KEITH STRANDELL : SUDIP MITTAL
FALL 2023
|
89
ABSTRACT
Recent cybersecurity events have prompted the federal government to begin inves-
tigating strategies to transition to Zero Trust Architectures (ZTA) for federal infor-
mation systems. Within federated mission networks, ZTA provides means to mini-
mize the potential for unauthorized release and disclosure of information outside
bilateral and multilateral agreements. But when federating with mission partners,
there are potential risks that may undermine the benefits of Zero Trust. This article
explores risks associated with integrating multiple identity models and proposes two
potential avenues to investigate mitigation of these risks.
INTRODUCTION & BACKGROUND
W
ithin days following the cyberattack on the Colonial Pipeline, U.S. Presi-
dent Joseph R. Biden Jr., signed into effect Executive Order 14028: Improv-
ing the Nation’s Cybersecurity.
1
Prompted by recent “sophisticated and
malicious” cyberattacks, the order acts as a catalyst for federal agencies to
take necessary and immediate steps to coordinate with industry on improving informa-
tion sharing, adopting best practices, and migrating federal information systems from
perimeter-based security to a Zero Trust Architecture (ZTA). The foundational elements
of Zero Trust are micro-segmentation and a well-informed trust algorithm. When effec-
tively implemented with data tagging, Zero Trust provides a strong compartmentaliza-
tion model that lends itself to federated mission partner environments. However, in an
environment where mission partners are responsible for bringing to the table their own
identity models, consideration must be given to risks associated with federating multiple
mission partners.
© 2023 Keith Strandell, Dr. Sudip Mittal
Keith Strandell
Dr. Sudip Mittal
Risks to Zero Trust
in a Federated Mission
Partner Environment
