ZKX Solutions, a pioneer in developing the next generation of cyber defense technology, has recently completed technical exercises at C5ISR’s NetModX event at Ft. Dix, New Jersey. ZKX Solutions’ forthcoming zero-trust authentication product, ZKX Helix, was used to bring zero-trust access control into the U.S. Army’s command and control capabilities through REDCOM’s Sigma platform. The demonstration proved that Helix could reliably protect access to tactical voice, video, and radio interoperability in in a disconnected, intermittent, and limited bandwidth (DIL) environment.
During the exercise, Helix was used within REDCOM Sigma, an existing program-of-record, to implement zero-trust-compliant access control and identity-driven protections to Sigma’s C2 functions. With Helix, C2 resources within Sigma were able to enforce foundational principles of zero-trust attribute-based access control (ABAC) for individual resources in its custody. Helix also allowed resources on the same network to receive individual access policy designations mapped to one or more attributes. Users hoping to satisfy these specific access policies had to prove they hold the attributes that have been mapped to that specific policy.
With Helix, secure access to different users on different endpoints, including tactical TW950 TrellisWare radios, was enforced with MFA on an attribute basis via a linked smartphone. Some of the attributes checked by Helix included users’ organizations, ranks, device types, and host nations. Once these attributes were verified, the corresponding MFA policy was enforced via Helix’s patented MFA protocol. MFA was conducted using PINs, passwords, device identifiers, barcodes, QR codes, and physical NFC tokens.
Furthermore, Helix showcased unrivaled flexibility, allowing the specific protections guarding these C2 resources to change in real-time to better support the mission at hand. If a commander determines that access to a voice or video stream needs to be changed, Helix gives them the ability to do just that instantly – all under the protection of zero-trust. This was accomplished by altering the relationship between one or more attributes and their corresponding MFA policy. For example, if a NATO access policy was deemed to be too lax for the mission at hand, its MFA requirements could be changed from 2FA (PIN and password) to 3FA (PIN, password, and NFC token). While conducted by a human-in-the-loop for NetModX, this functionality can be relegated to an automated security platform for real-time, intelligence-driven response to changing network conditions and security postures.
By employing this flavor of zero-trust access control fully in the disconnected edge arena, ZKX Solutions is further validating their longstanding vision of how zero-trust can be implemented in the tactical environment, with maximum usability and minimal disruptions.