Digital Infrastructure Modernization to Lay Foundation for Zero Trust, AI Artwork

The Elara Edge

The Elara Edge is a thought leadership forum of military and industry experts providing commentary and analysis on the latest news developments in national security - with an emphasis in space and aerospace applications.

All Episodes

The Elara Edge

Digital Infrastructure Modernization to Lay Foundation for Zero Trust, AI

March 02, 2026 • Elara Nova • Season 1 • Episode 36

0:00 | 33:11

The Department of War (DOW) kick-started the year with a series of steps to enhance the resiliency and reliability of the digital infrastructure underpinning military operations. In early January, the United States Space Force announced it will be overhauling computer networks at all 14 of its bases under the Base Infrastructure Modernization program. Then the National Security Agency released the first two products of its Zero Trust Implementation Guidelines, while the DOW launched its Artificial Intelligence Acceleration Strategy. Altogether, these actions demonstrate the growing imperative to prepare the DOW’s digital infrastructure to take advantage of emerging technologies and counter evolving threats.

In this month's episode of "The Elara Edge," General (Ret) Tim Haugh explains how the ongoing digital infrastructure modernization at the Department of War will lay the foundation for zero trust and artificial intelligence implementation. Prior to joining Elara Nova as a Senior Principal Advisor, Gen (Ret) Haugh served as the Commander of U.S. Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service.

"The Elara Edge" is hosted by Scott King and produced by Regia Multimedia Services. The full story can be found on Elara Nova's Insights page here. Music was produced by Patrick Watkins of PW Audio.

Host: Scott King

SME: General (Ret) Tim Haugh, Senior Principal Advisor at Elara Nova, former Commander at U.S. Cyber Command and Director of the National Security Agency

00:02 - 01:34

When we think of the word “infrastructure,” things like roads, bridges, and the power grid often come to mind. But there’s also “digital infrastructure,” which the National Institute of Standards and Technology defines as ”the ability to store and exchange data through a centralized communication system.”

The Department of War kick-started the year with a series of steps to enhance the resiliency and reliability of its digital infrastructure that underpins military operations. In early January, the United States Space Force announced it will be overhauling computer networks at each one of its bases, according to a $12.5 billion task order through the Base Infrastructure Modernization program.

Also in January, the National Security Agency released the first two products of its Zero Trust Implementation Guideline, while the DOW launched its Artificial Intelligence Acceleration Strategy. Altogether, these actions demonstrate the growing imperative to prepare the military’s digital infrastructure to take advantage of emerging technologies and counter evolving threats.

Welcome to “The Elara Edge” here to discuss the modernization of the Department’s digital infrastructure is retired General Tim Haugh, Senior Principal Advisor at Elara Nova. With over three decades of military service with the United States Air Force, General Haugh previously served as the Commander of United States Cyber Command, Director of the National Security Agency, and Chief of the Central Security Service.

Sir, welcome to the show!

01:35 - 01:36

I'm excited to be here. Scott. Thanks for having me.

01:37 - 02:03

We're excited to have you and looking forward to the conversation today. Let's begin with a look at the role of digital infrastructure in modern day military operations. Perhaps one of the best ways to understand this is by taking a look at the relationship between the space and cyber domains.

From your perspective: how do the space and cyberspace domains interact when it comes to military operations? And how did this relationship factor into the early days of standing up the United States Space Force?

02:04 - 03:48

Yeah absolutely, Scott. They are inextricably linked. When we think about what it looks like to warfight space, the foundation of that is also what's happening terrestrially on the ground: how we control satellites, how we leverage technologies in space to sense, to communicate, and to fight. All of those are tied to how we operate within cyberspace, both to leverage those capabilities on space, to be able to control them, but also to ensure that they're secure. And foundationally, when we think about what space does as part of our warfighting doctrine across all domains, having security in cyberspace is absolutely essential.

At the time, I was the 16th Air Force Commander and in support of Space Force leadership, as they stood up the service. And one of those decisions was how will the Air Force provide support to the Space Force in terms of the Air Force network and then being able to support space operations?

