Cybersecurity
DOD CIO Announces Plan for Dedicated Zero Trust Office
David McKeown, the Department of Defense’s chief information security officer, said he wants to establish an office responsible for accelerating the agency’s adoption of zero trust.
A zero trust security model operates as if a threat has already breached the perimeter and limits access to information for even users on the inside.
McKeown told the Senate Armed Services Committee’s cybersecurity subcommittee that his proposed zero trust portfolio management office would provide “critical centralization and orchestration” for the DOD, C4ISRNET reported.
In his written testimony, McKeown said the office would be tasked with “consolidating” network administration and cybersecurity experts to facilitate the transition to the new security architecture.
The DOD is already implementing a new enterprise-wide identity, credential and access management tool provided by the Defense Information Systems Agency, according to the CISO.
McKeown said the DOD considers users, applications, workloads, devices, data, networks and infrastructure, visibility, analytics, automation and orchestration as the “pillars” of zero trust.
Chris Howell, co-founder of software company Wickr, previously praised the DOD as a leader in the implementation of zero trust in the federal sector.
He said the DOD has long been practicing zero trust in some way and now just needs to bundle its existing security practices into one formal methodology.
The National Security Agency issued a cybersecurity information sheet in February to guide defense agencies and contractors on how they can establish a zero trust network architecture.
The seven-page document included guidance on enhancing the security of national security systems, networks used by the DOD, systems employed by federal contractors and other critical networks.
Category: Cybersecurity