Insight by Akamai

Why the Air Force and other services are embracing zero trust now

The cybersecurity world is becoming more complex as threats from abroad and at home amp up the way they attack systems. That’s why many government agencies and companies are subtracting to zero when it comes to trust around their networks.

Each of the military services are embarking on their own zero trust journey, and that includes the Air Force’s Air Combat Command (ACC).

“We will all learn from one another about what technologies work, what strategy works, what architecture is best fitting for the particular mission that we have,” Brig. Gen. Chad Raduege, director of cyberspace and information dominance at ACC said during the webinar Zero Trust in Complex Cybersecurity Environments sponsored by Akamai. “We’re all advancing together.”

For those uninitiated, according to Jay Bonci, director of government engineering at Akamai, says zero trust is a massive sea change for how people think about fielding capabilities and enabling access for employees.

“In a in the zero trust world, individual stakeholders need to work in a lot tighter concert to be able to secure assets,” he said. “Every transaction, every request, and every interaction with an IT system needs to be validated, secured, logged and monitored. It’s a different way of thinking about the enterprise.”

Raduege said ACC is experimenting and trying to fail fast in order to implement zero trust as quickly and effectively as possible.

“We are looking for opportunities to take the next step,” Raduege said.” We have a pilot effort right now at Tinker Air Force Base, in Massachusetts. The next pilot efforts that that we’re looking to do are based on the weapon systems that are out there. They are ripe to bring in zero trust architecture and strategy and build it accordingly.”

The current pilot effort at Tinker is looking at ways to authenticate and secure users with the least amount of hassle. The Air Force hopes to then build that out to the rest of the service.

“We’re also doing some analysis. Part of the pilot effort is to assess our current organizational alignments. Do we have the right operator mix? Do we have the right technology tools in place to get instantaneous feedback, and pivot and make fast decisions to protect our network?” Raduege said. “Some of that operational analysis is taking place right now. We will use that information to inform any organizational realignments as we as we move forward.”

Bonci said organizations like DoD and companies need to jump on the zero trust train now before it’s too late.

“We needed zero trust 10 years ago, we needed it way back in the beginning as well,” he said. “What we’ve come to learn about traditional IT defenses with a boundary is that they have proven themselves ineffective. If you look at a large heterogeneous IT organization, you’ll note that there are holes in those defenses.”

The Air Force and DoD as a whole are now pushing to fill those holes. Malicious actors from North Korea and Russia are constantly testing the military’s cyber systems. The transition to telework during the COVID-19 pandemic is making the need for zero trust even more eminent considering there are more devices and larger attack areas.

“COVID really just open people’s eyes that say we must do this. Now, we cannot wait. We have to undertake this challenge, both for the convenience, the work/life balance and the safety of our workforces,” Bonci said. “Now that individual workers have had that taste of being able to be effective from home and having that flexibility; that’s going to be a demand that they place on their employers going forward, even the Department of Defense. People are not going to want to change back from this telework world. It’s time to embrace zero trust, enable it, and really make it as secure as it can be.”

Definition of Zero Trust

We will all learn from one another about what technologies work, what strategy works, what architecture is best fitting for the particular mission that we have. We're all advancing together.

Zero Trust Implementation in DoD

In a in the zero trust world, individual stakeholders need to work in a lot tighter concert to be able to secure assets. Every transaction, every request, and every interaction with an IT system needs to be validated, secured, logged and monitored. It’s a different way of thinking about the enterprise.

Industry Analysis of Zero Trust

We needed zero trust 10 years ago, we needed it way back in the beginning as well. What we've come to learn about traditional IT defenses with a boundary is that they have proven themselves ineffective. If you look at a large heterogeneous IT organization, you’ll note that there are holes in those defenses.

Steps to Incorporate Zero Trust into a Security Blueprint

COVID really just open people's eyes that say we must do this. Now, we cannot wait. We have to undertake this challenge, both for the convenience, the work/life balance and the safety of our workforces.

Listen to the full show:

Featured speakers

  • Brigadier General Chad Raduege

    Director of Cyberspace and Information Dominance, Chief Information Officer, Headquarters Air Combat Command, U.S. Air Force

  • Jay Bonci

    Director, Government Custom Engineering, Akamai

  • Scott Maucione

    Defense Reporter, Federal News Network

Sign up for breaking news alerts