And as the choices were being made, one of the most critical were what were the sets of expertise that the Space Force would need? And one of those choices in terms of the career fields that were identified as essential to the future of the Space Force is cyber and clearly building out expertise was critical and that will only become increasingly important.

As we've seen in the recent conflicts that have occurred, particularly within Ukraine, the contest for the ability to have assured command and control, through both terrestrial and through space - absolutely essential - and that really drives towards what infrastructure that then needs to be built, sustained, operated and defended to have assured operations in both space and cyberspace.

03:49 - 04:01

The Space Force task order to modernize its digital infrastructure follows a similar task order to do the same for Air Force bases across the Pacific.

Can you describe what the Space Force and Air Force are looking to do here?

04:02 - 07:02

In this case, and what the Space Force wants to modernize in their digital backbone is all of the infrastructure that allows every Guardian to be able to interconnect, whether that's to the Internet, whether it's the services that are available inside of the Department of War networks or the ability to connect and operate through the domain, through both unclassified and classified networks, and then making sure that infrastructure is well positioned to be able to provide the right capabilities to the Space Force and every Guardian - in terms of routers and switches that interconnect networks and interconnect bases to the broader network - is an investment that's clearly being made through the Base Infrastructure Modernization program.

It is also the computing infrastructure that every Guardian and Airman leverage every day when they come to work. It's also the infrastructure that runs our hospitals and runs space operations and runs air operations on a flight line.

So all of those require the ability to have relevant technology to be able to drive not only the capabilities that are required to fight and win, but also provide a user an experience that allows them to come to work, log on, get to work and be successful and that requires investment.

And the investment and the priority to be able to ensure that infrastructure is in place is also going to be the foundation for how capabilities like artificial intelligence will be integrated and the compute power that is required at the network edge to be able to operate and do that, particularly as we think about contested environments.

At first, it needs to provide the foundation to be able to meet the mission needs of the Space Force and the Air Force for the contract in the Pacific. So it has to be sized, it's got to be capable enough and then the support to be able to operate and ensure the maintenance of all of those systems - uptime and resilience to be able to make sure those missions run - has to be one of the first priorities.

The second component is ensure the architecture is defendable and is in compliance with the direction that the Department of War is taking in terms of the policies of how we modernize networks, how we secure them, and ultimately how we build them using a zero trust-based approach, because the adversaries are relentless in cyberspace.

What that looks like today, whether that's China, Russia, North Korea, Iran all bring different subsets of capability. But particularly China is focused on being able to take away strategic capability from the United States and having resilient infrastructure is the foundation to ensure that can't happen.

And I think the approach, as we talk through today of that mixture of improving the underlying base infrastructure, building out in zero trust principles and setting a foundation for the integration of AI, it really does start with the foundational infrastructure that is secure and defended.

07:03 - 07:20

We’ve heard General Stephen Whiting, the Commander of US Space Command, previously refer to cybersecurity as the “soft underbelly” of military operations.

What do you think makes cybersecurity and digital infrastructure particularly vulnerable to either state-backed or adversarial attacks?

07:21 - 08:40

There are a number of factors, that particularly within military services that have brought vulnerability. One of those is lack of investment. So at key times, if we don't upgrade these capabilities, you can fall into a situation where the vendor no longer supports them and that technology debt brings risk. It also brings less functionality. So these investments are critical.

The other is how do we integrate weapon systems into these architectures and ensuring that there is coherence in how the services think about the interaction with the defense industrial base and set a clear set of standards on what is expected as we build and field new capabilities and ensure that they can immediately integrate into an architecture that doesn't create seams.

And then finally, we've got to be able to build this in a way that can adapt to the threat environment and in how we secure things like the identity of every individual and every agenetic AI capability that we intend to deploy. We've got to be prepared for a changing architecture in demand signal based off of the emergence of these technologies and ensure that they can be integrated in a coherent way that maximizes the opportunity and doesn't bring additional risk.

08:41 - 08:46

I'd like to emphasize that idea of risk. What would an attack on the digital infrastructure of military bases look like?

08:47 - 11:50

Yeah, I think at that point, first and foremost is we have to be able to have situational awareness in both our space and our cyber domain in a way that's commensurate with what we've learned in air, ground and the maritime. That is the first thing a commander needs. They have to have situational awareness so they can make good decisions about risk.

