How NETCOM leads the Army to a Zero-Trust network
Zero-trust is a collection of concepts and ideas that assume no trust exists within a defined enterprise network. The Network Enterprise Technology Command (NETCOM) - Army Department of Defense Information Networks (DoDIN-A) Cybersecurity Strategy uses Zero-Trust principles to protect critical Data, Applications, Assets, and Services (DAAS). (Photo Credit: Courtesy) VIEW ORIGINAL

FORT HUACHUCA, Ariz. — Zero-trust is a collection of concepts and ideas that assume no trust exists within a defined enterprise network. The Network Enterprise Technology Command - Army Department of Defense Information Networks, or DoDIN-A, Cybersecurity Strategy uses zero-trust principles to protect critical data, applications, assets, and services.

NETCOM is leading several continuous improvement projects for the Army to achieve a zero-trust network that only allows enterprise organization’s account-based users access once authorized and authenticated.

The security architecture uses the zero-trust seven pillars:

  1. User
  2. Device
  3. Network
  4. Vsibility and analytics
  5. Automation and orchestration
  6. Application and workload
  7. Data

A more robust user identification and access policy, continuous monitoring of users and devices, network segmentation to prevent lateral movement, strong data security in transit and at rest and automated security response achieve a zero-trust security architecture.

NETCOM’s end state is to have a DoDIN-A based on zero-trust principles that treat every system connection and endpoint as a threat using four main premises: log and inspect all internal and external traffic, control attempted access to networks, keep network resources secure and verify all sources and resources.

Users must authenticate their identity before zero-trust permits granular access. The zero-trust framework differs from virtual private networks and internet-based cloud access as it does not grant access to all data. Zero-trust offers a least-privilege access approach, occurring for every connection. The NETCOM zero-trust architecture will give access to a user on a limited-time basis, under the right circumstances, and after user authentication. It only grants access to data needed for the user to complete their task.

NETCOM conducted a gap analysis on the current Department of Defense and Army capabilities to inform related technology decisions and implementation for operationalizing the Army zero-trust architecture.

NETCOM utilized the Cybersecurity Strategy’s core concepts as the criteria for the analysis. The gap analysis identified 26 unique gaps across the dependencies of the seven zero-trust pillars previously mentioned. Policy or configuration changes could mitigate some independent gaps at any time, while several others fall into four main groups.

The four key categories recommended in mitigation priority are internet-accessible endpoint management and security; standardized and secure access to hybrid resources; granular data access control; and logging, aggregation, automation and orchestration. This path forward guides the Army toward initiating a holistic set of solutions to enable a zero-trust framework.

The Army’s end state is to ensure secure information at all operational levels, providing users with access to required resources from any device from any location. The way for the Army to achieve its end state involves continuous improvement, optimization, and integration of an Army Unified Network to achieve zero-trust target levels by 2027. Bi-weekly Army Cyber Command and NETCOM-led Continuous Improvement Activities Board synchronizes and manages all zero-trust related enterprise efforts. Soon this effort will expand to include the Tactical Edge.

NETCOM is performing many activities to achieve or support DOD zero-trust capabilities, including a Security Service Edge Crosswalk, improving Army Endpoint Security System, integrating Microsoft Defender for Endpoint and Office, implementation of Army Unified Directory Services, Unified Security Information and Event Management implementation, as well as executing Data Tagging for Data Loss Prevention and Digital Rights Management.