DOD Aiming to Implement Zero Trust Enterprise-Wide by 2027, CIO Says

The Department of Defense is committed to implementing zero trust across its enterprise by 2027, a top technology official said.

Zero trust is a modern cybersecurity architecture where no user or machine is trusted by default. It is a key element of President Joe Biden’s May 2021 executive order on modernizing federal cybersecurity.

DOD Chief Information Officer John Sherman, a speaker at a past Potomac Officers Club event and a 2022 Wash100 winner, said that people familiar with zero trust could attest to the difficulty of meeting the five-year deadline, FedScoop reported Wednesday.

However, the Pentagon has no choice but to move swiftly to keep up with adversaries’ evolving capabilities, he added.

Sherman said that his subordinates in the DOD are developing a comprehensive strategy for implementing zero trust across all levels of information technology.

“We’re taking this very seriously and we are committed to implementing zero-trust at scale for the four million-person-plus enterprise that we lead,” Sherman said, adding that the strategy might be ready by October.

In an interview with FedScoop, Sherman said the DOD urgently needs to address cybersecurity concerns resulting from its “technical debt.”

A homeland security official previously identified aging IT systems as major roadblocks for agencies seeking to adopt zero trust.

Robert Costello, CIO of the Cybersecurity and Infrastructure Security Agency, said legacy systems often do not fit into zero trust models or have prohibitively high maintenance costs.