Navy to Shift Cybersecurity to Zero-Trust Model, CISO Says

The Navy plans to shift its cybersecurity architecture to a zero-trust model to better defend its networks, according to a top official. 

Navy Chief Information Security Officer Aaron Weis, a past Potomac Officers Club event speaker and a 2020 Wash100 awardee, said the Navy will conduct the effort under the assumption that its networks have already been penetrated. 

Zero-trust security architectures are modeled to operate as if users have already breached perimeter, limiting access to information for even users on the inside.

“It is an exciting time as priorities have shifted,” Weis said during the Nutanix Cloud Together Summit 2020 produced by FedScoop. 

Weis said the Navy is primed for the shift as it already began accelerating its IT modernization efforts over the course of the coronavirus pandemic. 

In the early days of the crisis, the Navy deployed a telework platform that is now transitioning to an “enduring telework capability” with Microsoft Office. 

Weis said the move towards a zero-trust model will take time and will require existing perimeter defenses to remain in place. 

He added that the Navy needs time to set up its networks to be able to monitor all traffic – not just ones at the edge when users log in. “That is something that is starting, but it won't happen overnight,” he said. 

The zero-trust model was first proposed in 2010 and has since been recommended by Congress and the Defense Innovation Board. 

A review of a 2015 breach of the Office of Personnel Management pushed the government to speed up its adoption of the security model. 

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Speaker News

Join Us Now