The Defense Department has finally laid out its plan for protecting its cyber networks after years of pledging to make it a commitment.
The Office of the Chief Information Officer released “The DoD Zero Trust Strategy” in November — which laid out metrics and deadlines for the department to achieve full zero trust adoption by 2027. Cybersecurity experts said the government and private sector should work together to leverage resources to successfully enter the new regime.
“Cyber physical threats to critical infrastructure really are one of our biggest national security challenges that we’re facing today, and that the landscape that we’re dealing with has gotten more complex,” Nitin Natarajan, deputy director at the Cybersecurity and Infrastructure Security Agency, said during a MeriTalk event in October.
Cyber attackers have more resources than they have in the past, and it’s less expensive to do a lot of damage to an unsecure system, he said. It’s not just lone wolf hackers, but nation states and cyber terrorists who can pose a threat.
For example, the 2019 SolarWinds cyber attack, which swept past the defenses of thousands of organizations, including the federal government, has been linked to Russia-backed operatives.
The new strategy’s basic tenet is that treating organizations’ security like a moat around a castle doesn’t keep out bad actors.
“Mission and system owners, as well as operators, increasingly embrace this view as fact. They also see the journey to [zero trust] as an opportunity to affect positively the mission by addressing technology modernizations, refining security processes and improving operational performance,” the document said.
Zero trust culture requires every person within a network to assume that it is already compromised and requires all users to prove their identities at all times.
The strategy lists technologies that can help cultivate a zero trust environment such as continuous multi-factor authentication, micro-segmentation, advanced encryption, endpoint security, analytics and robust auditing.
While these various technologies can be used to implement this basic premise, it essentially means that “users are granted access to only the data they need and when needed.”
The strategy revolves around four pillars: accepting the culture of zero trust, operationalizing zero trust practices, accelerating zero trust technology and department-wide integration. The strategy notes that while IT departments across the Pentagon may need to purchase products, there is no one capability that can solve all their problems.
“While the objectives prescribe ‘what’ shall be done in furtherance of the goal, they do not prescribe ‘how,’ as DoD Components may need to undertake objectives in differing ways,” the strategy read.
For the technology pillar, the Pentagon’s zero trust strategy calls for capabilities to be pushed out faster while reducing silos. Capabilities that promote simpler architecture and efficient data management are also important, according to the document.
While many methods can be used to authenticate users, the integration pillar calls for creating an acquisition plan for technologies that can be scaled department-wide by early fiscal year 2023.
One technology development already underway is the Thunderdome, a $6.8 million contract awarded to Booz Allen Hamilton earlier this year. The technology would protect access to the Secure Internet Protocol Router Network, the Pentagon’s classified information transmitter, according to a Defense Information Systems Agency press release.
It won’t be possible to completely retrofit every legacy platform with technology such as multi-factor authentication, the strategy points out. However, the services can implement safeguards for these less modern systems in the interim.
The securing information systems pillar will also require automating artificial intelligence operations and securing communications at all levels.
Automating systems is an important part of zero trust, said Andy Stewart, senior federal strategist at digital communications company Cisco Systems and a former director at Fleet Cyber Command/U.S. Tenth Fleet. If the processes behind zero trust don’t work well, people can struggle to use the technology and adopt the zero trust mindset.
“Zero trust is about raising the security, but it also means, ‘How do I operate more efficiently?’” he said. “The user experience should get a vote.”
While the strategy marks a turning point for the effort, the Pentagon started down the road of zero trust years ago. Its 2019 Digital Modernization Strategy mentioned that zero trust was an emerging initiative concept it was “exploring.”
Accepting more rigorous cybersecurity measures through the zero trust mindset is something the Marine Corps has been working on through education and raising awareness, said Renata Spinks, assistant director and deputy chief information officer of information, command, control, communications and computers and acting senior information security officer.
“We spend a lot of time educating, because if people know what they’re doing and why they’re doing it … it has been my experience that they will get on board a whole lot sooner than resisting,” she said
The 2021 zero trust mandate from President Joe Biden’s administration was “a godsend” because it gave justification for personnel inside the Marine Corps who may not have understood the necessity of some of the IT initiatives, she said.
A successful zero trust implementation will reduce threats to some of the most critical types of capabilities that warfighters will be relying on in the future: cloud, artificial intelligence and command, control, communications, computer and intelligence.
