'Zero Trust' Architecture Could Prevent Adversary Data Theft, Protect Warfighters

View Online 'Zero Trust' Architecture Could Prevent Adversary Data Theft, Protect Warfighters Feb. 26, 2025 | By C. Todd Lopez Without the right level and right kind of cybersecurity architecture in place, adversary nations will continue to infiltrate U.S. military and partner networks, including contractors within the defense industrial base, and steal important information, which may include details on weapons systems.  The Defense Department's Zero Trust architecture, expected to reach "target level" implementation in fiscal year 2027, will protect military networks from adversaries. By that time, DOD anticipates having implemented 91 of the 152 target activities that were identified in the department's Zero Trust Strategy and Roadmap, which was released in 2022.  A Zero Trust architecture is one that assumes no one who uses the network can be trusted. In such a setup, users might be allowed access only to information and applications they are authorized to use. Past network security might have put a wall around the whole network, and once inside, a user would have free rein within the system. In a Zero Trust environment, users must regularly prove they are authorized to see and interact with data, applications and resources.  With just over 2.5 years left before fiscal year 2027, the department has made progress toward reaching its Zero Trust goals — but more has to be done, said Marine Corps. Col. Gary Kipe, chief of staff of DOD's Zero Trust Portfolio Management Office.  "We have 31 months until we hit FY27," Kipe said Feb. 19, 2025, during the Zero Trust Summit in Washington. " the latest analytical review of the implementation plans that we have received back from across the enterprise, we're doing well, but we're not anywhere close to being done." According to the Zero Trust PMO, current data shows that across all 58 components, 14% of target level Zero Trust activities have been completed across DOD.  Two areas where Kipe said the department needs to get ahead, and soon, involve implementation of a federated identity, credential and access management, or ICAM, solution as well as adoption of data tagging standards and their implementation.  "If we don't have that, we're going to get all the way to the end and not have the final push across the finish line," he said.  A data tagging and labeling standard is a structured framework that defines consistent metadata, classification and access-control attributes for actors across the enterprise. When data owners appropriately tag data, it becomes possible for appropriate data access controls to be put in place. A federated ICAM solution allows the identities of users to be centrally managed to ensure authorized and authenticated access across DOD platforms.  According to the Zero Trust PMO, several funded efforts are underway to advance both a federated ICAM solution and a data tagging and labeling standard.  While Zero Trust is meant to protect Defense Department networks, it's not just about protecting data. It's also about protecting those who use and depend on data, including warfighters.  "Zero Trust ensures warfighters receive secure, real-time mission data while denying adversaries access to critical systems, even if networks are compromised," Kipe said. "By enforcing continuous authentication and microsegmentation, it prevents unauthorized access, insider threats and cyberattacks from disrupting operations. This means faster, more reliable intelligence, communications and logistics, directly enhancing combat effectiveness and survivability in contested environments."

ABOUT   NEWS   HELP CENTER   PRESS PRODUCTS

Unsubscribe | Contact Us

 

This email was sent to sajanram1986.channel@blogger.com using GovDelivery Communications Cloud on behalf of: U.S. Department of Defense 1400 Defense Pentagon Washington, DC 20301-1400