DOD Preparing for Creation of Zero Trust Program Office

The Department of Defense is taking preparatory steps to establish its zero trust program office within the fall, an official said.

Kelly Fletcher, a senior official carrying out the duties of the DOD chief information officer, said the department is currently retiring aging systems to reduce its attack surface, Federal News Network reported Thursday.

“What we’re trying to do really is harvest savings from pivoting from our old architecture to our new architecture, and I think that’s going to drive some trust throughout the department,” Fletcher said during the Billington CyberSecurity Summit.

She said the Defense Information Systems Agency is providing enterprise services for the DOD’s zero trust effort, adding the military services are establishing their own zero trust measures.

Fletcher said that zero trust adoption will require a change in mindset among the department’s security analysts.

She said they will need to operate under the assumption that the threat is already inside the network’s security perimeter, which is a key tenet of the zero trust security architecture. “If you assume the robber’s in the house, that changes how you protect your valuables,” Fletcher added.

Zero trust is a core element of President Joe Biden’s May 12 executive order seeking to modernize the federal government’s cybersecurity posture.

In September, the Cybersecurity and Infrastructure Security Agency released a draft of its Zero Trust Maturity Model, a roadmap designed to help government agencies transition to the modern architecture.

The Office of Management and Budget issued a complementary draft zero trust federal strategy, which directs federal civilian agencies to prioritize key security outcomes and set baseline and technical requirements.