The second component in this discussion is around resilience because we're certainly going to be targeted in an area of tension and in crisis. We've got to be resilient and expect that there are going to be very aggressive attempts to compromise our networks and compromise our partners, both in industry and our foreign partners and Allies.

The approach that China has taken to targeting the critical infrastructure of the United States is a really good example of the types of things we would see targeted on military bases: things like water treatment, energy generation, critical functions inside of telecommunications or networks.

They have shown that if there are vulnerabilities that they will continue to attempt to enumerate those vulnerabilities and take advantage of them if they exist. And then once in a network, they will look to compromise the identity of key system administrators that have privileged accounts that allow them to move laterally and ensure that they would be able to have deep access if we ever are in a crisis.

We've seen that in our critical infrastructure. It's been well articulated in various reports done by the intelligence community and by Homeland Security and those are things that we understand that methodology and how to defend it.

One of the key things that they would attempt to exploit are vulnerable aging systems and so upgrading those is critically important. And then the ability to implement zero trust would be the area that would defeat or make more difficult the ability to take on different identities within organizations and networks. So we will see adversaries looking at every one of these networks. They're going to be looking for vulnerabilities now enabled increasingly by artificial intelligence and they will take advantage of them if they see them. And that is the environment we live in every day would only be accelerated in a crisis.

We've learned a lot of lessons in our support to Ukraine about what does resilience look in a modern warfare environment. And we have to know that we can scale, because certainly all of the domains rely on space to be able to deliver situational awareness, communications, particularly in extended range environments and so we need to ensure that the ground segment, the terrestrial component, the cyber elements of spacecraft are secure and resilient because they will certainly be aggressively targeted.

And I think these types of initiatives that we're seeing, in terms of foundational investment and direction on AI and zero trust are going to be things that are going to be really important to implement aggressively to buy down that risk.

11:51 - 12:06

Now, the task order was designed as a quote “Enterprise IT as a Service” solution to be delivered through an Indefinite Delivery-Indefinite Quantity or IDIQ contract.

What exactly does this mean and why is that important?

12:07 - 13:47

The idea behind enterprise IT as a service is being able to leverage the strengths of the industry to bring current technology and resources to be able to build and maintain networks. In essence, be able to say, take an area that previously would have been maintained by an Airman or Guardian, bring in expertise from industry, and allow them to both operate and sustain that base infrastructure to allow Guardians and Airmen to be focused on other types of operations that are critical to our warfighting missions.

And this is a further expansion of what the Air Force has done at a number of bases. Now building it out at each of the Space Force bases, and also bases across the Pacific for the Air Force. This is an extension of that approach. It’s giving them flexibility in terms of the number of potential vendors they could leverage that they've already identified as qualified to do the work against a pretty high ceiling of $12.5 billion.

So it's a commitment to building out the infrastructure, putting the resources behind it, and then having a bench of vendors that are qualified to do the work to ensure that as the Air Force and the Space Force expand this approach, that they've got the right expertise. The opportunity within the contracts is to also clearly state what the cybersecurity standards are and what's expected of the day-to-day of how the network should be configured, how it should be defended, and then also what happens when an incident occurs.

And I think the build out of this model based off of the previous work, should allow for a deep understanding of how to do that. Now it's going to be about scaling, underneath this particular contracting approach.

13:48 - 14:06

At the same time this modernization effort is underway, the National Security Agency, released the first two products of its Zero Trust Implementation Guideline.

At a basic level, can you define for our audience what zero trust means and then walk us through these two initial implementation products: Primer and Discovery phase?

14:07 - 16:51

Zero Trust is an approach to security that does take time to implement and is complex. Previously, when we thought about defense of a network, we thought about the perimeter, the network edge. What zero trust brings is an assumption that that perimeter is going to be breached.

And how do you defend your network, your data and your users in an environment where you give least privileged access - only giving access to data, applications, tools, infrastructure for the things that an individual is authorized to do and only for the period of time when it's authorized. This approach, when implemented, gives an opportunity to make sure that not only are you secure at the network edge, but you can be secure internally against very aggressive threats. And if one member of your team is compromised, you don't lose the security of the entire network.

