As the deadline quickly approaches for the military services to submit their respective zero trust execution plans, one thing is clear: the services are aggressively pushing to reach their zero trust goals. However, cyber experts across the military services agree that they must remain smart as they make moves toward their zero trust goals.
“Cybersecurity is a complex mechanism and while we are aggressively moving on our zero trust goals, we still need to make sure we are smart about where we make investments in cybersecurity and implementing zero trust principles,” Wanda Jones-Heath, principal cyber advisor for the Department of the Air Force, said during day three of the Billington Cybersecurity Summit.
In late 2022, the Department of Defense (DoD) released its zero trust strategy and roadmap outlining how the agency plans to fully implement a department-wide zero trust cybersecurity framework by fiscal year (FY) 2027.
As part of the strategy, individual zero trust execution plans from DoD organizations are due to the DoD Office of the Chief Information Officer by Sept. 23, 2023. Evaluations of the individual execution plans will take place between October and the holiday period.
Chris Cleary, the principal cyber advisor for the Department of the Navy, further explained that zero trust is not a rip-and-replace strategy. So, in addition to making smart investments the military services need to implement “building blocks” in their zero trust plans to reach the department’s 2027 goal.
“There is no one product that we can purchase to achieve the department’s 2027 zero trust goals. It’s a journey, not a product, so, different steps need to be taken to implement different zero trust principles,” Cleary said.
However, while the department sees 2027 as its goal date, this does not mean the zero trust journey ends. The cyber threat landscape is ever-evolving, and adversaries will continue to evolve. The department needs to continue implementing zero trust capabilities.
“[As a service] we are aggressively moving to implement zero trust goals, but in this strategy, we have to remember that just because we are implementing a new strategy, it does not mean that adversaries will suddenly stop trying to attack our network,” said Michael Sulmeyer, the principal cyber advisor for the U.S. Army.
Sulmeyer added that for the Army, any investment that is made in reaching the department’s zero trust 2027 goal must be implemented at scale.