Connect with us

Hi, what are you looking for?


Network Security

US Air Force Adopts Zero Trust to Secure Flightline Operations

Air Force Flightliine

Air Force Flightliine

Zero trust is an important part of business transformation. As the information infrastructure expands with new technologies and locations, zero trust allows organizations to focus on protecting the data, regardless of where it is sourced or how it is used.

Now the U.S. Air Force has adopted zero trust to improve and protect its flightline. 

The flightline, strictly speaking, is the aircraft’s maintenance area; either an area of runway or a hanger. It effectively includes any part of the airfield where an aircraft is being prepared for flight. However, data from each aircraft in the flightline must be returned to a central repository for analysis and to ensure that enough parts are available to guarantee – quite literally – the uptime of each machine.

Typically, in the past, data from the aircraft would be transferred to a portable drive and literally walked to applications in the hanger, or further afield to the central repository. The flightline consequently would comprise the aircraft in its maintenance position, a maintenance engineer with a portable drive, and the central server. This is what is being updated to zero trust.

The primary driver for the move to zero trust is the digitization of workflows. This allows processes that had previously been done on paper to be done digitally – but requires a new level of digital protection to protect the data and the workflows. 

“You could describe the adoption of a zero-trust model as part of the digitization of aircraft maintenance,” said Duncan Greatwood, CEO of Xage. “The key parts,” he continued, “are firstly the movement of data – often by the physical carriage of a portable drive.”

This is neither efficient nor ultimately very secure. An important aspect of the new process is consequently the secure transfer of data into and out of the aircraft using the Xage zero trust fabric, ensuring both the confidentiality and integrity of that data.

Advertisement. Scroll to continue reading.

Maintenance workflows can also be digitalized. “Historically,” said Greatwood, this tended to be done on paper checklists and clipboards, with smartphone photos of parts of the aircraft texted to the managers.

“What we’re doing is Integrating with the Air Force to allow a digitized app to replace the paper with an online list of what needs to be done in the workflow, while allowing comments and photos to be added as the work is done.” The results can then be collected and transferred with zero trust to the central computers.

While improving the ‘business’ functions of the flightline may have been the primary driver for the implementation of a zero trust-based network solution, Greatwood believes that security is also improved. “A portable drive can be lost or stolen or hacked,” he said. (Consider how Stuxnet is thought to have been introduced to Natanz in 2010.) The elimination of any need to walk data between locations is a vast improvement in security. 

The ‘insider threat’ must also be considered. It is a serious threat, even in military environments that employ more detailed screening. A key principle of zero trust is the least amount of trust for the least period of time. This ensures that even if an insider turns bad – either for ideological or financial reasons or merely accidentally – the amount of harm that can be done is minimized.

The new zero trust model is being implemented first at Dover Air Force Base in Delaware

Xage Security was founded in 2017 by Roman Arutyunov (VP Products) and Susanto Irwan (VP Engineering) with headquarters in Palo Alto, California. Duncan Greatwood is the CEO. Xage raised $16 million in Series A funding during 2018.

Related: New Blockchain Solution for IIoT Aims to Solve Scaling Problem

Related: NSA Publishes Guidance on Adoption of Zero Trust Security

Related: Microsoft Launches Free Zero Trust Assessment Tool

Related: Zero Trust or Bust?

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Network Security

Our networks have become atomized which, for starters, means they’re highly dispersed. Not just in terms of the infrastructure – legacy, on-premises, hybrid, multi-cloud,...