Transforming Defence Information Sharing & Collaboration with Zero Trust Solutions

Partners in the defence supply chain, including manufacturers, distributors, and service providers, play a critical role in supporting national security initiatives. These entities frequently handle sensitive and classified information, which necessitates a robust framework of cybersecurity measures. To safeguard this sensitive data from potential breaches and cyber threats, they are required to adhere to stringent government-mandated cybersecurity protocols.

Compliance with these regulations is not merely a best practice; it is essential for maintaining eligibility for government contracts and competing effectively within the defence sector. Furthermore, these protocols often encompass regular audits, employee training on data security, and the implementation of advanced technological solutions to mitigate risks. As the threat landscape evolves, maintaining a proactive stance on cybersecurity will be vital for defence supply chain partners to protect their interests and ensure the integrity of their operations.

What is Defence Information Sharing and Collaboration?

Defence information sharing and collaboration involve the transfer of essential intelligence, technical data, and operational knowledge between different organisations in the defence field, which encompasses government bodies, military divisions, and private sector contractors.

If your organisation works with the defence sector, you may need to comply with strict cybersecurity requirements regarding the protection of sensitive data. For example, if you:

• Work on sensitive or classified information or assets (e.g. OFFICIAL: Sensitive, PROTECTED, etc.)
• Handle export-controlled material (e.g., ITAR, AUKUS, etc.).
• Sell, manufacture, and distribute services or products to Defence.
• Provide security services for Defence bases and facilities.
• Conduct defence research.
• Provide critical infrastructure.
• Require Defence Industry Security Program (DISP) membership in the contract, or other country-specific regulations.

For many defence contractors, achieving the necessary level of compartmentalised access and sharing controls to comply with regulations for managing sensitive information can be both costly and challenging. This is particularly true for small and medium-sized enterprises (SMEs), which often struggle to meet the stringent information security requirements imposed on them. Moreover, if they fail to comply, they will be unable to compete for Defence business.

Challenges of Defence Information Sharing & Collaboration

The defense supply chain is a complex network that plays a crucial role in national security, but it also faces a myriad of cybersecurity challenges, particularly when it comes to information sharing, including :

1. Risks of Information Sharing: Sharing data with a diverse range of vendors is essential for government and defence projects. However, this also increases the risk of exposure to cyber threats, making it crucial for supply chain organisations to implement strong data security measures.
2. Security and Classification Issues: Maintaining national security while collaborating internationally on files with differing classification levels and clearance protocols can be challenging. Having a system in place to protect sensitive information with differing classifications and protocols is critical to working effectively with global partners.
3. Interoperability and Technical Incompatibility: Diverse platforms, software, and data formats hinder seamless communication, making the sharing of real-time data difficult between defence and supply chain partners.
4. Organisational Barriers: Variations in organisational culture and varying levels of trust can hinder the effective sharing of information and resources within an organisation and with partners.
5. Risk of Compromise or Insider Threats: When managing access to sensitive information, it’s essential to find a balance between providing necessary access for users and implementing robust security controls. This approach helps mitigate the risks associated with potential compromises or insider threats, ensuring that only authorised individuals can access the appropriate information.
6. Export Control and Compliance Constraints: Legal and regulatory requirements mandate the implementation of strict access controls. Failure to comply can result in financial penalties and loss of contracts.
7. Data and Intellectual Property (IP) security and compliance concerns: Inadequate security or access control in technology heightens the risk of a data breach. The defense sector must share sensitive information and intellectual property (IP) while ensuring compliance with relevant data privacy and security regulations.
8. Lack of Real-Time Data Sharing Capabilities: The lack of technology integration between buyers and suppliers can lead to users sharing information through less secure and inefficient communication methods.
9. Fragmented Ownership and Storage of Data: Fragmentation often results in duplication of data, where the same information is stored in multiple places. This not only consumes unnecessary storage resources but also creates confusion regarding which version of the data is the most current or accurate. Additionally, it can lead to inconsistencies in the data itself. Different departments might update their copies of the data without coordinating with each other, resulting in contradictory information that can complicate decision-making processes.
10. File size limits: Suppliers and buyers often exchange information through large files. When using email, the size of these attachments can be a significant issue and may even hinder your supply chain efficiency. This problem can be exacerbated if you rely on automated systems that are not specifically designed for collaboration.

Kojensi Delivers Secure Defence File Sharing & Collaboration Out of the Box

Kojensi is an Australian federal government-accredited SaaS platform that enables the Defence Industry to securely share and collaborate on sensitive information up to PROTECTED with Defence and industry partners. As a hosted cloud platform, Kojensi can be deployed quickly and consumed as needed, eliminating the substantial costs associated with implementing on-premises, secured ICT infrastructure.

Data is hosted locally in Australia by an ASD-certified PROTECTED cloud provider, ensuring all data is stored and processed in local data centres. An on-premises platform is also available when more stringent security is required for classified information.

Kojensi uses Attribute-Based Access Control (ABAC) to provide fine-grained control over how information is shared and accessed. Attributes (e.g., security classification, organisation and nationality) can be added to documents and files, giving the information owner strict control over who accesses it and under what conditions. Custodians can also determine whether the information is discoverable or allowed to be downloaded outside of the platform.

Users can set up a shared workspace or community of interest in minutes and invite internal personnel and external partners to share and collaborate on information. Kojensi’s dynamic ABAC policies ensure users will only have access to information they are authorised to.

Kojensi’s Export Control Compartments simplify the management of regulated export data. These compartments enable users to quickly identify Export Controlled information (e.g., ITAR) and allow content owners to apply the appropriate security tags through a simple-to-use interface. The simplified creation, management, and enhanced auditing capabilities of compartments enable Export Control Managers to streamline the business process for meeting compliance requirements.

Key Capabilities

Kojensi simplifies defence information sharing and collaboration with the ability to:

• Instantly establish secure workspaces to collaborate across organisations, while ensuring only cleared users see classified information.
• Control access and sharing with granular, zero trust ABAC policies.
• Restrict access using attributes such as security classification, nationality and organisational releasability.
• Securely share files with different export controls internally, with partners and with Defence – all within a single repository that enforces appropriate information barriers.
• Add country-specific classifications, helping you to protect highly classified, sovereign information.
• Support collaboration with file creation and co-authoring for documents, spreadsheets and presentations.
• Ensures files remain within the platform removing the risk of files being stored on user’s computers, local drives, etc.
• Securely share large files quickly and easily, including videos, images, CAD drawings, PDFs, documents, spreadsheets and presentations.
• Assists with meeting Australian Defence requirements (ISM, DISP, PSPF), US requirements (e.g. ITAR, AUKUS), and other regulations.

Kojensi facilitates secure collaboration and sharing of Defence documents, ensuring that your information remains compartmentalised and secure, in compliance with regulations.

Ready to see it in action? Reach out to us for a demo today!