The Pentagon’s Zero Trust Architecture (ZTA) strategy calls for data security and management cybersecurity practices that ensure only authorized users are gaining access to sensitive information, while maintaining ready access to data for those who need it.
Balancing those principles is tricky, as data must be protected from manipulation or theft, but overly strict security controls run the risk of making data inaccessible in a timely manner. Originally published in 2022, the strategy establishes a roadmap for compliance by fiscal year 2027.
BAE Systems’ Velhawk solution aims to provide users with the necessary capabilities to meet the ZTA strategic and objective goals. Velhawk is divided into four service areas that line up with the seven pillars of the ZTA (User, Device, Network & Environment, Application & Workload, Data, Automation & Orchestration, and Visibility & Analytics). We spoke about Velhawk and the ZTA strategy with Cynthia Mendoza, chief engineer for IT/Cyber, BAE Systems.
Breaking Defense: How does Velhawk address all of the 152 Zero Trust activities, plus the 91 target level goals mandated by the Pentagon’s CIO office?
Mendoza: Velhawk has four major service areas that we call ‘Wings of the Watch’, and they align to the seven pillars of Zero Trust. There are 14 tenants that we bring into play, and we address all the controls that promise cyber superiority and improvement of the safeguarding posture by 2027. I want to foot-stomp that promise because it’s not just a process, it is a mandate. It’s a covenant that provides actionable results ensuring that we are protecting the people, the resources, and the data, that the right people have access to the right data at the right time to make critically informed decisions.
It’s a scalable and flexible approach that secures the risk management framework envisioned by the DoD CIO. We’re ensuring that we’re aligned to the five-phased life cycle that builds deep security upfront and early, from design to implementation that flows into and protects the operational environment, while performing the proper monitoring that must be done to stay ahead of the game with cybersecurity.
What is the Zero Trust threat scenario today? How has it evolved as opposed to a couple years ago?
The threat landscape is constantly changing. Bad actors and threats are a global phenomenon that can be realized from any dark corner as they seek the most vulnerable portals of our enterprise. Continuous development activities associated with new complex systems introduces vulnerabilities in how IT environments are secured and those vulnerabilities create opportunities for threat actors to take advantage.
Our pledge is one of continuous assessment of the threat mindset. A continuous approach that provides optimized tool use and alignment. We’re incorporating AI across the digital operating landscape from tactical AI assisted threat response to strategic AI-enabled ZT policy management. We promise an aggressive AI-enabled secure hybrid environment. At the same time we are looking to minimize the consumer costs by moving to a fully enabled continuous Authority to Operate (ATO) capability applying formal methods analysis to augment the Risk Management Framework (RMF). Such efforts minimize and eliminate resources that would be spent on old and antiquated hardware and software while enabling a reduced staffing footprint.
That means moving into an AI-driven hybrid environment, accessed through the Velhawk service model, that provides a multifaceted secure baseline across multiple domains.
Who are the customers for Velhawk?
We’re applying it towards our core customers, which are the Pentagon and the intelligence community as well as state and local governments. These are customers that care about cyber resiliency and are the ones that need to align to the Zero Trust mandates. They need AI-enabled actionable cybersecurity services that can be applied across their enterprise.
We also work with commercial customers. They also need to improve their safeguarding posture. We know that the medical industry and the financial industry have made huge leaps in this area. We work with them to leverage best practices and lessons learned and to accelerate application of this capability.
Tell us about the pillars of Velhawk, known as Blackfeather, Blazewing, Ironfalcon and Grimtalon.
Blackfeather is what we call our data mastery, and we’re building towards an analytic platform as a service. We focus on all aspects of data mastery, and now we have data lake housing coming into the mix. We need to ensure that we’re following proper data governance and standards for interoperability, as well as using AI-assisted data for security analytics.
This full, turnkey solution provides complete observability of our system environment, and we’re able to do that from a portfolio operating model. It builds on security information and event management (SIEM) solutions and optimizes data analytics platforms for efficiency and data security.
Blazewing is our incident response, and we’re building incident response as a service. It incorporates rapid response to threats through automation. This is where we’re using automation, autonomy, and AI-sleuthing.
It also includes digital forensics as a solution. Once we get the data, we’re able to dig into it deeper. How do we understand what’s happening? Who are the threat actors that are targeting our system, as well as their TTPs? That’s part of the Blazewing effort. This aids in the investigation and allows us to be responsive against threat actors.
Ironfalcon focuses on security operations as a service. Looking at governance and risk management, it provides optimization and automation to our governance and risk compliance approach. This is where AI assessment of formal methods analysis is used to augment the RMF.
We also perform automated patch response with AI, and DevSecOps practices, where security is introduced upfront and early – that way we can bake in security into our processes and identify any vulnerabilities.
The last pillar is Grimtalon. This service investigates threat intelligence and offensive cyber, focusing on an AI-driven proactive approach to security. It includes utilizing in-house threat intelligence platforms that are fed from several reporting authorities, as well as data constructed from our internal security research.
These services provide an offensive cyber approach with the proper measures and countermeasures and AI-generated predictive analysis, so we understand ahead of time the environment’s threat landscape.
How does AI and automation make Velhawk possible?
It enables Velhawk to be more efficient, effective, and productive. Once we dig into an environment, we establish a baseline and immediately see what can be automated. That way we can free up analysts or users that can provide a knowledge baseline and activity model for AI-enabled analysis and user activity monitoring.
User activity monitoring is about establishing a user profile. It’s similar to credit worthiness. For example, when you want to get a credit card, your credit profile is measured to make sure that you pay your bills. As a user of an enterprise IT ecosystem, you similarly establish a credibility baseline as a user.
When using automation, continuous monitoring, and user activity monitoring, we can understand behaviors that are different. The system can throw a flag and target events that mandate further investigation. A simple AI-query method could be useful such as “Did this person work late today outside their 5 p.m. window? Why were they accessing resources that they don’t usually access to do their job?” or “Why are they showing up at a different facility without coordination?”
What is the overall takeaway from what Velhawk offers?
Velhawk is a practical blueprint to meet the Zero Trust 2027 mandate with interoperability by design. It’s not just another tool list. We have the four Wings of the Watch where we can protect the data, build secure change, grasp and respond with AI-enabled speed of analysis, and stay threat-informed ahead of the game.
Our Velhawk mission is to ensure that the right people have access to the right information to make critical and necessary informed decisions while improving the safeguarding posture of their ecosystem. We bring people, process, and technology together to deliver smarter operations, faster results with real savings without compromising security or enterprise integrity.