Zero Trust becomes the foundation of cyber security

The line between cyber and physical threats in today's digital battlespace continues to blur, and the consequences of a data breach can be catastrophic. Whether protecting avionics aboard a fighter jet or safeguarding mission data in a satellite ground station, trusted computing has become a fundamental requirement for military and aerospace systems. It’s no longer enough to assume that networks, users, or even devices can be trusted.

To address this changing threat landscape, the U.S. Department of Defense (DOD) has adopted a Zero Trust Architecture, outlining a multi-year plan to strengthen military networks against increasingly advanced cyber threats. The DOD Zero Trust Strategy, issued in late 2022, requires implementation of Zero Trust across all components by 2027. This involves continuous verification of every access attempts -- whether internal or external -- as well as data segmentation, encrypted communications, and ongoing monitoring of system integrity.

"Zero Trust is a major effort that is rippling through mil/aero embedded systems," says Justin Moll, Vice President of Sales and Marketing at Pixus Technologies in Waterloo, Ontario. "In short, there is a DOD mandate of 'never trust, always verify,' but there are different tiers that a system will need to comply with. For a chassis vendor, a key element is the chassis manager. In SOSA aligned and some other OpenVPX-based systems, the chassis manager is a major control point because it and the PCS on each card are the first processors running in the system.

"There are ways we can leverage the flexibility of the chassis manager without exposing it to external threats," Moll continues. "This includes removing accessibility to less secure ports such as Serial and JTAG. It may make sense to utilize something like Ethernet as the key access point where you can have longer message size limit and can layer in security. We'll see what direction is employed via VITA/SOSA committee efforts."

For defense contractors and technology suppliers, this shift means more than just meeting compliance; it’s a call to rethink how trust is embedded into hardware and software from the ground-up. That includes everything from secure boot processes and hardware root of trust to real-time system authentication, supply chain integrity, and resilient architectures designed to withstand ongoing threats.

In conversations with defense electronics experts, one thing is clear: in the age of Zero Trust, experts must engineer, trust, and never assume the trust they have in computers and data networks.

Cyber threats

While Zero Trust is transforming how systems authenticate and communicate at the architectural level, the broader threat landscape continues to evolve. Nation-state actors and their affiliates are investing heavily in asymmetric cyber capabilities, targeting vulnerabilities in legacy infrastructure and next-generation platforms. These attacks increasingly are aimed at embedded computing, where the consequences of compromise can be severe and long-lasting.

"The biggest trend I see is the ever-increasing cyber-attacks from state-sponsored actors and their proxies that aim to disable and weaken our infrastructure and our military," says Rich Jaenicke, director of marketing at Green Hills Software in Santa Barbara, Calif. "Those attacks are carefully designed to cause significant damage without crossing some threshold that would escalate into physical conflict, and those thresholds are being stretched by increasing stealthiness and uncertainty in attribution. Although patching known vulnerabilities can reduce the impact of these attacks, a more comprehensive solution is to make security a priority in the design of embedded systems and upgrade infrastructure with these more secure systems."

As the threat landscape expands and Zero Trust principles take hold, hardware safeguards and data-centric protections are becoming critical. Chris Ciufo, chief technology officer at General Micro Systems in Rancho Cucamonga, Calif., points to three emerging priorities that defense integrators can no longer afford to overlook: The need for cross-domain solutions and NSA Type 1 encryption; the need to protect and encrypt data and then be able to erase the data at risk; and whole-system zeroization.

These capabilities are especially important in forward-deployed or contested environments, where sensitive data must remain secure even in the event of system compromise or physical capture.

"It's one thing to have encrypted data," Ciufo says. "It's another thing to be able to erase that data on one side or another, or erase the entire system because some of that data will reside in FIFOs [first in, first out data structure], some will reside in management information bases for networking, such as in network controllers, where they're using some of that data to make decisions. The ability to zeroize the entire system is critical to cyber security today."

