The Army’s Unified Network Plan 2.0 (AUNP 2.0) represents a pivotal transformation in military networking and cybersecurity. Unlike its predecessor, which sought to unify disparate networks under a single framework, AUNP 2.0 acknowledges a fundamental reality: You cannot “unify” networks in the traditional sense. The mathematical and logistical challenges of merging infrastructure at scale make such an approach impractical. Instead, the Army is shifting its focus toward a zero trust, data-centric architecture, where security is built around the data itself rather than the network it resides in.
This shift is not just a technological adjustment — it is a necessary evolution in how the Army approaches cybersecurity in an era where multi-domain operations (MDO), persistent cyber threats, and global coalition partnerships demand a more adaptable and resilient strategy. While previous plans attempted to control security through network segmentation and access controls, AUNP 2.0 acknowledges that infrastructure alone is not the solution. Data must be secured at the object level, ensuring that protections follow the information wherever it moves, regardless of the environment.
From network-centric to data-centric security
The core difference between AUNP 2021 and AUNP 2.0 is the Army’s recognition that security cannot be confined to controlled networks. The earlier strategy relied on the belief that if the Army could secure its network infrastructure, it could secure the data within it. But as cyber threats have evolved and military operations increasingly depend on dynamic, coalition-based information sharing, it has become clear that a purely infrastructure-centric model is insufficient.
AUNP 2.0 instead prioritizes zero trust principles, operating under the assumption that no network, user or device can be inherently trusted. Access must be continuously validated, and data security must persist beyond the perimeter. This approach also acknowledges that modern combat operations require information to be shared not just within Army networks but also across the Joint Force and with international allies. This demands a new level of interoperability and persistent security that infrastructure-based models cannot provide.
A critical component of this strategy is object-based data security, which ensures that protections are applied directly to the data itself rather than relying on network or device-level security measures. Instead of attempting to unify networks, the Army is focusing on securing the movement of information between them, ensuring that only authorized entities can access sensitive data — no matter where it travels.
The role of open standards in the Army’s zero trust transformation
For this shift to be successful, the Army must embrace open security standards that enable interoperability while maintaining strict control over sensitive data. Proprietary, closed security architectures create vendor lock-in, limit flexibility and introduce dependencies that can become liabilities in an evolving threat landscape. An open, standards-based approach ensures that security controls remain adaptable, scalable and compatible with diverse operational environments.
One of the most effective ways to implement data-centric security in this new paradigm is through the Zero Trust Data Format (ZTDF). ZTDF provides granular, persistent encryption that follows data wherever it moves, enforcing security policies at the object level rather than relying on perimeter defenses. This enables the Army to apply fine-grained access controls, ensuring that data can be shared securely across different domains while preventing unauthorized access — even if networks are breached.
ZTDF also allows for self-sovereign key management, meaning the Army (and its allies) retains full control over encryption keys instead of relying on other providers. This ensures that sensitive mission data remains protected, regardless of where it is stored or transmitted. By adopting ZTDF and other open security standards, the Army can move beyond outdated infrastructure-dependent security models and create a system where data is always protected, accessible only to the right people, and never left vulnerable to adversarial threats.
Holding industry partners accountable for a data-centric future
As the Army moves forward with AUNP 2.0, it is essential that industry partners align with this data-first vision. Defense contractors, technology providers and cybersecurity firms must move beyond the traditional, infrastructure-focused mindset and develop solutions that provide persistent data protection and policy enforcement at the object level. The Army must demand that its partners answer critical questions:
- Are their security solutions truly data-centric, or do they still rely on network-layer protections that fail once data moves beyond a controlled perimeter?
- Do their architectures enforce zero trust at the data level, ensuring that only authorized users, devices and applications can decrypt and interact with sensitive information?
- Are they committed to open standards like ZTDF, or are they locking the Army into proprietary security models that limit flexibility and future adaptability?
Industry leaders who cannot provide solutions that meet these new security demands will find themselves falling behind. The Army’s zero trust, data-centric approach is not just a trend — it is the future of military cybersecurity. Vendors who continue to push legacy, perimeter-based security models will struggle to remain relevant in an environment where data protection must be persistent, adaptable and independent of network infrastructure.
What success looks like in the AUNP 2.0 era
Since the Army is no longer pursuing a mathematically impossible “unified network,” success should instead be measured by how well data moves securely across diverse networks, how effectively access controls are enforced in real time, and how resilient information remains even in contested environments.
In practical terms, this means:
- Securely sharing real-time intelligence with joint and coalition partners without exposing sensitive data to unauthorized users.
- Protecting logistics and supply chain data even as it moves between commercial and military systems.
- Enforcing data sovereignty, ensuring that encryption keys remain under Army control rather than being stored by third-party providers.
- Preventing data leaks and insider threats, using policy-based controls that dynamically adapt based on mission needs and access privileges.
AUNP 2.0 as a blueprint for the future
The Army’s Unified Network Plan 2.0 is more than an update — it is a fundamental redefinition of how the Army approaches cybersecurity. By recognizing that networks cannot truly be unified, and instead focusing on data security at the object level, the Army is embracing a more resilient, flexible, and future-proof approach to zero trust security.
To fully realize this vision, the Army must:
- Demand that industry partners align with data-centric security principles.
- Prioritize open security standards like ZTDF to enable interoperability while maintaining full data control.
- Ensure that security policies persist with data, rather than being tied to network infrastructure.
With these steps, the Army can set the standard for how military cybersecurity should function in the era of zero trust and multi-domain operations. The success of AUNP 2.0 will not be measured by how well networks are unified, but by how securely data moves within and beyond them — ensuring that the Army maintains information dominance in an increasingly contested battlespace.
Shannon Vaughn is the general manager of Virtru Federal.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
