Secure Cognitive Architecture
Jason L. Lind
Seeking the Next Chapter of my Adventures in Software Architecture/Engineering
Historically base security has had a focus of maintaining a tight perimeter with additional perimeters configured at, and within building sites. Ostensibly this would be a proper application of Zero-Trust Architecture (ZTA) however this strategy is missing a key component: continuous evaluation of the protect surface.?
The primary goals are to achieve the following:
--> Identify COTS or develop custom Android based Health Watch
--> Deep Learning models to differentiate wearers of uniquely identified wearables as individuals – when coupled with a HUF (Hardware-Unique-Factor) enabled device this would provide constant presence of identity
--> Analyze a combination of temperature, blood pressure, and pulse-ox to identify potential communicable diseases and aid in contact tracing
--> Provide real-time health statistics to prioritize rescue/evacuation
--> Base directions
--> Enhanced signage based on Multi-Level-Security
--> Visual Authentication of individuals by Security Forces
领英推荐
Achieving a Base Beyond the Base
Extending the Physical Protect Surface into Cyberspace
By many predictions, the sudden uptick in telework among DoD service members and civilian staff as a result of COVID-19 is only going to accelerate. However for many to perform their work they must have access to highly secured networks (e.g. SIPR) and their information which is currently only available on a physical base.
This is primarily for two reasons:
1.????Physical access security to the base is viewed as an enhanced vector to better assert the identity of those accessing classified systems
2.????Secure access often utilizes physically separated classified and non-classified networks
For (1) we contend that a perimeter based physical security model - even one that continuously bounds the protect surface by securing movement within and within each new perimeter - is only a possible factor and a proper “presence of identity” factor can augment, if not replace, physical security when accessing cyberspace systems.
As to (2) we agree that maximum security involves separate networks however realistically in our new world we contend that this is not an option – all military activity comes with risk analysis, and we must mitigate security risks as much as possible while providing operational functionality. Bottom line if we live in a world where many personnel find themselves primarily working off-physical base we need to build a “virtual base” around them.
By reading and analyzing real-time biometric data and combining that with military GPS data that gives near exact position resolution we can have a greater “verification proposition” for determining the true identity of the person access a device at their location. This could include 1st party secured devices such as cell phones or laptops that have additional military grade factor readers – including: fingerprint, iris and smartcard readers – or even 3rd party devices such as public kiosks with only username/password verification.
Based on the number of factors, and a confidence score of those factors, access to SIPR and other secure network resources could be partially or fully allowed forming a “base beyond the base.”
Zero Trust Abstract Model (ZT4)
Zero Trust Architecture (ZTA) was coined in 2009 by John Kindervig and at its core is about shrinking the verification perimeter as close to the data as possible manifesting a “protect surface” that can be continuously monitored for threats. Dr. Chase Cunningham later authored Zero Trust eXtended (ZTX) which creates a simultaneously more robust and abstract implementation of ZTA.?
ZT4 is in a similar vein in that it describes a vertical ZT structure heavily influenced by ZTX.