The influence of AI

As trusted computing develops, artificial intelligence (AI) and machine learning increasingly are shaping how military systems detect, respond to, and even predict cyber threats. Just as these technologies are revolutionizing sensor fusion, autonomy, and mission planning, they are also transforming the cyber domain. Experts say that AI and machine learning can help shift cyber security from reactive patching to proactive defense by continuously analyzing system behavior, spotting anomalies, and responding to potential intrusions in real time.

However, leveraging AI for cyber defense presents its own challenges. Training models to distinguish between normal and malicious behavior in highly complex, mission-critical environments requires vast amounts of data and careful tuning. There are also risks that adversaries could exploit AI systems through poisoning attacks or adversarial inputs. Still, defense technologists argue that when properly implemented, AI-enabled cyber security tools offer a level of speed and adaptability that traditional approaches can’t match -- especially in contested environments where decisions must be made in milliseconds and bandwidth may be limited.

"The challenge lies in designing AI systems that are robust, explainable, secure and resilient enough for the uniquely high stakes of national defense," says Ciufo at GMS.

Ciufo explains that myriad positives and negatives come along with the wider adoption of AI and machine learning technologies in friendly and adversarial systems. The CTO and president says that AI and machine learning provides robust threat detection and rapid response along with automation of security operations.

"Beyond the basics of practicing 'safe systems,' humans continue to evolve their hacks at attack surface vulnerabilities," Ciufo says. "A human that is looking to 'harden' their system often makes certain assumptions about how or what an attacker may attempt. AI doesn’t get bored nor enter a discussion with any pre-conceived notions. Each engagement is brand new, so AI can take a fresh look at anticipating vulnerabilities as well as how to eliminate them."

He continues, "AI is streamlining Security Operations Centers by automating tasks such as incident triage, log analysis and threat intelligence correlation. This type of automation allows human analysts to focus on more complex decisions."

Modern problems

While AI and machine learning offer advantages in detecting threats and securing embedded systems, experts caution that adversaries are rapidly adopting these same tools. Nation-state actors and advanced persistent threat groups are now leveraging AI to accelerate vulnerability discovery, craft highly targeted attacks, and evade traditional detection methods.

"AI and machine learning technologies excel at pattern recognition, so they can learn the normal behavior of a system and flag deviations," says Jaenicke at GHS. "Such anomaly detection is potent against zero-day attacks and malware detection. Of course, attackers can use AI and machine learning as well. Attackers can train their own machine learning models to generate payloads that look normal to AI-based anomaly detectors. Other AI/machine learning tools can scan firmware, binaries, or communication protocols to identify exploitable vulnerabilities. machine learning improves upon random fuzz testing by learning which inputs are more likely to cause crashes or reveal bugs, such as rapidly discovering buffer overflows or logic flaws. With such an accelerating AI arms race, it is more important than ever that systems are secure by design, not just by policy or security add-ins."

As defenders and attackers grow more sophisticated in their use of machine learning, trusted computing in military and aerospace environments must evolve to ensure resilience is built into systems at every level -- from hardware and firmware to runtime protections and secure system updates.

"AI exacerbates the exposure risk in the system. If there is a weakness for security, AI can be used to exploit it," says Pixus' Moll.

General Micro Systems's Ciufo also highlights several risks that come with integrating artificial intelligence into military and aerospace cyber security frameworks. One growing concern is the threat of adversarial AI. Defense systems that rely on machine learning are susceptible to subtle input manipulations that can deceive models, potentially causing misclassification in imagery analysis or spoofing sensor data. While AI is designed to adapt, current models often lack the complexity to be truly unpredictable, which can create exploitable patterns.

"Despite AI’s adaptability, many large language models are still relatively small, which means their outcomes can be too predictable," Ciufo says. "And if an adversary can anticipate those outcomes, the system becomes inherently vulnerable."

Another critical issue is data poisoning and model corruption. Attackers can intentionally insert compromised data during the training of an AI model, skewing its behavior or embedding hidden backdoors. This type of manipulation can compromise the integrity of systems designed to make autonomous decisions in the field.

Ciufo also points to the growing problem of over-reliance on opaque machine-learning models. Many of these systems operate as "black boxes," where decisions can’t easily be traced or justified. In mission-critical scenarios where human oversight and accountability are essential, that lack of explainability becomes a liability.

