The US military is going all-in on zero-trust

An image of security icons for a network encircling a digital blue earth.
(Image credit: Shutterstock)

The US Department of Defense (DoD) has published an official document detailing how it plans on integrating Zero Trust Network Access (ZTNA) in all of its departments, from technology, to cybersecurity, to human resources. 

The “DoD Zero Trust Strategy” outlines how the entire DoD and all of its departments need to have the Zero Trust framework firmly in place by 2027.

“This shift in philosophy is a significant change in legacy authentication and security mechanisms,” the paper reads. “It also represents a major cultural change that stakeholders throughout the DoD ZT Ecosystem, including the Defense Industrial Base (DIB), will need to embrace and execute beginning with FY2023 through FY2027 and in the future.”

Growing attacks

Zero Trust is a relatively new concept in cybersecurity, which states that any person, device, or application, on a network, needs to be authenticated and verified. Nothing is trusted by default. 

Putting things into the wider context, the DoD said the US Government and its departments are under increasing cyberattacks, which had gotten more devastating in recent times. At the same time, the shift in how people work (namely, remote working) has only made securing the perimeter more difficult. 

“Our adversaries are in our networks, exfiltrating our data, and exploiting the Department’s users,” the paper claims. “The rapid growth of these offensive threats emphasizes the need for the Department of Defense to adapt and significantly improve our deterrence strategies and cybersecurity implementations.”

The project was kicked off by US President Joe Biden some 18 months ago, after the administration issued an executive order aimed at strengthening the government's defenses. 

Besides the DoD, this also prompted the Cybersecurity and Infrastructure Agency (CISA) to update its infrastructure resilience framework for guiding state, local, and tribal entities, as they work further on their cyber-protections. 

Furthermore, the Information Technology Industry Council (ITI) asked the White House Office of Management and Budget (OMB) to further detail its recommendations on how to better secure software development. 

Via: The Register

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.