Zero trust has emerged as one of the biggest buzzwords in cybersecurity in recent years. Many organizations are looking to implement a zero trust architecture, and zero trust has become a core part of the DoD’s security strategy.
This blog is the first of a three-part series exploring the impacts of zero trust in the Defense Industrial Base (DIB). This article provides an introduction to zero trust and its role in the DoD.
What is Zero Trust?
Zero trust is a security model designed to address the limitations of the traditional, perimeter-focused approach to cybersecurity. Under this older model, security solutions were primarily deployed at the edge of the corporate network and attempted to block threats or sensitive data from crossing this boundary. However, this approach to security left an organization blind to threats inside the perimeter and was increasingly ineffective as cloud adoption and remote work dissolved the perimeter.
A zero trust security model mandates that all access requests for corporate resources be individually validated. By eliminating the implicit trust granted to insiders under the perimeter-based model, zero trust improves an organization’s internal security visibility and its ability to detect and respond to potential threats.
The DoD Zero Trust Strategy
Zero trust has become an area of focus for many organizations because it provides them with the tools needed to protect against a growing range of sophisticated cyber threats. By making security and access management more granular, zero trust prevents threats from slipping through the cracks.
The DoD is embracing zero trust for much the same reason. In late 2022, it released its Zero Trust Strategy and Roadmap defining its strategic goals for a zero trust cybersecurity framework to be implemented by 2027.
The DoD’s strategic roadmap for zero trust centers around four high-level strategic goals, including:
- Zero Trust Cultural Adoption: All DoD personnel understand the zero trust principles and work to implement them within the DoD.
- DoD Information Systems Secured and Defended: DoD security systems are redesigned and updated to implement a zero trust security model.
- Technology Acceleration: The DoD will keep pace with technological improvements in the field of zero trust.
- Zero Trust Enablement: DoD processes, policies, and funding are aligned with zero trust principles and strategies.
The Seven Pillars of Zero Trust
As part of its Zero Trust strategy, the DoD also defines seven pillars of zero trust. These include:
- Users: Zero trust involves continually monitoring, authenticating, and auditing users’ activities while ensuring the legitimacy and security of all user interactions.
- Devices: Risk and access decisions should involve devices’ health and status, including real-time assessment, inspection, and patching.
- Applications and Workloads: Containers and virtual machines’ security should include everything from applications to hypervisors.
- Data: Enterprise infrastructure, standards, applications, end-to-end encryption, and data tagging should enhance and secure data visibility and security.
- Network and Environment: Networks should have granular security enabled by micro segmentation and granular access controls and policies.
- Automation and Orchestration: AI and automation technologies should be used to speed and enhance threat detection and response based on defined processes and security policies.
- Visibility and Analytics: AI/ML models trained on events, activities, and behaviors should be used to enhance access decision-making and incident response.
Conclusion
Zero trust has become a central component of the DoD’s cybersecurity strategy. Understanding what zero trust is – and the DoD’s interpretation of it – will be essential to the future of government contracting. Additionally, the DoD’s “Technical Acceleration” strategic goal provides opportunities for vendors looking to meet the DoD’s zero trust needs.
This is the first piece in a three-part series exploring zero trust and the DIB. Keep an eye out for future pieces explaining the “why” and “how” of zero trust and how to more quickly achieve your organization’s zero trust goals with help from Performance Defense and EDGE 5G-XTM.