US Army seeking zero trust software for tactical networks

US soldiers carry out the Warfighter Information Network-Tactical Transportable Tactical Command Communications operational test at Joint Base Elmendorf-Richardson, Alaska. (US Army)

US Army officials are looking to develop a new slate of zero trust software for use on the service's tactical networks as a way to further insulate battlefield command, control, and communications operations from rapidly maturing cyber threats.

Industry proposals for tactical zero trust software are due to programme officials at the army's Command, Control, Communications, Computers, Cyber, Intelligence, Surveillance and Reconnaissance (C5ISR) Center by 15 March, with the end goal of developing network software that aims “to address the [zero trust] activities for the tactical environment to as far down into the network as feasibly possible”, according to a 5 March solicitation.

Commercial and government networks developed within a zero trust architecture operate under the assumption that an organisation's networks are not just at risk of a cyber intrusion, but that they are already compromised.

Civilian cyber-security efforts in commercial networks have long adopted elements of the zero trust architecture, in that they regard their systems as compromised from the very beginning. The army and the US Department of Defense (DoD) writ large are in the nascent stages of developing and integrating zero trust concepts into its networks.

The concept inside the Pentagon “has emerged as a solution, advocating for ‘never trust, always verify' in the dynamic cybersecurity landscape”, army officials said in the 5 March solicitation. Even though requirements and enabling technologies for the software's development are being kept under wraps by C5ISR officials, they did note that software applications focused on “real-time monitoring and dynamic access control are crucial” to impart zero trust concepts into combat networks via the new software.