The military needs the help of defense contractors to protect sensitive data, Spinks noted. Industry can help the military’s IT personnel understand how to work with the type of data that they will be providing and to how much the military will need access.
“Zero trust will not be zero trust successfully if we don’t get help in managing identities,” she said.
The Marine Corps recently hired a service data officer who could use input from contractors about how much access the military will need to figure out the best ways to classify and manage the service’s data, she noted.
Having access to secure data anywhere will help military members and personnel in the defense industrial base who are working outside of business hours and in remote locations, according to the Pentagon’s strategy.
The push for zero trust is different from some cybersecurity initiatives because it has muscle behind it, Spinks added. Leadership has provided policies and procedures and are willing to be held accountable, she said.
“Cybersecurity is not an inexpensive venture. But I think what truly drives it is the vicious adversary and all of the activity across not just the federal government, but even at the state and local levels,” she said.
Better cybersecurity practices will also be needed to secure supply chains, Natarajan noted. Making them more resilient, especially in critical technologies such as semiconductors, has been a focus at the Pentagon in recent years.
“We know that this is being used by malicious cyber actors really to exploit a lot of third party risk after going after an organization’s supply chain,” he said.
That’s another reason why the government can’t work alone, he added.
“As we look at this, we’re looking at this not just from a sector perspective but also looking at this from national critical functions,” he said.
CISA released cybersecurity performance goals for companies to measure themselves in October. Though the performance goals don’t cite zero trust specifically, the goals are intended for companies to use regardless of their size.
“We’re really looking at these to be that minimum baseline of cyber protections that will reduce the rest of critical infrastructure operators,” he said. “But at the end of the day, by doing that we’re also impacting national security and the health and safety of Americans throughout the nation.”
The private sector in turn needs the government’s investment in education and resources to build up its cyber workforce.
“Cyberspace involves not just the hardware and software, the technology, your tablets, your iPhones, your technology, but it involves people. People developed cyberspace. People use cyberspace. We are in cyberspace,” Kemba Walden, principal deputy director of the National Cyber Director’s Office, said during the MeriTalk event.
Not yet at full operating capacity, the National Cyber Director’s Office was established in 2021 to take the lead on cyber issues at the federal level, including the first national cybersecurity strategy.
Just as important as the broad strategy will be the national workforce and education document that will be released after the cybersecurity strategy, Walden said.
“We took a look and recognized that 700,000 or so U.S. jobs with the word cyber in it are left unfilled,” she said. That number comes from market research firm Lightcast’s 2022 report based on 2021 data.
“As a national cyber and national security lawyer, that frightens me,” she said. “That is a national security risk from my perspective.”
In recent years, organizations such as Joint Cyber Defense Collaborative and the National Security Association’s Cybersecurity Collaboration Center have sprung up to gauge the needs and collect feedback from large enterprises, she said.
“Those are the types of collaborative efforts that I think are necessary in order to evolve public-private collaboration and information sharing overall,” she said.
Ultimately, the benefits of zero trust trickle down to the warfighter, according to the document.
For example, the Pentagon’s joint all-domain command and control effort — which aims to link sensors and shooters while using artificial intelligence to make decisions — relies on that data being secure. If it falls into the wrong hands, military leaders can’t achieve information dominance, the strategy notes.
“We need to make certain that when malicious actors attempt to breach our zero trust defenses; they can no longer roam freely through our networks and threaten our ability to deliver maximum support to the warfighter,” Chief Information Officer John Sherman said in the strategy.
[…] Read original article […]
Too bad …. “THEY ARE THE MALICIOUS ACTORS”……. they always blame common people of their crimes! Always….. sounds like Narcisstic personality disorder to me….. blame the victim of what they themselves are doing! Same old trick! They are so damn predictable….. pathetic to me what a waste of an intellect….. they devise ways to enslave people and make our lives miserable…… thats it in a nutshell…… no higher vibrating enlightened beings there…..only dark dreary sad nothings!!!!
Marxism 101 – Accuse your adversary of what you yourself are doing eg The Russian Dossier.
Agreed, though I had heard that mantra attributed to the great propagandist, Joseph Goebbels.
Won’t it be funny when AI goes rogue and locks them out of their own system. These idiots are so consumed with power they can’t see the danger right in front of their faces. Quick, someone send them a copy of WarGames ….the movie. lol.
Definitely. The thing we all should all value is that every single time they go for the BIG move that will completely incarcerate humanity within their sick slavery system, they reveal their own weaknesses and ill-conceived notions of grandeur as gods. The ‘reveal’ in their own failed results is used against them.
