Against the backdrop of Ukraine, growing East/West geopolitical tensions, and persistent cybersecurity attacks by nation-state threat actors, defense organizations are accelerating their efforts to harden digital infrastructure, including secure data exchange across borders and federated environments.
At its 2025 summit, for instance, NATO leaders agreed that future defense budgets must rise, and for the first time, the alliance’s spending target formally incorporates cybersecurity alongside more familiar priorities, including personnel and equipment. As a result, cyber resilience is now treated as a defined component of the broader defense investment framework.
Domestically, the U.S. military is also significantly raising its game. Announced earlier this year, the Army’s Unified Network Plan sets out a data-centric approach to modernizing networks, in an approach designed to create a secure backbone that links tactical units to command centers while embedding zero trust principles throughout. Among various other key priorities, it emphasizes resilience, interoperability with allies, and the implementation of a standardized data exchange through frameworks such as the Unified Data Reference Architecture.
The Department of the Navy’s Zero Trust Blueprint takes a similar path, laying out a phased strategy to integrate zero trust across enterprise IT and tactical systems. In particular, it mandates continuous verification of users, devices and files, and also identifies secure cross-domain transfers between classified and unclassified environments as a critical priority.
]]>
The Navy is also preparing to operate in contested environments where connectivity is unreliable, which is often referred to as denied, degraded, intermittent and limited (DDIL) scenarios. For instance, a submarine with no signal access must still operate securely, a challenge the Navy is aiming to address head-on.
The risks of reactive technologies
Despite this clear domestic and international commitment to zero trust strategies, however, an important security blind spot remains in the infrastructure of many defense organizations: file security. To explain, traditional approaches to file security were designed around perimeter control and reactive detection, technologies that remain crucial to a comprehensive approach.
A big part of the challenge, however, is that these tools, including antivirus, sandboxing and signature-based analysis, struggle to identify new or modified threats, leaving organizations particularly exposed to zero-day exploits and advanced persistent attacks. In practice, this means adversaries can exploit vulnerabilities in common formats such as PDFs, Office documents and email attachments to bypass defenses and gain a foothold inside sensitive networks.
In defense environments that require immediate and frictionless collaboration across complex domains and jurisdictions, these limitations present potentially serious risks. Specifically, files move constantly between classified and unclassified systems, between sovereign networks, and across cloud environments that host shared mission data. Once a file crosses the boundary, legacy controls cannot provide reliable security assurance, and consequently, a reliance on implicit trust or the absence of sufficient sanitization can allow hidden threats to spread laterally, with obvious consequences.
The zero trust data format
These initiatives indicate a clear direction of travel: defense organizations are moving toward architectures where data must be trusted only when verified, shared on common standards, and protected consistently across domains. The challenge lies in enforcing these principles in practice when information crosses networks, jurisdictions and classifications.
This is where Zero Trust Data Format (ZTDF) provides an essential foundation by extending zero trust to the file itself and ensuring that protection and policy travel with the data wherever it goes. It applies zero trust principles directly to individual data objects, including files, emails and structured datasets, by embedding encryption, access controls and auditability inside the data itself.
Instead of relying on the security of the network it passes through, each file carries its own protection, ensuring that policy and assurance travel with the data wherever it goes. ZTDF is also gaining traction in defense circles, having been ratified by NATO’s Combined Communications-Electronics Board as an interoperable standard for cross-border use. The underlying point is that nations need assurance that sensitive information can be shared with allies without losing control over how it is handled or exposing it to unnecessary risk.
]]>
On a broader level, these issues are indicative of a more general move towards comprehensive zero trust architectures across both public and private sectors. Civilian organizations that don’t already have adequate measures in place would be well advised to take note, particularly in light of the extremely damaging ransomware attacks that continue to make headlines.
Paul Farrington is chief product officer at Glasswall.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
