Securing High-Risk Environments The Imperative of CDS

Enabling Mission-Critical Data in a Multi-Domain, Interoperable Battlespace

As the UK Ministry of Defence (MOD) lays out its vision in their Strategic Defence Report (SDR) 2025 [1], the emphasis is clear, data is a mission-critical asset. The SDR documents a shift from platform centric models to data-led operations, with a strong focus on interoperability, sensor-to-decision-maker, and the development of the digital targeting web.[2]

In this evolving context, Zero Trust Architecture (ZTA) and Data Centric Security (DCS) offer foundational frameworks. ZTA helps manage pervasive threats in enterprise environments by eliminating implicit trust and enforcing least-privilege access across users, devices, and services. DCS, on the other hand, prioritises securing the data itself, enabling trusted information exchange within your own environment and between mission partners.

However, while ZTA and DCS are vital to securing MOD networks and systems, they are not sufficient alone to realise the Cross Domain, coalition-centric, real-time data sharing required in the SDR 2025 vision.

The Residual Risk Landscape in Data-Centric, Zero Trust Environments

Even a fully mature ZTA and DCS deployment leaves key residual risks, especially when operating across environments with differing levels of trust.

Key Residual Risks:

  • Endpoint compromise enables attackers to inherit legitimate user privileges
    • Data exfiltration from a compromised system
      • Command-and-control persistence enable deep infiltration
        • Vulnerabilities in complex implementations present rich attack surfaces
          • Misconfiguration in policies or enforcement logic may bypass critical controls

            In a modern battlefield, these risks are amplified by the mission-critical demand for real-time data movement across networks of varying trust, whether fusing satellite imagery, battlefield telemetry, or targeting data into AI driven or machine-speed decision-making processes.

            Cross Domain Solutions – Enabling Trusted Interoperability at Mission Speed

            Cross Domain Solutions (CDS) are the essential enabler for trusted information exchange across these environments. When integrated into Zero Trust and Data Centric Security architectures, CDS acts as a guardian anywhere that differing levels of trust and boundaries exist, enforcing deterministic policies on what information may flow in and out.

            For the MOD’s sensor-to-decision-maker goals, this architecture is pivotal:

            • It reduces risk of data exfiltration and malware proliferation
              • It provides policy-enforcing control points between networks with divergent trust models
                • It allows selective sharing of mission-critical data while maintaining overall information dominance

                  Furthermore, CDS, particularly when built on Secure-by-Design Principles[3] and employing hardware enforced security controls (Hardsec), can dramatically lower attack surfaces compared to potentially complex software stacks underpinning ZTA or DCS alone. This is critical in contested domains were resiliency and predictability are paramount.

                  One of the critical advantages of modern CDS architectures is the ability to enforce security policies via Security Enforcing Functions (SEFs) implemented in hardware. Unlike complex software-based enforcement, which can be vulnerable to zero-day exploits, misconfiguration, or supply chain compromise. In a future where data flows could shape combat outcomes, SEFs can be implemented to keep the right data getting to the right systems, at the right time, and nowhere else.

                  Digital Targeting, Interoperability, and Future-Ready Defence

                  The digital targeting web outlined in SDR 2025 is a practical example of where Zero Trust Architectures, Data Centric Security and Cross Domain Solutions must converge. Targeting information, coming from disparate Intelligence, Surveillance, and Reconnaissance (ISR) platforms and coalition feeds, must be fused, analysed and acted upon with minimal latency and maximum trust. That requires:

                  • Data sovereignty controls for UK-origin data
                    • Policy-driven, cross domain orchestration for multi-national mission planning
                      • End-to-end delivery from sensor-decision-maker-to-action, without opening doors to adversarial compromise

                        Triangulating Cyber Security for a Data-Led MOD

                        To meet the ambitions of SDR 2025, the MOD must treat data as a critical asset, to be secured, distributed, and leveraged with precision. Zero Trust and Data Centric Security provide the defensive posture and data assurance. CDS provides the operational interoperability glue that keeps trusted execution across domains and partners.

                        In our opinion, only by integrating all three can you enable secure, near real-time, cross domain mission systems needed for digital advantage in 21 century warfare.

                        UK MOD’s Strategic Defence Review - https://assets.publishing.service.gov.uk/media/683d89f181deb72cce2680a5/The_Strategic_Defence_Review_2025_-_Making_Britain_Safer_-_secure_at_home__strong_abroad.pdf

                        UK MOD’s Strategic Defence Review, pg 49 - https://assets.publishing.service.gov.uk/media/683d89f181deb72cce2680a5/The_Strategic_Defence_Review_2025_-_Making_Britain_Safer_-_secure_at_home__strong_abroad.pdf

                        Secure by Design Principles - https://www.security.gov.uk/policy-and-guidance/secure-by-design/principles/ (opens a new window)

                        Dave Flanagan

                        Dave Flanagan

                        Senior Principal Solutions Architect

                        As an experienced enterprise architect Dave Flanagan has previously spent more than twenty years in the Defence & National Security sector working for and with major Systems Integrators to successfully deliver secure solutions to various national and international communities. This has and does include the delivery of interoperability and collaboration capabilities across a range of classifications, partner organisations and trust levels – what is now recognised as the evolving and expanding environment of multi-domain operations. He now brings that experience and knowledge, in collaboration with clients from any industry or vertical, to understand their particular market and business needs in the context of this evolving business need in a darkening cyber-security threat landscape.