Sponsored: Securing the USAF Advanced Battle Management System
The next-generation battlefield has gone digital. The United States Air Force (USAF) is taking a major defensive leap into that new reality with its Advanced Battle Management System (ABMS) initiative.
ABMS is a modernization priority that will allow the Department of Defense to improve the speed and efficacy of command and control across the joint forces while advancing surveillance, edge communication and networking across all the programs and weapons systems it touches. At its core, ABMS will form the connective tissue needed to realize the DoD’s Joint All-Domain Command and Control (JADC2) initiative to connect “sensor to shooter” by enabling distributed mission command and information sharing across platforms and domains.
Security from the Start
Status quo cybersecurity will not suffice to support ABMS' unprecedented directive for instant and accurate situational awareness, upon which critical decisions will be based. As ABMS is still in the nascent stage, the opportunity exists to approach security in a way that makes it integral to the entire ABMS architecture and development process. That includes USAF’s desired involvement and coordination across a great number of industry vendors.
Palo Alto Networks provides a holistic security approach needed to help enable USAF missions and realize ABMS objectives. By shrinking the overhead required to manage the environments down to one platform, Palo Alto Networks can lower the cost and reduce the complexity of securing ABMS-related systems.
Meeting Key ABMS Functional Requirements
Specifically, security can be applied to three of ABMS’ seven key functional areas: secure processing, secure connectivity and application security.
1. Secure Processing
Cloud computing will be integral to all ABMS capabilities. Teams of globally dispersed personnel will depend on the cloud to share information critical to mission fulfillment. Securing cloud workloads and users is far more difficult than can be[C2] done through traditional protective measures. The cloud enables workloads to scale out during peak consumption and scale back afterward. Microservices and containers have largely become the building blocks of these dynamic environments. Rather than traditional methods like walling off network segments, the way the cloud environment is protected needs to fundamentally change to protect the full ABMS vision. Security must now be linked to high-value assets or the criticality of the unique protect surface—data, classified applications, cloud-hosted services, and a range of digital and physical assets.
2. Ubiquitous Secure Connectivity
Ubiquitous 5G connectivity is the communication fabric for the vast number of systems and devices that will be deployed under ABMS. The need for pervasive networks also carries an exponentially increased level of risk. Far more capability is being vested in technology than ever, and over open radio waves rather than closed networks. While 5G is not natively secure, solutions like end-to-end encryption are unfortunately not the answer, as risks from man-in-the-middle (MiTM) and denial-of-service (DoS) attacks still exist.
What’s more, the density of devices that will use that 5G connection are part of the sensor-driven Internet of Things (IoT). These purpose-built, high-performance devices are already being installed in a wide range of defense environments and will retrieve data at an unprecedented scale. Yet these IoT devices can pose the biggest security threat since they are typically built on small single-board computers (SBCs) that run lightweight operating systems, which are generally not designed for security.
3. Application Security
Securing the development pipeline will rely on DevSecOps, a consistent but flexible development methodology that brings security into the process at the earliest stages of development. An integrated, rapid innovation delivery mechanism, DevSecOps uses an agile pipeline approach to quickly evolve and improve innovation in small sprints, addressing bugs and vulnerabilities throughout the phases of development. This is already a positive trend in the DoD, which ABMS will build on.
All of these functional areas will require two foundational capabilities:
- The first is a full embrace of automation. There are simply not enough security professionals available to tackle, hands on, the demands ABMS will create. The new digital battlefield compels innovative approaches to gain competitive advantage. In this environment, automation will be essential to mission success.
- The other is adopting a Zero Trust Architecture. The continually changing, distributed environment that ABMS will encompass makes Zero Trust—a security methodology that mandates a “never trust, always verify” approach—essential to protecting everything within it. Palo Alto Networks is uniquely positioned to provide that end-to-end Zero Trust architecture.
Palo Alto Networks – Uniquely Positioned for Holistic ABMS Security
Palo Alto Networks’ holistic security solutions can fully support the ABMS mission and fit directly into the overall ABMS strategy. We are proud of our ability to develop and deploy security solutions that directly map to the needs of ABMS. We maintain an ongoing commitment to supporting DoD priorities, including bringing the ABMS program to realization.
Download this free white paper for more details on how Palo Alto Networks’ solutions directly support ABMS security requirements.