With cybercriminals becoming more sophisticated at disguising themselves as legitimate network users, a top Defense Department (DoD) IT official said this week that the Pentagon’s move to zero trust security architectures gives the agency a “fighting chance” to detect and eject hackers before they can do much damage.
David McKeown, deputy CIO for Cybersecurity at DoD, advocated for the agency’s ongoing move to zero trust security based on the premise that attackers will inevitably find their way into the network, but that their forays won’t accomplish much in the face of zero trust defense that aims to trust nobody, and verify everything including users, devices, and standing access privileges.
That’s a different concept, he explained, from more traditional cyber defenses which focused more on protecting network perimeters.
“Very often under this perimeter-based cybersecurity architecture, once hackers penetrate that outer perimeter, they are on the network and can move around freely before we can detect them,” McKeown said at C4IRNET’s CyberCon event on November 10.
“We must evolve our thinking because the enemy could be on our network right now,” he urged, adding, “we must operate as though they are, and secure or network as though they are.” Using zero trust concepts, McKeown said DoD has “set up security inside of the perimeter to detect a large number of anomalous behavior and quickly react to them.”
The DoD’s current zero trust strategy stands on seven pillars: data, users, secure devices, conditional access, segmented servers, segmented applications, and automation and orchestration.
When securing data, the strategy is to ensure appropriate permission-based access to the data, the deputy CIO said, based on constant verification of user identity and credentials. The department is also ensuring that all devices are secure, and implementing conditional access at a lower level to non-secure devices.
By segmenting servers and applications, the department is not loading tons of apps on a single server, McKeown explained, in order to make sure that cybercriminals don’t get access to every other application and the associated data if one app becomes compromised.
Automation and orchestration, McKeown added, are key elements to early detection and response. By logging everything in the environment and performing analytics using AI and other methodologies, DoD can orchestrate different responses to possible threats.
“If a signature-based perimeter defense does not catch something now, we do not detect the anomalous behavior inside our environment. So that logging and the analytics is key to detecting something bad is going on,” he said.
To accelerate the department’s adoption of zero trust concepts, McKeown and his team proposed a zero trust portfolio management office that would provide a “critical centralization and orchestration” for DoD, he said.
In addition, he highlighted that while zero trust has become somewhat of a buzzword today, it is not a brand new concept.
“The concept of zero trust has been around for a while,” McKeown said. “But as we continue to be attacked by persistent adversaries who have gotten more sophisticated. We have had to double our efforts, and zero trust is the only solution out there right now that gives us a fighting chance at detecting these folks that may have a foothold on our network.”