Perimeter-based cybersecurity, long abandoned by the private sector, is finally seeing the end of days within the Department of Defense (DoD). While the DoD has adopted zero trust cybersecurity strategy in pockets across its IT infrastructure, a new official roadmap was announced last week standardizing the new approach across all branches.
The new zero trust initiative announced by the DoD calls for the Pentagon to fully implement the new strategy by the fiscal year 2027.
Randy Resnick, director of the zero trust portfolio management office at the Defense Department commented last week on the initiative.
“With zero trust we are assuming that a network is already compromised. And through recurring user authentication and authentic authorization, we will thwart and frustrate an adversary from moving through a network and also quickly identify them and mitigate damage and the vulnerability they may have exploited,” Resnick said.
He continued, “And through recurring user authentication and authentic authorization, we will thwart and frustrate an adversary from moving through a network and also quickly identify them and mitigate damage and the vulnerability they may have exploited.”
Zero trust networks assume that the network has already been compromised. They frequently challenge the user on the network to authenticate when accessing disparate information that they need for their jobs, instead of authenticating once.
They also support the new reality of remote and hybrid working and de-emphasize the requirement of legacy virtual private network (VPN) connections.
By forcing the user to authenticate and utilize multifactor authentication (MFA), it significantly reduces the chance of an attacker moving laterally across the network. It also decreases the ability for evading detection and privilege escalation.
The DoD and the supporting defense contractor industrial base has been the target of more than 12,000 cyberattacks since 2015, according to a report by the Government Accountability Office (GAO).
The DoD is taking many initiatives to bolster its defenses—both within technology adoption as well as changing the way it recruits talent.
Last week, the DoD urged defense contractors to launch cybersecurity apprenticeship programs to help narrow the cyber skills and employment gap within its branches and agencies.
The full roadmap is available on the DoD CIO website in PDF format.
