MetTel’s Don Parente: FAA’s Airspace Model Offers Zero Trust Lessons for Federal IT

The Federal Aviation Administration’s air traffic control system offers a real-world model of zero trust architecture, according to Don Parente, vice president of public sector sales and solution architecture at MetTel, suggesting that agencies can learn from the FAA’s verification-first approach to cybersecurity and network modernization.

In a commentary published Feb. 4 on Federal News Network, Parente wrote that the FAA has long operated under a “never trust, always verify” mindset — requiring aircraft to identify themselves, submit flight plans and remain under continuous monitoring while in controlled airspace. He said the model mirrors today’s zero trust principles, where identity validation, contextual access controls and real-time oversight replace perimeter-based security.

The Potomac Officers Club’s 2026 Cyber Summit on May 21 will bring together government and industry leaders to discuss federal cybersecurity priorities, emerging threats and implementation challenges. Register now.

What Makes the FAA’s Approach a Blueprint for Zero Trust?

Parente pointed to the FAA’s layered operational structure as a key differentiator. Air traffic control relies on coordinated oversight across towers, terminal radar facilities and enroute centers that operate under a unified rule set while maintaining visibility into every aircraft’s movement. That combination of distributed execution and centralized policy enforcement, he said, provides a guide to how agencies should structure enterprise cybersecurity environments.

He emphasized that access decisions in both aviation and IT environments must account for real-time conditions. Just as pilots cannot deviate from assigned corridors or enter restricted airspace without authorization, users and devices should only access systems based on validated identity, mission need and environmental context.

What Role Does SASE Play in Managing Secure Data Movement?

Parente compared secure access service edge, or SASE, to the FAA’s controlled air corridors, saying both models rely on defined pathways, continuous monitoring and rapid response when anomalies emerge.

SASE combines networking and security into a unified, cloud-delivered framework that enables identity-based access controls, end-to-end visibility and real-time traffic adjustments.

That capability, Parente wrote, is critical as federal networks expand to include cloud workloads, mobile users, edge systems and cross-agency data exchanges.

What Role Do Visibility and Legacy System Reform Play in Network Security?

In separate commentaries, Parente has highlighted broader federal IT modernization needs, including replacing aging systems and improving visibility across complex networks. 

In an October 2025 opinion piece, he said agencies must recognize when legacy systems should be retired instead of repeatedly patched.

He noted that modernization requires cultural change, political will and upfront investment to fully leverage cloud, artificial intelligence and secure networking technologies. Outdated infrastructure, he wrote, can expose agencies to cyber risks and operational disruptions that erode public confidence.

In an earlier commentary, Parente outlined the importance of centralized visibility and management tools — including dashboards and billing consolidation — to help agencies oversee distributed network environments tied to satellite-based services. He said consolidated oversight supports performance, compliance and cost efficiency across federal IT ecosystems.