and zero trust concept for more than just the Army, but any federal organization can take the basic concepts to create a common operating picture.

John Sahlin, the vice president of cyber solutions for General Dynamics-IT, which supported the Army with integration expertise, said these same approaches could help agencies such as FEMA, which has to create shared networks to help cities or states recover from disasters.

“I’ve been fascinated by this problem set ever since I deployed for the Hurricane Katrina relief efforts back about 15 years ago. We started thinking about a military mission for that humanitarian assistance effort and it turned very quickly into an interagency and even local government support mission,” Sahlin said. “We had good communications. We had a good sight picture. We had good mapping data, which nobody else in the area did. We had to quickly share that data with first responders, the local hospital, the parish sheriff, non-government organizations like the Red Cross. I think that these are lessons of zero trust at the tactical edge for information sharing to inform that on scene commander, are lessons that can be learned, not only for the military at the tactical edge, but for any organization that has field-deployed, forward-deployed organizations that need to share data to execute a mission rapidly and make those changes dynamically with first responders with interagency support, things like that.”

Burroughs added this approach of creating a distributed network supported by zero trust tools isn’t just important for the tactical edge, but for Army commanders in garrison or commands who have to coordinate with the National Guard or local first responder communities or anyone outside of the service.

“Now we don’t have to have these disparate networks that do not talk to each other because of classification and policy, which you clearly went through during the Katrina catastrophe,” he said. “Now what we’re doing is we’re taking need to figure this out on the fly out during a catastrophe. We’re actually getting ahead of it now by addressing it before the next catastrophe. So when something does come in competition or crisis, we’re actually able to deal with it in a methodical way instead of reacting.”

Shift toward data-centricity

In many ways what Burroughs and Sahlin are describing is how the Army, and really every agency, must be more of a data-centric organization.

Lt. Col. Roberto Nunez, the chief of signal services support for Army I Corps, said the implementation of zero trust capabilities forces the end users to shift that data culture because they have to tag and label information much more specifically and consistently.

“You can say ‘all right, here’s all my data that I want to share, all my users that are also tagged and labeled as well as what they’re authorized to use and what they cannot use. Therefore, you can plug in with other mission partners to share that information and you can create that common environment moving forward, whether it’s joint coalition, at least from a DoD point of view,” he said. “If you want third parties to join in, whether it’s corporate America, academics, other organizations or other government agencies, you can do that if everything’s data-centric, labeled and tagged accordingly. This is what is great about zero trust.”

Burroughs said planning for the next Yama Sakura 87 exercise in December already is underway. But he said these capabilities aren’t turned on during the exercise and then turned off. The network is always on and therefore the Army is always iterating how to make secure information sharing better, faster and easier.

Chief Warrant Officer 4 Phil Dieppa, a senior services engineer for Army I Corps, said what the Yama Sakura 87 exercise and other demonstrations have shown the service that the “come as you are” model works because of the zero trust capabilities.

“The great thing about zero trust is that we don’t trust anything until we explicitly have that conversation and say that ‘I trust you.’ Once we do that, then we can start communicating and making those services available one at a time,” he said.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.