- The U.S. Department of Defense’s zero trust strategy has been published and defines a roadmap for its plan on how to achieve a new level of cybersecurity.
- The strategy lays out the U.S. Department of Defense’s approach to achieve zero trust and to keep critical data secure.
- Zero trust is a new model for cybersecurity defenses and it is entirely based on the idea that networks are always at risk.
The U.S. Department of Defense’s zero trust strategy and roadmap were published by the chief information officer. The strategy gives the public a fresh look at its plan to achieve a new level of cybersecurity.
The need for zero trust approach
The Department of Defense says on its website that today’s and future cyber threats and attacks have driven a need for a zero-trust approach. The department adds that its information systems are on a wide scale and continuous attacks from known and unknown malicious actors.
According to the strategy report, the Department’s most significant strategic and advanced competitor is the People’s Republic of China. The other state-sponsored adversaries and individual malicious actors also often breach the Department’s defensive barriers and wander freely within the information systems.
The new zero-trust security philosophy will eliminate the traditional idea of defenses, trusted networks, devices, personas, or processes. It requires designing a more efficient architecture that increases security as well as the user experience, and overall mission performance. It is a new paradigm for cybersecurity and it is entirely based on the idea that networks are always at risk. The practice is often defined as “never trust, always verify”.
Adopting a more agile cybersecurity defense
Zero trust uses repeated multi-factor authentication, micro-segmentation, advanced encryption, endpoint security, analytics, and robust auditing as well as protecting data, applications, assets, and services to deliver strong cyber security. The Department is adopting a more agile, more mobile, cloud-supported workforce, collaborating with the entirety of DoD enterprise, including federal and non-federal organizations and mission partners working on a variety of missions.
The Zero Trust strategy will decrease the attack surface, reduce risk, offer opportunities to manage the full range of risks such as policy, programming, execution, and cybersecurity, and enable more effective data-sharing in collaborative environments. If a device, network, user, or credential is compromised, the fixing will be handled more quickly. The framework defines four strategic goals;
- Zero trust culture adoption
- DoD information systems secured and defended
- Technology acceleration
- Zero trust enablement
The strategy also touches on the seven DoD Zero Trust Pillars, which is the basis for the strategy’s roadmap:
The U.S. Department of Defense aims to implement the zero trust strategy and its activities by 2027.