Insight by Mattermost
How Air Force, Space Force secure ‘ubiquitous communications’
There’s always tension between using the newest, most cutting-edge technology, ensuring it’s secure and even securing networks against it.
Air Force planes have to be able to communicate and share data with one another and back to their bases from any environment in the world, including degraded or denied spaces. But that’s just one of the many challenges Aaron Bishop, chief information security officer of the Department of the Air Force, has to face to provide secure communications to both the Air Force and the Space Force every day. He also has to ensure safe and secure communications to and from satellites in space, as well as hardened IT for more than 180 bases — essentially small cities with housing, hospitals and other critical infrastructure — around the world.
Bishop said there’s always tension between using the newest, most cutting-edge technology and the ability to use it securely, or even ensure networks are secured against it.
“I do have responsibilities to the federal government on requirements on how I protect it, but I also have responsibilities for the mission commanders to deliver on capability,” Bishop said on Federal Monthly Insights — Securing mobile collaboration. “That friction is healthy so we can have the conversation: What is it you’re trying to accomplish? What’s the best way to do it?”
Bishop said he doesn’t take a compliance-based approach to those conversations. Instead, he works with the mission commanders to give them the best possible way to accomplish the job they need to.
Consistent communication across any channel
Bishop said the department is making a push toward ubiquitous communication; that is, having the same protections across every medium that planes, satellites and other department endpoints might use to communicate in any environment, be it terrestrial link, satellite link, radio frequency or any other channel for transporting data. If a plane has to go to the other side of the planet, Bishop said he has to ensure that the data is still able to reach that plane, and it’s able to transmit back, as well as communicate with any potential international allies.
That’s also resulting in a larger focus on the supply chain, and ensuring endpoint devices have a standard set of protections, which can then be linked up via that ubiquitous connection.
“When you do that, then it’s a much easier way to change technology in and out rather than trying to research and accredit the entire thing all at once. That becomes a very problematic, time-consuming, and very slow process when we’re trying to do the whole system end-to-end rather than ‘this part is trusted, this part is trusted, bring them together to do this function that we need them to do,’” he said on the Federal Drive with Terry Gerton. “So from a mobile end user perspective, that’s what we’re trying to do. We’re trying get to, here’s the capability you need at the end. Let’s harden it and make it secure from that perspective. And then connect it into an already secure backbone that is providing the transport rather than trying to create an end-to-end solution.”
Defaulting to zero trust
The key to securing all the different kinds of data across these various communication channels is anticipating changes through zero trust principles. That way in an instance of human error, whether an operator mistake or a misconfigured system, the damage is contained and the rest of the system is protected.
That’s important because every new technology, solution or link in the supply chain introduces new vulnerabilities, but also new opportunities to apply zero trust principles. That way, IT personnel always know, as data travels from one part of the architecture to another, what they have, how to protect it, and what that looks like under normal conditions. That’s often accomplished through tags that let them know who should have access to this data, or what systems it’s allowed on.
“So the way we identify, tag and manage that data is hard, and it is a key component of how you put together a zero trust infrastructure,” Bishop said.
And that has to happen with a variety of new endpoints in mind beyond just laptops and desktops.
“Form factors are so ubiquitous beyond that today. Tablets, iPads, you might have a watch, you may have a small screen display in your Humvee vehicle, any of these kinds of component displays within an aircraft, or you may have it as a huge display for command and control of satellites,” he said. “You may have all these different form factors that you now have to incorporate into your endpoint devices that are no longer just a Windows laptop. And so all the configuration, protections, and the things we want to do for that endpoint now have to apply to all these different kinds of devices before you allow it into our ecosystem. And that becomes the other end of the challenge that I think is pretty monumental.”
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.