And what NSA has done in terms of implementation guidance is to break that down into five parts for services and commands to implement zero trust.

In the first release is a Primer - helping organizations understand what all goes into organizing as a zero trust architecture, and which modules make most sense for those organizations to begin with and lay out how to implement and mature those areas to be able to meet what the expectation is from the Department of War.

The second component, which is part of the first phase of implementation, is what NSA has identified as discovery - create visibility and understand the data, applications and the assets that are within your architecture, and then begin to set policies that implement authority guidance for every function in the network. It really does set a baseline for how zero trust can be implemented, and then sets the conditions for the phases that follow to meet the Department of War expectations.

As the implementation guidance is put out as the DOW CIO continues to clarify exactly what expectations are, there are opportunities for individual programs and vendors to be lead turning these and thinking about ensuring that they put the baselines in place that will allow for implementation and integration of capabilities, platforms, technologies, applications into these networks using a zero trust approach.

And that's going to require continued discussion between industry and government. But clearly setting the roadmap for where zero trust goes. There's an opportunity for industry to follow.

16:52 - 16:55

And what will zero trust ultimately look like in a military operation?

16:56 - 17:51

Well, what we’d see in an effective zero trust operation? As an example, if a vendor is going to provide an update to a capability that's on a base - today, that in different programs and different bases, they might have different authorities.

Under zero trust their authorities would be very narrow and would only be authorized during the window of time that they are upgrading that system or doing some form of maintenance function. Very similar to how in if you're maintaining a system on the flight line, you're going to tag in and tag out. You're only going to be operating on that aircraft in certain windows when you're authorized. Zero trust provides the same type of approach that you only have authority to manipulate that system in windows of time and within your span of authority. That reduces risk to the overall architecture, but still allows that system to be updated and maintained.

17:52 - 18:08

This brings us to the third element of our conversation, and that is the Department of War’s recently released Artificial Intelligence Acceleration Strategy.

Certainly AI become a major talking point in national security circles in recent years, but generally speaking, how does AI factor into this conversation about digital infrastructure?

18:09 - 21:39

I think it's really at the forefront. The Department's strategy to accelerate implementation of artificial intelligence requires capable infrastructure that is secure and needs to continue to grow the compute capacity that fuels the implementation of artificial intelligence.

The idea behind what artificial intelligence can do, the running of algorithms, the use of agents, the autonomous use of capabilities, all of that needs computer power to operate.

And depending on the scope and scale, the amount of data and the expanse of simultaneous things that you're going to ask those agents and capabilities and algorithms to do requires an increasing number of computing power. And you can get that computing power through a couple of different ways. One can be on-premise, computational power that are investments in servers and data centers that allow for control of that.

The other can come through any of the number of cloud providers that are a part of the architecture and how you choose to organize that really becomes important in terms of what's available to every Guardian and Airman in terms of computational power to run models and algorithms and agents and it also is an incredible bearing on cost.

If portions of the infrastructure are going to be inside of the military services, then you have to have all of the infrastructure from data centers, the ability to cool those data centers and ensure their operations have power, water, cooling, to be able to operate. So that's an additional infrastructure that has to be sustained.

If it's chosen to leverage our large, managed service providers and cloud providers for that computing capacity, you're going to fund them. But they have to build out that architecture and sustain it. So those are choices that don't have to be made completely. It's likely a balance of the two that will ultimately be relied upon.

But if we're going to build out more infrastructure, there will be more requirements for things like water, cooling, power that will be critically important and have to be sustained and defended inside of the Department's architecture.

And increasingly, that's going to have to be at the network edge, not just at the center of a network. And this will be an evolution of how we're able to make that compute available to every Guardian and every Airman, regardless of the type of contested environment they're in. This is really foundational and these are areas that are going to be really important as the Department determines what those investments look like.

The document really sets out aggressive intent from the Secretary of War to first move out on pace-setting projects that are really about setting conditions to in terms of ensuring that the infrastructure is in place, thinking about the data that is required, the models and the policies to accelerate the use of artificial intelligence across warfighting, intelligence, and the broader enterprise within the Department.