Beyond that, adversaries are already using AI to enhance their own cyber capabilities, streamlining reconnaissance, automating exploit development, and identifying vulnerabilities faster than conventional methods. Finally, the use of third-party datasets and platforms in training military AI models can introduce hidden weaknesses into the supply chain, posing long-term risks to system security.

Modern solutions

To meet evolving security demands in defense computing, companies are adapting their products with Zero Trust and trusted computing principles in mind. At Pixus Technologies, that effort is reflected in the development of the SHM300 Tier 3 SOSA-aligned chassis manager, which incorporates several key architectural decisions aimed at hardening embedded system security.

Working alongside software and firmware partner Crossfield Technology, Pixus selected Microchip’s PolarFire FPGA for the SHM300, citing its enhanced encryption and networking capabilities as essential for modern security requirements. "We made some key decisions early-on to prepare for security measures for our SHM300 Tier 3 SOSA aligned chassis manager," says Justin Moll, Vice President of Sales and Marketing at Pixus Technologies. The company also opted for a full-feature Linux operating system, rather than a scaled-down version, in order to support a complete TCP/IP networking stack -- enabling more robust communications and security protocols.

The SHM300 leverages a mezzanine-based design and utilizes a RESTful interface to implement and manage security features. To further reduce risk, Pixus has recently added a fiber Ethernet option, which helps deter electronic eavesdropping and physical snooping, particularly in environments where wired connections may be exposed.

At General Micro Systems, Ciufo says that the emphasis remains squarely on hardware-based security, which the company considers the gold standard for protecting sensitive military systems. While software-based protections are useful and often necessary, GMS customers consistently favor physical safeguards implemented at the hardware level.

"Given the choice between hardware-based security at the bare metal versus software security, customers choose hardware all day, every day," says Ciufo.

That preference drives demand for real, tactile controls rather than software-based interfaces -- hardwired buttons instead of digital prompts, and direct security logic instead of watchdog timers that may be bypassed or delayed.

To meet these requirements, GMS integrates several layers of physical security features across its systems. Many platforms include a dedicated "Zero" button that triggers a secure zeroization process. A single press erases the drives, and a second press wipes the BIOS, effectively rendering the system inoperable. Anti-tamper switches and sensors detect unauthorized access to the chassis and initiate the same zeroization protocol. The company’s Enhanced SecureDNA suite adds further protections, including daisy-chained "Intruder" cables. If disconnected during an attempt to extract hardware modules from a vehicle or system, these cables trigger a complete hardware lockout -- bricking the device and preventing data exfiltration or reverse engineering.

"Hardware-based security can complement software-based security," says Jaenicke from Green Hills Software. "For example, a data diode, which provides one-way data transfer, is best implemented in hardware using optical isolation techniques to ensure there is no return data path. On the other hand, a data guard, which performs content inspection and filtering, is best implemented in software. The software data guard can more easily adapt to new types of malware and unauthorized data transfers. Using a hardware data diode and a software data guard together provides the highest level of protection against data leaks."

Jaenicke says that data diodes and data guards are two components of a cross-domain solution (CDS), which provides the ability to access or transfer information between different security domains. "Many CDSs live in data centers, but a tactical CDS can be used in deployed weapon systems," Jaenicke informs. "An example of a high-end, tactical CDS is the one used in the US Navy’s Tactical Combat Training System Increment II (TCTS II) from Collins Aerospace. TCTS II is a real-time operational air combat training system that blends live, virtual, and constructive training elements. TCTS II fields the first certified multi-level security (MLS) training equipment in airborne and ground equipment to protect the tactics, techniques, and procedures being used.

He continues, "TCTS II also provides interoperability for joint and coalition training with fourth and fifth-generation platforms while aligning with industry software standards such as the FACE Technical Standard and Software Communications Architecture (SCA). Collins Aerospace uses the INTEGRITY-178 tuMP RTOS as the foundation of their tactical CDS in TCTS II, and that CDS is certified to NSA’s 'Raise the Bar' security standard."