\u201cIf we compare this to our home security, we can say that we traditionally lock our windows and doors, and that only those with a key can gain access,\u201d Randy Resnick, the director of the zero trust portfolio management office, told reporters Nov. 22. \u201cWith zero trust, we have identified the items of value within the house and we\u2019ve placed guards and locks with each one of those items inside the house, as well.\u201d<\/p>\n
Unlike older cybersecurity models, zero trust assumes networks are always at risk or are already compromised. As a result, continuous validation of users, devices and access is required. Pentagon\u00a0Chief Information Officer John Sherman<\/a>\u00a0has likened it to trusting \u201cno one or no thing.\u201d<\/p>\n The transition to segmentation and inherent distrust comes as the U.S. prepares for a potential fight against China or Russia \u2014 world powers with histories of cyber aggression. Russia has deployed cyberattacks against Ukraine in its latest invasion, Western authorities say, and China leverages the digital domain to siphon intellectual property for its own gains.<\/p>\n The Defense Department has since 2015 experienced more than 12,000 cyber incidents, with yearly totals steadily declining since 2017, according to\u00a0a Government Accountability Office evaluation<\/a>. The federal government in early October said hackers infiltrated a defense industrial base organization, maintained \u201cpersistent, long-term\u201d access to its network and absconded with sensitive data. The victim \u2014 most likely a defense contractor \u2014 was not named.<\/p>\n \u201cCyber threats and attacks are evolving at an ever-increasing pace and requiring a coordinated, defensive response that is adaptive, flexible, and agile,\u201d the zero-trust strategy states. \u201cTraditional perimeter or \u2018castle-and-moat\u2019 security approaches based on conventional authentication and authorization models do not work effectively to thwart current (and future) cyber-attack vectors.\u201d<\/p>\n Defense officials previously imposed a five-year deadline to implement zero trust. The strategy maintains the fiscal 2027 timeline, which\u00a0cybersecurity leaders<\/a>\u00a0described as challenging but important.<\/p>\n \u201cImplementation of our zero-trust goals, to include educating every corner of the department, is an ambitious undertaking,\u201d acting Principal Deputy Chief Information Officer David McKeown said. \u201cWe recognized that from the beginning, and that has driven our pace and informed our strategy.\u201d<\/p>\n The Defense Information Systems Agency in late July extended\u00a0a zero-trust agreement known as Thunderdome\u00a0<\/a>with Booz Allen Hamilton, the 22nd largest defense contractor in the world by revenue, according to a Defense News analysis.<\/p>\n DISA at the time cited lessons learned from Russia\u2019s attack on Ukraine and the need to further harden the Secure Internet Protocol Router Network, or SIPRNet, a means of relaying secrets.<\/p>\n DISA, the Pentagon\u2019s lead IT agency, in January\u00a0awarded Booz Allen<\/a>\u00a0the $6.8 million contract to develop a Thunderdome prototype. The subsequent extension stretches the pilot to a full year, with completion now expected at the start of 2023.<\/p>\n The Defense Department in 2021 decided to sunset Joint Regional Security Stacks in favor of the zero-trust Thunderdome approach, C4ISRNET reported.<\/p>\n![\"\"](\"https:\/\/www.fie.undef.edu.ar\/ceptm\/wp-content\/uploads\/2022\/12\/VEAL3MWMW5B6TAQB24LGLQ5BWE.webp\")