This will certainly drive investment. It'll drive planning, and then it will drive the services to think about where artificial intelligence will be most effectively integrated to enhance capabilities within their respective service.

21:40 - 21:52

Thank you, Sir. And I’d like to go through the three pace-setting projects laid out in the strategy: warfighting, intelligence, and enterprise.

Let’s start with the first one: warfighting? What is this one about?

21:53 - 22:44

I think the big picture of this - this is really about where does artificial intelligence fit in the ability to execute the warfighting missions across the Department? And this will be very foundational when we think about how we gain situational awareness, how commanders make decisions, how we communicate those decisions, and the autonomy that we give to platforms and weapons.

And this pace-setting project will really bear out in terms of what are those areas that also now need to be invented in terms of how we test these capabilities and that partnership between industry and government as the acceleration of artificial intelligence isn't just done inside the services, but inside vendors and inside of capabilities that will be delivered.

22:45 - 22:51

And how about the second pace-setting project: intelligence. Can you elaborate on what the Department of War is aiming to do here?

22:52 - 23:44

The Department is setting some clear benchmarks to think about how intelligence will be integrated closer to the edge as a warfighting capability. This is an area of a tremendous advantage for the United States: our ability to sense and make information available to commanders around the globe. The challenge set forth by the Secretary is not only to do that in real-time operations, but also to accelerate the work that brings together that intelligence and capability development.

So two major, I think, directions will be how to make different sets of intelligence fuzed for commanders at all echelons. And the second being, how does that intelligence really get integrated more quickly in capability development earlier for individual capabilities to be able to be enhanced and infused with artificial intelligence as a core capability.

23:45 - 23:47

And how about the third one: enterprise?

23:48 - 24:25

This is thinking about how does the entire department come together and leverage these sets of capabilities and building out the not only just the ability to have the infrastructure available, but it's how do artificial intelligence bring more capacity and capability to the broader enterprise of warfighting that occurs across all of our military domains, and to be able to capitalize on that and do it faster than an adversary in a very contested environment.

So I think these three areas of warfighting, intelligence and enterprise, are a clear set of a foundation and intents laid out by the Secretary of War.

24:26 - 24:34

So now that this strategy is out there - what happens next? What steps are being taken to implement the strategy and then, ultimately, what does success look like?

24:35 - 26:43

Well, I think first is each service and command has been given some clear direction to build plans to establish AI integration leads within their organizations and then evaluate their mission for where artificial intelligence makes sense and can be rapidly infused in the areas the Secretary has outlined.

The next phase of that is in those areas - where will dollars go? What will the investment look like? And that investment will have to span across the ability to generate the requisite compute, the ability to ensure that the right data is available and is accessible at the right level for models and algorithms, and then ensuring that the Department and each service has the talent to execute it. And I think those areas are going to definitely require investment and they're going to require significant collaboration with industry.

Given the fact that many of these technologies are still being invented and the rapid evolution of models and what agents are going to look like, there's a tremendous opportunity for investment in key areas. The Secretary laying out the set of priorities will now begin to get into individual projects, as services and commands start to identify their key requirements and the areas that would most benefit by infusing artificial intelligence.

Inside those opportunities are places for investment. There's places for experimentation and then aggressive implementation to ensure continued advantage. So I think you're going to see those emerge and then success looks like the ability for us as a warfighting organization to be able to deliver capabilities at speed, to be able to integrate data for decision, and also to have weapons that have new capabilities across all domains that we can ensure operate consistent with the overarching intent and policy and guidance that exists across the Department in terms of warfighting, consistent with our laws and our values.

26:44 - 26:57

Our interview today covered three elements pretty comprehensively: digital infrastructure, zero trust, and AI.

The Department of War is actively taking steps toward these ends. So what do these actions signal to industry?

26:58 - 27:54

I think each of these provides an intent, and I think that's the best thing that the government can do is clearly articulate intent and share that with industry. So in this case, whether it's here's the intent for the future of the architecture. Here is the intent for what it will look like in terms of how the government wants to secure that architecture using zero trust principles and with an expectation that all capabilities are going to be infused by artificial intelligence.

