US Air Force Adopts Zero Trust to Secure Flightline Operations


Air Force Flightliine

Zero trust is an important part of business transformation. As the information infrastructure expands with new technologies and locations, zero trust allows organizations to focus on protecting the data, regardless of where it is sourced or how it is used.

Now the U.S. Air Force has adopted zero trust to improve and protect its flightline. 

The flightline, strictly speaking, is the aircraft’s maintenance area; either an area of runway or a hanger. It effectively includes any part of the airfield where an aircraft is being prepared for flight. However, data from each aircraft in the flightline must be returned to a central repository for analysis and to ensure that enough parts are available to guarantee – quite literally – the uptime of each machine.

Typically, in the past, data from the aircraft would be transferred to a USB drive and literally walked to applications in the hanger, or further afield to the central repository. The flightline consequently would comprise the aircraft in its maintenance position, a maintenance engineer with a USB drive, and the central server. This is what is being updated to zero trust.

The primary driver for the move to zero trust is the digitization of workflows. This allows processes that had previously been done on paper to be done digitally – but requires a new level of digital protection to protect the data and the workflows. 

“You could describe the adoption of a zero-trust model as part of the digitization of aircraft maintenance,” said Duncan Greatwood, CEO of Xage. “The key parts,” he continued, “are firstly the movement of data – often by the physical carriage of a USB drive.”

This is neither efficient nor ultimately very secure. An important aspect of the new process is consequently the secure transfer of data into and out of the aircraft using the Xage zero trust fabric, ensuring both the confidentiality and integrity of that data.

Maintenance workflows can also be digitalized. “Historically,” said Greatwood, this tended to be done on paper checklists and clipboards, with smartphone photos of parts of the aircraft texted to the managers.

“What we’re doing is Integrating with the Air Force to allow a digitized app to replace the paper with an online list of what needs to be done in the workflow, while allowing comments and photos to be added as the work is done.” The results can then be collected and transferred with zero trust to the central computers.

While improving the ‘business’ functions of the flightline may have been the primary driver for the implementation of a zero trust-based network solution, Greatwood believes that security is also improved. “A USB key can be lost or stolen or hacked,” he said. (Consider how Stuxnet is thought to have been introduced to Natanz in 2010.) The elimination of any need to walk data between locations is a vast improvement in security. 

The ‘insider threat’ must also be considered. It is a serious threat, even in military environments that employ more detailed screening. A key principle of zero trust is the least amount of trust for the least period of time. This ensures that even if an insider turns bad – either for ideological or financial reasons or merely accidentally – the amount of harm that can be done is minimized.

The new zero trust model is being rolled out first at Dover Air Force Base in Delaware

Xage Security was founded in 2017 by Roman Arutyunov (VP Products) and Susanto Irwan (VP Engineering) with headquarters in Palo Alto, California. Duncan Greatwood is the CEO. Xage raised $16 million in Series A funding during 2018.

Related: New Blockchain Solution for IIoT Aims to Solve Scaling Problem

Related: NSA Publishes Guidance on Adoption of Zero Trust Security

Related: Microsoft Launches Free Zero Trust Assessment Tool

Related: Zero Trust or Bust?

view counter

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Previous Columns by Kevin Townsend:
Tags:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *