Analyzing Applicability of Security and Zero Trust Principles to Weapon Systems

The fiscal year 2022 National Defense Authorization Act (NDAA) mandated the adoption of zero-trust (ZT) cybersecurity practices into Department of War (DoW) weapon systems and operational technology. The ZT approach, which authenticates and authorizes every interaction in a network, applies most directly to enterprise information technology (EIT) and does not easily translate to weapon systems and defense critical infrastructure. An SEI study analyzed the applicability of nine security and ZT principles to weapon systems and the resulting security risks and tradeoffs.

Different Environments, Different Risks

In a ZT architecture, every user, application, system, and device is untrusted by default, and every request to access computing resources must be authenticated. This proactive, data-centric approach reduces an organization’s attack surface and enhances threat detection, response, resilience, and adaptability. But EIT and weapons systems are very different environments, and they entail different risks and trade-offs.

In late 2024, the U.S. Air Force (USAF) Cyber Resiliency Office for Weapon Systems (CROWS) asked three federally funded research and development centers to study ZT beyond EIT. MITRE addressed whether ZT could and should be implemented in weapon systems, and MIT Lincoln Laboratory looked at applying ZT principles to support mission assurance.

Our study looked at how the Air Force can start thinking about which risks and trade-offs are most important when applying zero trust to aircraft and other weapon systems.

Christopher J. Alberts

Principal Cybersecurity Analyst, SEI CERT Division

The SEI explored how foundational cybersecurity and ZT principles created for general-use computing and networks would apply to weapon systems. “Our study looked at how the Air Force can start thinking about which risks and trade-offs are most important when applying zero trust to aircraft and other weapon systems,” said Chris Alberts, an SEI principal cybersecurity analyst and principal investigator of the CROWS project.

Weighing Security and Performance Tradeoffs

The SEI report Tailoring Security and Zero Trust Principles to Weapon System Environments analyzes how ZT principles, such as least privilege and presume breach, are applied in EIT environments, and it presents special considerations for their application in weapon systems. It also provides questions that system engineers should ask when weighing the tradeoffs between security practices and their potential impacts on the weapon system’s performance and interoperability, as well as on the program’s costs and schedule.

Authentication, for example, can increase execution latency and greatly affect real-time systems. “If you have very precise timing requirements related to mission objectives, then you could have system performance issues that could ultimately degrade or lead to mission failure,” said Alberts.

Alberts added that a weapon system, unlike most other operational technologies, often supports multiple missions. Different mission environments may entail different security requirements and risk mitigations to ensure mission success.

Filling the Zero Trust Guidance Gap

The fiscal year 2022 NDAA mandated ZT implementation in the DoW’s information enterprise, operational technology, and weapon systems. The department is on its way to meeting a 2027 ZT deadline for its EIT. This environment has well-documented guidelines on the major shifts needed for authentication, authorization, and security controls. But such guidance is lacking for the specialized, real-time environments of weapon systems.

The SEI’s new study is a first attempt to fill that gap. The SEI has evolved security engineering for decades, provided ZT guidance for several Air Force and DoW EIT environments and for Army tactical networks, and evaluated software and cybersecurity for the Sentinel, Long Range Standoff (LRSO), and F-35 programs. This experience enabled the SEI’s CROWS project team to create a foundational mapping of nine bedrock cybersecurity and ZT principles to the unique requirements of weapon systems.

The CROWS project marks an early stage in the Air Force’s ZT journey beyond enterprise IT. Alberts believes the principles-to-tradeoffs mapping could evolve into a framework for applying ZT practices in real-time environments. “This is a first step on the path towards developing more tangible solutions that programs can directly apply.”

Download Tailoring Security and Zero Trust Principles to Weapon System Environments from the SEI’s Digital Library. Learn more about the SEI’s secure development work in the SEI Blog.