For decades, the digital networks protecting our nation operated like a walled fortress: Once inside, you were trusted. However, in an era of sophisticated hackers, that perimeter is no longer assured.
The real-time systems found in defensive hardware cannot simply adopt modern cybersecurity practices meant for general IT. Carnegie Mellon University’s Software Engineering Institute is taking the first step to modernizing the security of our national defense.
The performance problem
The National Defense Authorization Act mandates "zero trust" cybersecurity practices, which assume that every digital interaction could be a threat and that no user, device or application should be trusted by default. While this "verify everyone, every time" standard works in office settings, it creates risks when implemented on high-stakes hardware like aircraft or emergency response systems. In these cases, even the slightest drop in speed or reliability could be the difference between a successful mission and a catastrophic failure.
"Enterprise IT and weapons systems are very different environments, and they entail different risks and trade-offs," said Chris Alberts , a SEI principal engineer and senior cybersecurity analyst.
In late 2024, the U.S. Air Force Cyber Resiliency Office for Weapon Systems asked the SEI to figure out how to adapt these standards for high-performance, high-stakes environments.
"Our study looked at how the Air Force can start thinking about which risks and trade-offs are most important when applying zero trust to aircraft and other weapon systems," Alberts said.
The need for speed and reliability
SEI researchers analyzed how zero trust principles, such as "least privilege" (giving users only the bare minimum access needed) and "presume breach" (proactively defending from the inside) present special considerations for their application in defense settings.
Their report provides a set of considerations for engineers navigating tradeoffs.
For example, some zero trust actions, like authentication and encryption, can slow down a system’s response time. "If you have very precise timing requirements related to mission objectives, then you could have system performance issues that could ultimately degrade or lead to mission failure," Alberts said.
Engineers must also account for different operational environments. Cybersecurity controls that protect a plane while it’s parked for maintenance might be too slow or restrictive when the plane is flying a high-speed rescue mission.
Alberts believes the SEI’s principles-to-tradeoff mapping could evolve into a framework for applying zero trust practices in real-time defense environments.
"We would like to develop a risk framework and methodology that helps engineers balance the security capabilities provided by zero trust with other important attributes of a weapon system, such as performance, interoperability and safety," Alberts said. "Ultimately, the goal is to help ensure that weapon systems achieve mission success in a safe and secure manner."
Work That Matters
Researchers at CMU are working on real world solutions to the biggest challenges.
Read more about the latest discoveries.
