Minimizing the Military Attack Surface with Peer-to-Peer Communications and Zero Trust

By Adam Fish, CEO, Ditto

Perhaps there’s no scenario where cybersecurity is more critical than on the battlefield. Cyberattacks are potent weapons in today’s advanced, highly digitized warfare. Securing battlefield equipment and devices sharing data with warfighters, military bases, and each other is critical for the situational awareness so important for winning battles and saving lives.

Cybersecurity will become even more critical as the military implements a new, highly ambitious Joint All Domain Command and Control (JADC2) initiative. JADC2 plans to harness artificial intelligence and hundreds of IoT sensors on tanks, planes, drones, and even humans to collect enormous amounts of environmental data from every military branch, make sense of it, and deliver analyses relevant for quick decision making on the front lines.

JADC2’s IoT/AI initiative has many compelling use cases, including unmanned surveillance and weapons systems, enemy identification and targeting, situational awareness, soldier health monitoring, supply line vehicle monitoring, and preventive maintenance. It also faces some daunting challenges, such as integrating scores of different data formats and communications networks from different military branches.

Even when those challenges are met, however, airtight cybersecurity will be critical to JADC2’s IOT and AI success. If malicious hackers succeed in penetrating JADC2’s IoT/AI infrastructure on the battlefield they can wreak havoc by eavesdropping, cutting off communications, stealing sensitive battle and strategy information, deleting essential data, spreading false information, and installing and spreading crippling malware.

How Peer-to Peer Shrinks the Attack Surface

As with troops engaged in battle, shrinking the target–known in cybersecurity as the “attack surface”–is an effective way to ward off attacks. One of the best ways to shrink the digital attack surface is to shift away from the centralized approach of most Internet-based data communications, networking, and storage prevalent today towards a more distributed peer-to-peer approach.

The reasons for this decentralized peer-to-peer strategy are not just security-related. Achieving the communications performance required for fast data processing and AI useful on the front lines will most likely require dividing communications, processing, and storage between a distant scalable centralized environment, such as the cloud, and a lower-latency distributed environment at the network edge, much closer to the battlefield.

However, the need for this division has a lot to do with warding off cyberattacks as well. Traditional networks and Internet communications today largely depend on a hub-and-spoke model in which people and devices communicate through centralized systems, such as datacenter firewalls and servers, to get the credentials and access rights to do what they need to do. If they’re communicating via VPN’s, its often via a hub and spoke architecture in which all encrypted VPN communications pass through a central VPN concentrator or firewall before being routed to their destination. Communications are often decrypted and re-encrypted somewhere in the process.

Similarly, processing power, applications, and data storage also largely happen today centrally in large organizational or cloud datacenters.

There are obvious advantages to a centralized approach, such as processing power and scalability. However, the datacenters and numerous extensive network connections give motivated state actors and other individuals a strikingly large attack surface to probe and plunder, with many possible systems and entryways that can potentially be hacked. Once they find an entryway enemy attackers can spread the threat across other nodes and do their damage.

Rather than passing through a centralized datacenter, peer-to-peer connected devices create light encrypted connections directly with each other, either individually or collectively via a mesh architecture. By taking the backhauling and centralized firewalls, datacenters, and systems out of the equation, the attack surface is greatly reduced, along with the number of opportunities for hackers to breach it. Packets take the shortest path possible between nodes and stay encrypted throughout the entire communication, rather than being decrypted at a central firewall or server.  With cybersecurity, less is often more: the fewer systems, locations, and hops, the better–a lesson that applies to business IoT and cybersecurity as well.

The Key is Zero Trust

While their attack surface is reduced, peer-to-peer networks are obviously still vulnerable, however. The key to securing a peer-to-peer network is a zero-trust architecture for credentials and permissions. With a zero-trust approach, there is no network perimeter and no separation between a trusted and untrusted network. Nothing is trusted by default; everything is verified with every single transaction. Access is always based on the principle of least privilege.

Every device and/or user must prove to other devices that it has the credentials, geolocation, security posture, and granular access rights to access the data it needs in order to make the initial connection and do whatever transactions it needs to do–and only for a limited time. Each device can only see the devices and data to which it was granted access. Every device and connection is authenticated rigorously via multifactor methods and treated as if it has a public IP address. All traffic over every connection stays encrypted.

With such an approach a central authority is only needed for the one-time or occasional granting of certificates with credentials and permissions. Once those are granted, devices connect, exchange, and verify detailed information on permissions and access rights directly with each other in the form of digital certificates. No need to pass everything through datacenters and firewalls.

Rather than relying on a central database, peer-to-peer connected devices can also take advantage collectively of a secure, distributed database in which multiple devices share the data storage and verification and exchange data with each other. All connections are temporary and direct, making them a much smaller target for attackers.

In a distant battlefield scenario, there may not even be an established network, such as 5G, over which devices can communicate, or that network can be cyber compromised. In those cases, alternative communications options, such as direct connections over a proprietary network, satellite, or even WiFi or Bluetooth, can keep devices connected and exchanging critical data.

Preventing Data from Getting into the Wrong Hands

There are other hazards as well. Devices can be lost or stolen when a warfighter is killed, wounded, or captured, allowing their information to get into the wrong hands. In a corporate setting, devices can be left in bathrooms, hotel rooms, or other locations or they can be stolen.

In such a scenario, rigorous identity management is critical, and it can be useful to do what many organizations with mobile device management (MDM) systems already do; wipe the device of all applications and data. In a battlefield situation, devices can simply be programmed to self-wipe periodically to keep data and software from the enemy.

The challenges of military IoT and cybersecurity are formidable and will depend on an intelligent evolution of increasingly airtight security strategies. Reducing the attack surface via distributed peer-to-peer connections and zero trust will be one of those strategies for protecting our troops and engaging the enemy.

About the Author

Adam Fish is Co-Founder and CEO of Ditto, a cross-platform, real-time database that allows apps to sync with and without internet connectivity. He can be reached at [email protected] or via Twitter at @Adam_Fish.