Integration – not new technology tools – is the linchpin of successful zero trust implementation within the Department of the Navy, according to a senior Navy cyber official.
Scott St. Pierre, director of enterprise networks and cybersecurity at OPNAV N2N6D and a deputy CIO for the Navy, said Tuesday that zero trust success depends on integrating existing systems and data, starting with identity.
“Integration is absolutely critical [to zero trust,]” St. Pierre said during a Jan. 13 event hosted by ThunderCat Technology in Washington, D.C. “At the end of the day, without that integration, we’re never going to be successful.”
St. Pierre said interoperability underpins the Department of Defense’s zero trust strategy as the Pentagon works to implement a zero trust architecture across the entire department by fiscal year 2027.
Under the strategy, defense agencies must meet 91 activities to reach their target level of zero trust, and 152 to achieve an “advanced” zero trust posture.
“It’s further complicated because each solution that we want to implement for zero trust is not a zero trust solution,” St. Pierre explained. “It’s a contributor to zero trust, which probably necessitates that integration.”
At the center of that zero trust effort, St. Pierre pointed to identity.
“Identity is the foundation of that,” he explained. “The real view is trust no one, verify everything, and it starts with identity.”
The Navy, he said, has already moved beyond basic username-and-password models after recognizing its limitations with identity. According to St. Pierre, the service is moving from two-factor authentication to multi-factor authentication, “whether it be biometrics” or other methods that enable continuous verification.
That identity-first approach must operate at an immense scale. St. Pierre said there are approximately 750,000 users across more than 850 Navy subcommands, spanning operations afloat and ashore – including submarines that may operate for long periods with limited connectivity.
“It’s global … we have to be able to reach it from Pakistan or from over in the Arabian Gulf,” he said, noting that identity services must function globally 24/7.
“We need to simplify, not further complicate, the complexity that we already deal with every day. And again, the key to that is integration,” St. Pierre said. “If we don’t bring the right people together, if we don’t ensure that we’re taking a holistic view, we’re going to continue to further complicate what is already a complex ecosystem.”