Automation is emerging as a key enabler in the Department of Defense’s (DoD) push toward creating zero trust security architectures, allowing for faster threat remediation and reduced operational burdens.
DoD released its Zero Trust Strategy in 2022 with the goal of implementing a department-wide zero trust architecture by fiscal year 2027. This “target level” goal requires meeting 91 distinct security capabilities, while a more “advanced” zero trust posture calls for a total of 152 capabilities. The strategy is rooted in the assumption of persistent threats and the necessity of verifying every user and device across the network.
A critical element of the strategy is the ability to rapidly detect and remediate risks so that affected assets can securely regain access.
Lt. Col. Jason Carter, operations officer at the Marine Corps Cyberspace Operations Group (MCCOG), today highlighted automation and artificial intelligence (AI) as essential tools to offset limited human and technological resources.
“We have millions of alerts daily,” Carter said during a GovExec event on May 28. “Just think of the scale over a week or a month – noncompliance, anomalous activity, adversarial threats – and you simply don’t have the personnel to manually address them all.”
But Carter further emphasized that many of these alerts do not require a human response, particularly those linked to low-risk anomalies. Automation, he said, allows playbooks to run autonomously, blocking or mitigating threats without human intervention.
“We apply automation where it’s low risk,” Carter noted. “As you move up the risk spectrum, that’s when you need to include humans in the loop to ensure we’re addressing concerns appropriately.”
Expanding Automation to OT
While the current DoD zero trust strategy primarily focuses on IT systems, automation is expected to play a key role in the department’s upcoming zero trust strategy for Operational Technology (OT). That initiative is slated for release in late summer.
Daryl Haegley, Technical Director for Control Systems Cyber Resilience at the U.S. Air Force, pointed to the high potential for automation in the OT space.
“OT doesn’t vary that much,” Haegley said. “It’s supposed to operate within specific parameters and shouldn’t deviate. That makes anomalous behavior relatively easy to detect with the right tools.”
Haegley added that OT networks can benefit significantly from partner-enabled intelligence and automation, helping to identify and respond to threats in systems that traditionally lacked robust cybersecurity measures.