DOD to Launch Zero Trust Implementation Office in December

The Department of Defense will formally launch a new zero trust implementation office sometime in December, a top department official said.

Zero trust is a modern cybersecurity model that operates under the assumption that a threat is already inside a network’s security perimeter. The architecture will not trust any user based solely on its physical or network location or its asset ownership, according to the National Institute of Standards and Technology.

David McKeown, chief information security officer at the Pentagon, said during C4ISRNET’s CyberCon event that the zero trust portfolio management office will fall under the DOD’s chief information officer, C4ISRNET reported Thursday.

The CISO added that the DOD should be capable of detecting internal compromises such as the SolarWinds cybersecurity intrusion that was discovered in late 2020.

“We’ve redoubled our efforts, we’ve fought for dollars internally to get after this problem faster,” McKeown said.

Early in October, another senior DOD official explained that the shift to zero trust will require the retirement of aging systems that are expanding the department’s attack surface.

Kelly Fletcher, an official carrying out the duties of the DOD chief information officer, said that the move will increase confidence in the new architecture across the department.

She added that the adoption of zero trust will require a change in mindset among the DOD’s analysts away from perimeter-focused security.

Zero trust is a key element of president Joe Biden’s May 12 executive order seeking to modernize the federal government’s cybersecurity posture in the wake of SolarWinds and other high-profile hacks.