In a move highlighting the ever-changing cybersecurity landscape, John Sherman, the Chief Information Officer of the Pentagon, announced on September 7th that plans to implement zero-trust measures across the US military will soon be evaluated by Pentagon leadership. The goal is to complete this evaluation process by the end of this year's "holiday period, recognizing the growing cyber threats in 2023 and beyond.
This evaluation is being led by Randy Resnick, Director of the Zero Trust Portfolio Management Office, along with his team, as reported by c4isrnet. During his address at the Billington Cybersecurity Summit in Washington, Sherman emphasized the importance of this initiative. He stated that these upcoming weeks will mark a milestone in establishing a strong foundation for thorough assessments. Sherman highlighted that, given the cybersecurity challenges we face in 2023 and beyond, a paradigm shift is imperative.
The zero-trust approach to cybersecurity represents a departure from traditional methods. Rather than assuming network security as a default state, zero trust operates on the premise that networks are constantly at risk or may already be compromised. This requires validation of all devices, users, and their respective access levels within the virtual ecosystem.
In the same year, the Pentagon introduced its zero-trust strategy, which included a detailed chart outlining their new cybersecurity approach. This strategy lays out activities and capabilities needed to achieve a "targeted" zero-trust environment by 2027, with additional advanced requirements for future implementation.
The urgency to strengthen the U.S. military's defenses is underpinned by alarming data on cyber incidents and global threats. A report from the Government Accountability Office revealed that since 2015, the Department of Defense has faced over 12,000 cyberattacks. Although annual figures have shown a decline since 2017, the increasing cyber capabilities of countries like Russia and China make this initiative timely.
Sherman emphasized that defense organizations could adopt methods to achieve the overarching goal of zero-trust security. However, he stressed that the ultimate objective remained unchanged. He likened this endeavor to a "pick your own adventure" scenario, but with national security implications.
"On Thursday, Sherman declared that when combatant commanders discuss zero trust and when even the chairman of the Joint Chiefs of Staff shares their perspective, it becomes evident that zero trust principles are deeply ingrained in our department's DNA." "The entire system is working together towards this shared objective."
As the Pentagon prepares for this evaluation period, the upcoming weeks will play a crucial role in shaping the future cybersecurity framework of the United States military. Although 2027 may appear distant, time is ticking away. Considering the challenges and threats that exist in cyberspace, the proactive steps taken by the Pentagon represent a stride forward in combating increasingly sophisticated cyber threats.
With "zero trust" now ingrained in both language and practice within the defense establishment, the US military aims to redefine cybersecurity standards for itself and potentially serve as a benchmark for institutions grappling with the complexities of protecting data and systems in this digital era.