Category Archives: security

“Coast Guard Goes All-In on Zero Trust Architecture” –National Defense

Posted on by
Reply

A team from the U.S. Coast Guard Academy participated in the National Security Agency’s 20th annual National Cyber Exercise (NCX), a three-day cyber competition that tests the offensive and defensive cybersecurity skills virtually, April 8-10, 2021. The Coast Guard Academy recently instituted a Cyber Systems degree to meet the needs of the services cyber security strategy of defending cyber space, enabling operations, and protecting infrastructure. (U.S. Coast Guard photo by Petty Officer 2nd Class Hunter Medley)

National Defense reports,

“We need to focus on better identity management, focusing on the data side of that,” Capt. Andrew Campen, engineering services division lead at the Command, Control, Communication, Computer, Cyber and Intelligence Service Center at the Coast Guard, said at a panel at the Eastern Defense Summit in December. “[We must] realize that data is the piece that’s important, not the system itself. Identity management is key for us. Understanding data is key for us.”

“Zero Trust” is a concept that is frequently talked about, but for me at least, little understood. I don’t think I have mentioned the topic here previously.

Zero trust architecture refers to evolving cybersecurity paradigms that prioritize protecting data by repeatedly authenticating, authorizing and validating system, application and data access.

There is, of course, a desire to prevent sensitive data being stolen and a desire for operational security. Conversely there is a desire to make information usable and to act quickly on time sensitive information.

Operationally we don’t want forces diverted from an actual case by false information, but we also do not want a desire for validated information to filter out time critical but incomplete early indicators–we don’t want to be like the Duty Officer at Pearl Harbor who wanted “confirmation” before reporting USS Ward’s attack on a small submarine early on Dec. 7, 1941.

It all just sounds like good opsec, but it has been complicated by access to multi-user data bases. As the post notes, “Successfully implementing a zero trust architecture is incredibly difficult.”