Cyber threats require U.S. allies to have 'zero trust strategy'

(Photo: Twitter)

[Editor's note: This story originally was published by Real Clear Wire.]

By Dan Gouré
Real Clear Wire

The U.S. military cannot fight a high-end conflict without a coalition of friends and allies. In order to conduct effective joint operations, all parties must be able to share information rapidly across secure networks. Unfortunately, adversaries such as China and Russia are conducting continuous cyberattacks on critical allied networks, often with significant success. For the U.S. to have confidence in sharing data with allies, those countries must begin now to implement a program of Zero Trust cybersecurity.

Cyber issues are a global problem now more than ever. As the leading military, technological, and economic power of the democratic world, public and private institutions in the United States deal with a barrage of cyberattacks every day. To date, there have been significant penetrations of both private and public networks. These includes the successful data breaches of the Office of Management and Budget, the Departments of State, Defense, Energy, and Commerce, as well as the IT, finance, defense, and scientific research sectors.

Allied countries in Europe and the Indo-Pacific are also experiencing significant growth in attempted cyber penetrations of their networks. In the months following the Russian attack on Ukraine, there was a significant increase in cyberattacks on European infrastructure and government institutions. Similarly, the National Security Agency discovered that Chinese hackers successfully penetrated Japan’s critical national security networks, gathering intelligence on plans, capabilities, and military vulnerabilities. Similar attacks were launched against other U.S. allies in the region, including Australia, which recently entered into a landmark nuclear sharing agreement with the United States and United Kingdom.

Get the hottest, most important news stories on the Internet – delivered FREE to your inbox as soon as they break! Take just 30 seconds and sign up for WND's Email News Alerts!

Defending against this growing threat is made more difficult by the COVID-19 pandemic and the need for millions of government workers to operate remotely. Also contributing to this problem is the growth of the so-called Internet of Things, which involves connecting billions of sensors and other devices. There is also the related Internet of Military Things, which includes traditional computers and communications devices, as well as embedded sensors and devices on platforms, weapons systems, and equipment. All this massively increases the number of endpoints on networks. U.S. government networks, particularly those operated by the Department of Defense (DoD), are the world’s largest, most complex, and most vulnerable.

Moreover, the U.S. military is looking to shorten sensor-to-shooter timelines from minutes and hours to a matter of seconds. High-speed data management and targeting cannot be based on networks that are chronically vulnerable to penetrations.

Are traditional security approaches effective against cyber threats?

Adding to the challenges of safeguarding the continually evolving and expanding U.S. defense and security networks is the need to ensure that connectivity with allies and coalition partners is secure. This is no easy task, given the differences in the ways individual countries manage network security. In addition, the U.S. military will be reluctant to share data with coalition partners or to use the information they provide if they cannot trust the security of their networks. At the same time, allies and partners are concerned that they will be unable to operate alongside U.S. forces if they lack the ability to securely link to U.S. forces and databases.

The consequence of the geometric expansion in the size and complexity of critical networks is that traditional approaches are no longer adequate to defend them from cyberattacks. Senior U.S. cyber officials have recognized the need to move beyond these approaches and implement a strategy called Zero Trust. Zero Trust takes as a foundational principle the idea that a network is always at risk of being penetrated and that all users must be continually authenticated and authorized. It is never assumed that an endpoint or user is legitimate simply because they have access to a network or database. All activities on every network must be monitorable and unauthorized users or devices must be rapidly identified and isolated.

A major element of DoD’s approach to implementing Zero Trust is called Comply-to-Connect (C2C). As the name suggests, C2C requires that all endpoints and users on a defense department network be identified, authenticated, qualified, and continually monitored. Because of the speed at which defense networks need to operate, important functions such as monitoring, incident response, and remediation are automated. Based on C2C tools and techniques, DoD networks will be able to operate at speed even while under continuous attack.

The defense department has made major strides in implementing C2C. As the Department moves to create the much anticipated Joint All Domain Command and Control (JADC2) network of networks, connecting sensors and shooters across services, defense agencies, plus allies and coalition partners, it will be imperative to expand C2C to both joint and coalition networks. The Pentagon has set a target of applying C2C to all its networks within five years.

Zero Trust is also being implemented in other federal departments and agencies. The Department of Homeland Security is pushing the federal government to adopt the Continuous Diagnostics and Mitigation (CDM) program. CDM allows users to identify who is on their networks and assess whether they are authentic, have the appropriate security capabilities, and are operating in a safe and secure manner. Like C2C, CDM automates many routine monitoring and security functions and provides for more rapid incident response and threat mitigation than can be achieved with human operators alone. In addition, CDM’s ability to continuously monitor networks allows for rapid identification of threats and vulnerabilities. It also creates the capability to rapidly send warning notices to vulnerable departments and agencies.

It is becoming clear that even as the U.S. moves towards implementing Zero Trust on all government networks, major allies are falling behind. The recent Chinese attack on Japanese defense networks is indicative of the problem. Japan, Australia, and other allied countries need to consider pursuing a strategy based on the Zero Trust approach. Capabilities such as C2C and CDM have proven their worth over the years, and it would be wise for all U.S. partners to adopt them.

Dan Gouré, Ph.D., is a vice president at the public-policy research think tank Lexington Institute. Gouré has a background in the public sector and U.S. federal government, most recently serving as a member of the 2001 Department of Defense Transition Team. You can follow him on Twitter at @dgoure and the Lexington Institute @LexNextDC. Read his full bio here.

This article was originally published by RealClearDefense and made available via RealClearWire.

IMPORTANT NOTE TO WND READERS: Believe it or not, today's high priests of climate-change apocalypse are correct in predicting that in just a few short years, the earth will become miserable, wretched and almost uninhabitable by human beings. But the grim future they envision won't come about because of "catastrophic climate change," but rather, because of the implementation of their completely insane and truly catastrophic agenda.

As Greenpeace co-founder Dr. Patrick Moore recently admitted, "If they actually achieve Net Zero, at least 50% of the population would die of hunger and disease." Likewise, writes energy expert and author Alex Epstein: "Today's proposed policies to rapidly eliminate fossil fuel use would, if fully implemented, have truly apocalyptic consequences – making the world an impoverished, dangerous, and miserable place for most people."

Question: When the scientific case for global warming apocalypse consists primarily of a 1-degree Celsius rise in temperature over more than 130 years, what explains the obsession with an imminent, climate-caused end of the world?

Although many groups have been drawn into the Climate Change Cult – from the news media (which has warned of climate catastrophe, either global warming or a "new ice age," for over a century!), to innocent school kids indoctrinated by hysterical leftist teachers, to liberal Democrats who claim "climate change" will destroy the earth in a few years – the REAL villains are the national and global elites who KNOW the apocalyptic global warming religion is just a cruel hoax, but promote and exploit it as a means of accomplishing their ultimate goal: Transforming and ruling the world.

The heart and soul of today's bizarre, pagan climate-change religion, and the global elites' strategies for using it to rule all of mankind, is powerfully exposed and illuminated in the September issue of WND's critically acclaimed monthly Whistleblower magazine, an issue titled "CULT OF THE CLIMATE APOCALYPSE: The elites' breathtaking strategy for ruling the world." WHISTLEBLOWER is available in both the popular print edition and a state-of-the-art digital version, either single issues or discounted annual subscriptions.

SUPPORT TRUTHFUL JOURNALISM. MAKE A DONATION TO THE NONPROFIT WND NEWS CENTER. THANK YOU!