Vice Adm. Nancy Norton
Zero Trust Model Assumes DOD Networks Hostile, DISA Chief Says
Vice Adm. Nancy Norton, director of the Defense Information Systems Agency and commander of the Joint Force Headquarters Department of Defense Information Network, said the COVID-19 pandemic accelerated a “cybersecurity paradigm shift.”
Speaking at AFCEA International’s 2020 TechNet Cyber virtual event, the Wash100 awardee indicated that DOD's zero trust model presupposes that the agency’s networks, both internal and external, are unfavorable, Nextgov said Thursday.
The agency has finished the initial draft of the zero trust reference architecture, a set of guidelines designed to change the organization’s cybersecurity protocols outside of traditional perimeter defense operations.
In an email response to Nextgov, Joseph Brinker, chief for DISA’s security enablers portfolio, said the draft was finished in October and was released for staffing throughout the department as part of the DOD chief information officer’s “formal enterprise architecture content review, assessment and approval process.”
The final approval will take place after all the input is dealt with, which is seen to be completed by mid-2021, he added.
Michael Daniel, president and CEO of the Cyber Threat Alliance, said he looked forward to the complete architecture.
“Like with so many things, zero trust is a tool,” he said in a recent interview with Nextgov. “It will not solve all the problems but certainly it will get at a class of problems that have been typically difficult to solve.”
According to Norton, the agency is not interested in acquiring a “box of zero trust.” DISA and DOD instead will examine the tools and configurations they have and determine how to align them to develop a cybersecurity posture consistent with zero trust principles.
DISA issued the first annual refresh of its strategic plan listing a vision for the agency through 2022, and included in the latest technology road map is the zero trust model.
The road map indicates that the organization is tasked to define the zero trust reference architecture and develop a policy test and implement the capability.
Category: Popular Voices
Tags: cybersecurity Defense Information Systems Agency Department of Defense DISA Joseph Brinker Michael Daniel Nancy Norton Nextgov Popular Voices zero trust architecture