In today’s age of electronic and digital warfare, where autonomous vehicles and drones are at the forefront of conflict, the ability to share secure, actionable data with allies is crucial to victory. For decades, the U.S. Department of Defense (DOD) has discussed coalition collaboration, but the reality is that the U.S. lacks a reliable method for sharing mission data across allied forces quickly and securely.
The infrastructure that makes up the so-called Mission Partner Environment (MPE) has been slow to materialize because the process is just cripplingly hard. The idea of seamless interoperability between U.S. and partner nation systems sounds achievable in theory.
In practice, it runs headfirst into the constraints of disconnected environments, entrenched legacy infrastructure and secret data that’s releasable to mission partners only within the confines of that mission’s operations. The process is still too slow and rigid for how today’s coalitions operate.
Instead, we need to stop piecing together coalition access and treat it like a critical warfighting capability. The DOD continues to circle the same question: How do you allow warfighters from different countries to share operationally specific secret data without oversharing in environments with little to no internet?
Access is not only a technical problem
The challenge of getting MPE to work isn’t about funding and willpower. A desire and buy-in for this exist already, but mission partners face operational, legal and human barriers.
The data involved in MPE is largely “secret releasable” as the data remains secret or classified but has been permitted to be shared with authorized mission partners under strict controls. Those conditions depend on the real-world context. Who is asking for the data? Where are they physically located? What kind of device are they using?
Traditional information technology infrastructure has proven this to be almost unsolvable because it was never designed to process access decisions in real-time based on contextual factors.
It encompasses a static environment with a perimeter to secure and a network to trust. But that’s not what MPE looks like in the field. The problem becomes more complex when factoring in that many of the places where data sharing occur are disconnected environments with little to no internet. Examples include temporary command posts, operating bases and tactical edge devices.
We don’t just need to protect data. We need to deliver the right data to the right partner at the exact moment it’s needed without giving adversaries a seam to exploit. It requires a security-first mindset, where security is fundamentally embedded in the place where mission partners work — the browser.
Shifting the focus to the browser
If we want coalition access to work, we have to stop relying on legacy infrastructure.
This isn’t a cloud or firewall problem. It’s a delivery problem at the last mile — the exact point where a user accesses information and acts on it. And in MPE scenarios, that user could be working on almost anything ranging from a ruggedized laptop in a command tent to a smartphone at a border checkpoint.
The only common denominator across environments is the browser and the endpoint. The endpoint is almost always a PC or smartphone. That’s where policy needs to live.
Enforcement needs to happen at the point of use. And from there, real-time controls can be implemented. Trying to rely on control access from the network or even redesigning every single application won’t work. Instead, agencies can enforce security directly at the user layer in the browser itself.
The military needs systems that enforce policy based on context and provide granular visibility. That means shifting the control plane closer to the user without sacrificing speed, interoperability or user experience. All of this can be done directly in the browser.
Here is a likely scenario
Consider a joint reconnaissance operation in a contested border region. A U.S. team is working alongside allied forces to track the movement of high-value targets ahead of a precision strike. A coalition partner logs into the mission portal from a field-issued device that hasn’t passed endpoint encryption checks and can view tactical briefings and heatmap overlays but not download files or take screenshots.
Their location is determined to be outside of the approved operating perimeter, which further restricts their access to live drone feeds. And because their nationality does not allow them access to Five Eyes data, certain layers on the shared map are automatically redacted, without any change to the underlying application or manual intervention. Five Eyes refers to an intelligence alliance composed of Australia, Canada, New Zealand, the United Kingdom and the United States.
This process doesn’t have to be rocket science. It’s simply enforcing policy where it matters most – at the edge, inside the tool that everybody already depends on (the browser).
Coalition data access today is more aspirational than operational. Complex bespoke systems built long ago have little chance of multi-national interoperability. Neither legacy tools nor cloud-enabled applications work when systems are disconnected.
What is required is a tool that lives at the edge and enforces access in real time, no matter who the user is, where they are or what device they are on. And just as important, a tool is required that warfighters from each coalition nation can understand without time-consuming training.
Timely collaboration helps ensure mission success. There’s no clearer argument for getting MPE right.
