US military gears up for zero-trust overhaul

The zero-trust approach to cybersecurity represents a radical departure from conventional measures.
Rizwan Choudhury
Two Military Men Work with Open Server.
Two Military Men Work with Open Server.

Source: gorodenkoff/iStock 

In a major move that underscores the evolving cybersecurity landscape, Pentagon Chief Information Officer John Sherman announced on September 7 that the Pentagon leadership will soon evaluate plans to implement zero-trust measures throughout the US military. The timeline aims for completion by the "holiday period" this year, a crucial step as cyber threats loom more extensive than ever in 2023 and beyond.

Setting a new cybersecurity benchmark

As per c4isrnet, the upcoming evaluations are being orchestrated by Randy Resnick, the zero-trust portfolio management office's director, and his specialized team. Sherman emphasized the importance of this endeavor during his recent address at the Billington Cybersecurity Summit in Washington. "This milestone, set for the coming weeks, is paramount in laying the groundwork for robust assessments. A paradigm shift is non-negotiable given the cybersecurity challenges of 2023 and future years," Sherman said.

What is Zero-Trust?

The zero-trust approach to cybersecurity represents a radical departure from conventional measures. Instead of operating on the presumption of a secure network, zero-trust assumes that networks are either continuously at risk or have already been compromised. This necessitates persistent validation of all devices, users, and their respective access levels within the virtual ecosystem.

In November of the prior year, the Pentagon unrolled its zero-trust strategy, which included a comprehensive chart detailing the new approach to cybersecurity. This strategy outlines numerous activities and capabilities necessary to achieve a "targeted" zero-trust environment by 2027, with additional advanced requirements for future implementation.

Cyber incidents and global threats

Disquieting data underpin the urgency to reinforce the U.S. military's digital fortress. A Government Accountability Office report has indicated that since 2015, the Department of Defense has been targeted in over 12,000 cyber incidents. Although annual figures have shown a decline since 2017, the increasing cyber capabilities of global actors like Russia and China make the initiative timely.

Sherman expressed that the defense organizations could adopt different methods to reach the overarching objective of zero-trust security. However, he insisted that the ultimate aim remained unchanged. He quipped that the endeavor could be likened to a "pick-your-own adventure" scenario but with far-reaching national security implications.

"When you have combatant commanders discussing zero-trust, and when the chairman of the Joint Chiefs of Staff is on the same wavelength, it's evident that zero-trust principles are now ingrained in the very DNA of the department," Sherman declared on Thursday. "The entire apparatus is rowing in unison towards this common goal."

As the Pentagon gears up for this rigorous evaluation period, the coming weeks are set to be pivotal in shaping the future cybersecurity framework of the United States military. While the deadline of 2027 may seem distant, the clock is ticking. Given the challenges and threats that loom in cyberspace, the Pentagon's proactive move signifies a resolute step forward in the battle against increasingly sophisticated cyber threats.

With zero trust now a part of the defense establishment's lexicon and practice, the US military aims to redefine cybersecurity norms for itself and potentially as a benchmark for other institutions grappling with the complexities of safeguarding data and systems in this digital age.

Add Interesting Engineering to your Google News feed.
Add Interesting Engineering to your Google News feed.
message circleSHOW COMMENT (1)chevron
Job Board