Hello, Guest!

Defense and Intelligence

NSA to Simulate Attacks to Test Zero Trust Offerings of JWCC Contractors

Cloud security

NSA to Simulate Attacks to Test Zero Trust Offerings of JWCC Contractors

Red team hackers from the National Security Agency will perform simulated attacks on zero trust security systems on cloud platforms owned by Joint Warfighting Cloud Capability contractors.

According to Randy Resnick, the director of the Department of Defense Zero Trust Portfolio Management Office, the months-long exercise will mimic adversarial attacks to see if hackers could get in and exploit data. He shared during a Billington Cybersecurity webcast that the exercise would allow the Pentagon to see if the companies’ zero trust overlays are implemented correctly.

The official believes that the four companies will achieve the basic target level for cloud-based zero trust while at least one of the companies would reach an advanced level.

The red team, which may include hackers from the U.S. armed forces, will target the zero trust overlays owned by Amazon Web Services, Google, Microsoft and Oracle. The activity, which is not a requirement for JWCC, will start in the spring, Breaking Defense reported Thursday.

Zero trust is a cybersecurity principle that assumes that every user is hostile, hence the need for constant authentication. According to Palo Alto Networks, implementing zero trust on the cloud could eliminate some security concerns, such as data loss and leakage, data privacy and control issues.

JWCC is a $9 billion, multiple-award, indefinite-delivery/indefinite-quantity contract vehicle that allows the Pentagon to acquire commercial cloud capabilities and services directly from the four CSPs.

Potomac Officers Club Logo
Become a Potomac Officer Club Insider
Sign up for our weekly email & get exclusive event, and speaker updates, and find networking opportunities to connect with GovCon decision makers.