Department of Defense Chief Information Officer John Sherman speaks at the 14th annual Billington CyberSecurity Summit (Photo courtesy of Billington CyberSecurity Summit)
WASHINGTON — Within weeks the Pentagon will begin reviewing zero trust plans from each of its components to make sure they align with the department’s vision of fielding a “targeted” level of zero trust by fiscal 2027, the department’s chief information officer (CIO) said today.
“So next month, we’re getting their plans… [from] not only military services, but all the different components,” John Sherman said today at the Billington CyberSecurity Summit. “So I’d suspect each of the components — matter of fact I know they are — are taking a little bit different path to get there. So that’s a very important milestone coming out here next month to get these plans and start to assess them.”
Sherman said that the assessments will be led by Randy Resnick, director of the zero trust portfolio management office within the CIO. Resnick’s team will “be reviewing what these plans look like, consistent with what we’ve laid out with… the 91 capabilities to get to targeted zero trust by 2027,” Sherman added.
DoD released its zero trust strategy last November outlining what it would take to achieve what it called a “targeted” level of zero trust, or a required minimal set of 91 activities DoD and its components need to achieve by FY27, to address threats, including those posed by cyberspace adversaries like China. An additional 61 activities outlined in the strategy will get the Pentagon to a more “advanced” level of zero trust later.
The 29-page strategy painted a concerning picture for DoD’s information enterprise, which is “under wide-scale and persistent attack from known and unknown malicious actors,” from individuals to state-sponsored adversaries, specifically China, who “often” breach the Pentagon’s “defensive perimeter.”
“With zero trust we are assuming that a network is already compromised and through recurring user authentication and authentic authorization, we will thwart and frustrate an adversary from moving through a network and also quickly identify them and mitigate damage and the vulnerability they may have exploited,” Resnick told reporters ahead of the strategy’s release.
In June, Resnick said it was proving “hard to orchestrate” each military service’s individual zero trust efforts into something cohesive. As a result, DoD started doing weekly “huddles” and larger monthly meetings with the services and “communities of interest” in an effort to educate them on how to execute the department’s vision outlined in its zero trust strategy.
At the time, Resnick described the meetings as “deep dives into the technology and successes that some of our folks in the DoD have achieved up to this point.”
ROC-X – The solution to organic precision strike capabilities
At AUSA Global Force 2024, IAI will present integrated, AI-driven combat systems – both manned and unmanned – that are opening new opportunities on the battlefield.
Why Xi created a new Information Support Force, and why now
“What does seem clear at this point is that the PLA recognizes that its reforms and modernization efforts are an ongoing effort, which will require further adjustments,” author Dean Cheng writes.
