Department of Defense

DOD Leads Zero Trust Adoption Across Federal Government

The Department of Defense is leading the implementation of zero-trust architecture across the federal sector having already adopted some of the necessary security practices, including segmented user access to information and disparate systems.

The DOD’s pursuit of zero trust was recognized by Wickr co-founder Chris Howell, who said in a recent interview that in many ways, the agency has long been practicing zero trust and now it just needs to bundle its existing security practices into one formal methodology.

However, Ben Johnson, a former National Security Agency cyber operator and co-founder of cloud security firm Obsidian, believes that the DOD could face challenges in its quest to formally implement zero trust, particularly in terms of addressing the complexity of centralizing network traffic, FedScoop reported.

In an interview with the publication, Johnson explained that networks must be structured to fully incorporate zero-trust principles. He noted that while the modifications need not be implemented all at once, the goal is to reach a point where zero-trust is being applied to networks by default.

In addition, Johnson said the DoD needs to retrain its network users to adjust to reduced network privileges that come with the shift to a zero-trust model.

“When you have humans in the loop it just changes the number of time requests and credentials can take,” Johnson told FedScoop.

The increasing importance placed on zero trust comes as the Defense Information Systems Agency announced plans to publish a reference architecture guide for defense agencies to move to a zero-trust operating model.

Speaking at a recently concluded AFCEA conference, Vice Adm. Nancy Norton, DISA director and one-time Wash100 winner, said the agency aims to have a model capable of meeting new security needs as threats evolve.