Zero Trust or bust

  • Published
  • By Air Force Staff Sgt. Cheyenne Lewis
  • 325th Fighter Wing Public Affairs

As information warfare continues to evolve into a key mission element, it’s imperative that the U.S. Air Force remains vigilant and continues to advance fortification for its information-based assets. That’s where Zero Trust comes in.

Throughout 2021, the 325th Communications Squadron implemented Zero Trust across Tyndall Air Force Base cyber systems. Zero Trust is a security framework which requires users to be repeatedly authenticated and validated when accessing system assets.

“A traditional [information technology] network trusts people inside the network but not outside the network,” said Senior Airman Liam Phan, 325th CS cyber systems operator. “The reason why that’s flawed is because once attackers get in, they’re trusted within the network. The concept of Zero Trust is more secure because everyone, inside and outside, must be verified to access our resources. That extra layer of security prevents data breaches.”

As a result of increased security breaches across the nation to better prevent malicious cyberattacks, President Joe Biden issued an executive order in May 2021, which mandates IT improvements to all U.S. federal agencies’ systems. Zero Trust was designed to meet the requirements laid out within that executive order.

“I believe as the cyber environment grows and people get smarter, we have to think of new ways to prevent attacks,” Phan continued. “This is another way to upgrade our security…and getting better as we go.”

Although there are many changes when switching from a traditional “trust, but verify” approach to the new Zero Trust system, the 325th CS team is confident most users won’t notice a difference. The addition of continuous verification is the primary update members may physically see.

“Every time a user wants to get on a certain application, [such as] Outlook or Word, it has to authenticate you every time to make sure you are still who you say you are,” said 2nd Lt. Jasmine Orr, 325th CS officer in charge of network operations. “That’s partly why you may be asked for your PIN more often than you’re used to on certain applications.”

In addition, Zero Trust analyzes users’ geolocation, firmware, operating systems, behavioral data, credential privileges, hardware type, patches and security detectors to prevent breaches and minimizes the impact if a breach does occur.

“Zero Trust is a common practice with corporate businesses,” Orr concluded. “As the ‘Installation of the Future’, we’re trying to modernize and make sure our network is more secure.”

As Tyndall and its mission grows in the coming years, network security is vital. As Orr put it simply, “this keeps the bad guys from stealing our information. Knowledge is power.”