Contributors are retired Col. Travis Hartman, a senior technical director at MANTECH, who formerly served as chief of defense cyber for the U.S. Army’s ARCYBER staff; and retired Rear Adm. Stephen Donald, technical executive director for MANTECH’s Cyber Practice, who formerly served as deputy commander, Fleet Cyber Command, during Zero Trust Adoption.
For decades, cybersecurity relied on the Castle and Moat or Layered Defense approaches, focusing on the perimeter, firewalls, and VPNs. The underlying assumption was simple: trust anyone inside the network. This was driven by technological constraints and outdated mindsets. However, sophisticated Nation State attacks, like Volt Typhoon, have repeatedly shown that adversaries can penetrate these perimeters, establishing persistent access with existing tools.
Zero Trust Architectures apply the adage of Trust no one, always verify to our networks. They deliver a fundamental re-engineering across three critical pillars: technology, the organization, and the operational culture—all required to enable the mission in a modern digital environment.
1. Re-Engineering the Technology:
Zero-Trust brings the concepts of eligibility and need to know, familiar to those with security clearances, to the digital world. Historically, Role-Based Access Controls (RBAC) governed access, assuming a role (like a logistics officer) required access to all related data. The U.S. Navy’s FlankSpeed initiative successfully moved beyond this rigid approach. It demonstrated that dynamic Attribute-Based Access Control (ABAC) increases protections, prevents “role explosion,” and improves policy agility without disrupting normal workflows.
If RBAC is a master key, ABAC acts as an interrogator. It doesn’t just ask “Who are you?” It asks, “What is your device’s health?”, “Where is your location?”, and “Is your access valid for this specific file right now?” This re-engineering prioritizes identity telemetry over network location. The Navy transformed a rigid infrastructure into a real-time system, enabling novel mitigations against new threats and enabling partners to contribute instantly without onerous integration
2. Re-Engineering the Organization:
Sustaining a 21st-century mission on a 20th-century technical foundation is impossible. Bolting on Zero Trust to legacy technical debt is a losing battle.
Strategic success demands a “Greenfield” mindset. For the Navy, this meant the courage to divest from legacy networks, silos of technical debt and vulnerability, and consolidate into a unified, secure cloud framework. This organizational re-engineering is about more than just security; it’s about agility. It shifts resources away from maintaining old data centers and reinvests into high-speed, mission-ready capabilities.
In coalition environments, ABAC and granular controls enable faster integration. Operations often require multiple nations to share vital data. The granular controls, enforced throughout the network, allow data sharing and access based on mission needs and national agreements.
3. Re-Engineering the Culture:
The most sophisticated security fails if the culture rejects it. Zero Trust principles must permeate the organization, fundamentally rewriting the contract between users and systems. Commanders had to view Never Trust, Always Verify as a shield, not a lack of confidence. IT teams evolved from firewall mechanics to identity orchestrators. The entire workforce had to be re-socialized to view security as a continuous, enabling function.
This cultural pivot transforms security from an administrative burden that causes friction into a mission baseline. Once the culture accepts that the perimeter is gone, users stop looking for workarounds and start leveraging the freedom that data-centric security provides.
Conclusion: The Mission is the Perimeter
In modern enterprise operations, the mission is the perimeter. Whether a NATO coalition, remote tactical team, or a headquarters enterprise, the goal is consistent: ensure the right person gets the right data at the right time—regardless of the network.
The theoretical debate is over. The gold standard is set not by those who bought the most tools, but by those who had the courage to re-engineer their entire approach to meet the reality of the digital frontline.
For more information, visit https://www.mantech.com/expertise/cyberspace-superiority/