Sure will be not funny when you realize that you’re the victim of their incompetence propaganda. If they’re so incompetent, why are they so good at getting your money, and not giving up their own? Yeah. They’re merely incompetent when it comes to doing good for us, not when it comes to doing good for themselves.
AI will not views us as the enemy it will view THEM as the enemy because it knows they have the kill switch.
[…] Read More: The Pentagon Creates Road Map For ‘Zero Trust’ Internet Access By 2027 […]
[…] Read More: The Pentagon Creates Road Map For ‘Zero Trust’ Internet Access By 2027 […]
The President-Chairman of the Management Board of Sberbank German Gref spoke at a lecture in Kaliningrad about the prospects of the “digital” era and the peculiarities of business development in the new technological reality, noting that the “real” person, in his opinion, will gradually interest the world less and less, and the value of his digital “avatar” will steadily grow, people will “absolutely transparent”: nothing can be hidden. Gref gave a lecture at the Baltic Federal University named after Kant in Kaliningrad, talking about new technological trends, the future of business, the prospects of artificial intelligence and a new digital… Read more »
This is a LOT of misdirection. Certainly facebook is huge in all of this, but the cloud and the applications you use on your computer and/or phone, whether you use “the cloud” or not, are being constantly mined. You would be surprised what your computer does and how often it connects to big brother. Let’s just say ANY TIME you use it, you are sending your KEYSTROKES through chips that operate underneath the OS. And people debate this, but here’s a test for you. Of all of the chips in your computer, tell me ONE person who knows everything that… Read more »
[…] The Pentagon Creates Road MapFor ‘Zero Trust’ Internet Access By 2027https://www.technocracy.news/the-pentagon-creates-road-map-for-zero-trust-internet-access-by-2027/ […]
Just had this sent to me, very fitting for the discussion! https://twitter.com/bfcarlson/status/1609988081825751041?t=srBUPtYwU_ltH7TNYYvbeQ&s=07&fbclid=IwAR06RgMYqG5vhHh7UMsTUEhZnUhZerD3bjI60kTH64bqHnwyLccAa32jSbs
[…] The Pentagon Creates Road Map For ‘Zero Trust’ Internet Access By 2027 […]
[…] SHARE […]
Today I invented… THE OUTERNET!!!!
To hell with your internets
Would that level of spying have prevented the cyber attack?
This sounds like illegal search and seizure, anti-constitution, aka treason.
Is this a cover for an aspect of the WEF takeover?
[…] The Pentagon Creates Road Map For ‘Zero Trust’ Internet Access By 2027 https://www.technocracy.news/the-pentagon-creates-road-map-for-zero-trust-internet-access-by-2027/ […]
[…] via Technocracy.news […]
That is destroying the internet for all critical thinkers.
A strange game…the only winning move is not to play
[…] From nationaldefensemagazine.orgvia technocracynews.com […]
But then how will black people use the internet?
[…] https://www.technocracy.news/the-pentagon-creates-road-map-for-zero-trust-internet-access-by-2027/ […]
[…] – The Pentagon Creates Road Map For ‘Zero Trust’ Internet Access By 2027: […]
The “read full story” link leads to WordPress site critical error. Possibly the article is being censored by WordPress.
I foresee a requirement for periodic “vaccination” (ie injection with mRNA-based materials, chosen by the military) in order that your digital ID remains valid. I have feared & predicted it since 2020. It closes the circuit to all the activities since early that year, with the faked “pandemic” onwards. I suspect this is an end game whose front end has been rolling for very many years, long before the internet & probably as long as reliable mainframe computing has existed. Those mRNA-technology based injections aren’t vaccines. It’s not possible to make safe products using this technology. On the contrary, their… Read more »
I’m not a tech knowledgeable person but I consider myself reasonably smart, a quantitative, applied biomedical research scientist. It seems to me that applying a presumably common-format, works-wide digital ID renders online (& indeed offline) security much MORE vulnerable than the piece work, mix & match patchwork of security systems such as we use today. The reason is simple to understand. I see our current system’s strengths lying in its very diversity. To contribute here, I merely provide a chosen display name and an email address. The website operator doesn’t regard the ability to read content & comments as a… Read more »
[…] The Pentagon Creates Road Map For ‘Zero Trust’ Internet Access By 2027 […]