They're setting the roadmap and that is probably the most important thing that, in terms of the public private partnership, is a clear understanding of intent. And that intent should only become more clear, as the Department articulates priorities inside of Golden Dome, inside of other major programs that are going to be driving and implementing those things that are consistent with the National Security Strategy and the National Defense Strategy.

27:55 - 27:57

Can you elaborate on how Golden Dome ties to this conversation?

27:58 - 30:12

Where the Golden Dome program needs to start in terms of the types of priorities that the President has given them, and then building in the resilience and speed necessary to be able to make those decisions within really incredible timelines.

The challenge of being able to identify, any and all threats, to the homeland and then to be able to act on those threats.

It's all about speed and the ability to identify the threat, understand it, give orders, and then have capabilities that can respond with requisite speed to be able to mitigate those threats. We have known how to do this as a nation and been prepared to do it in very specific scenarios. But now those scenarios are so diverse and growing in terms of the threat and the speed of the threat.

It really does demand a command and control structure that is always on, always available, and integrated with the right data sources to have situational awareness that can provide the right data to the decision-maker, and then the ability to execute command and control in a way that can be executed very quickly from decision-maker to shooter, and to be able to assure that not only can you track and have custody of of every one of those threats, but you also understand your effectiveness in real-time to mitigate those threats.

So I think speed is one of the clear tenants that comes from the demand signal. The other is, of course, it's got to be secure. These will be foundational capabilities in defense of the homeland. It must be built on a bedrock foundation and then it's going to also require just incredibly resilient communications to ensure its availability.

The digital infrastructure is what ties it all together: every sensor, every base, every shooter, every command and control node in a way that gives that situational awareness and gives that power to be able to make decisions, create outcomes, and understand the results of those operations. And the resilience and the capability that are provided through that infrastructure can be an accelerant to the command and control for Gold Dome.

30:13 - 30:25

Thank you Sir, and what opportunities exist for commercial and industry partners to contribute solutions to anything we’ve discussed today: whether that be digital infrastructure, zero trust, AI, or command and control in Golden Dome?

30:26 - 31:25

There's a menu. A large part of this is thinking through resilient communications in many different ways. That's leveraging different parts of the spectrum. It's leveraging different technologies.

It's about being innovative at every vendor to implement quantum resistance. It's about how we think about the applications that are required to knit it together. And then what's the underlying compute that allows it all to operate at speed?

Those are all opportunities that allow for ensured resilient communications in ways that we can continue to evaluate, whether that's in the space segment, whether that's within traditional RF bands or if it's leveraging a diversity of our managed service providers in terrestrial networks. All of those have to be meshed together in a way that assures command and control and assures availability for the leaders that are going to be empowered to make those decisions.

31:26 - 31:37

Now, in addition to serving as a Senior Principal Advisory at Elara Nova, you’ll also have a guiding hand in the firm’s new Cyber, Data & Communications sector.

What should our listeners know about its new CDC sector?

31:38 - 32:35

Yeah. I think everything we're thinking about now is how do you integrate capabilities faster? How do our domains interoperate and how do we ensure within the defense industrial base and with broader industry, how do those capabilities be brought to bear in a way that they can be effective from the outset and meet the demand signal that's coming from the Department and from each of the services?

Elara Nova brings a really deep portfolio of cyber experts that have served across all elements of our intelligence community and the military services and when combined with all the other expertise that exists in air and space that both have served in the Department and are current in state of the art of what's happening in industry is invaluable to be able to accelerate that work in a way that will produce an outcome that really brings back the best capability for the nation.

32:36 - 33:10

This has been an episode of The Elara Edge. As a strategic advisory firm, Elara Nova is the trusted guiding partner that builds tailored teams to illuminate unseen opportunities and deliver impact across every domain.

With the trusted insight to deliver your decisive edge, Elara Nova is your source for expertise and guidance in national security.

If you liked what you heard today, please subscribe to our channel and leave us a rating. Music for this podcast was created by Patrick Watkins of PW Audio. I’m your host, Scott King, and join us next time at the Elara Edge.