GETTY IMAGES / d3sign

The future of cybersecurity in the Pentagon

A comprehensive and robust zero trust strategy must provide a constantly evolving posture that addresses all potential access points. This means understanding the users, their personas, and the devices needed to get the job done. 

With the Department of Defense launching a new zero trust portfolio management office, Zero Trust's evolution from a provisional concept into something much bigger is clear. Although military leadership has always prioritized a proactive security posture, significant breaches within the past year have lit a fire beneath zero trust efforts.  

Given the fundamentally transformative and digital nature of modern battlefields—moving on short notice and communicating with globally deployed troops—traditional security methods no longer suffice. Yesterday’s firewalls and authentication methods can inadvertently grant broad access to move through DOD networks unchecked and undetected.   

The new zero trust-focused office will help centralize the department’s efforts. That includes the joint zero trust architecture between the DOD and the Defense Information Systems Agency, developed with collaboration with the National Security Agency and U.S. Cyber Command. The shared effort creates a mission-focused zero trust cybersecurity reference architecture and demonstrates how the defense space is addressing evolving security concerns. The draft framework aims to limit the effects of malicious activity by instituting strategies built on the principles of "never trust, always verify; assume breach; and verify explicitly." 

The framework’s targeted categorization of technologies and capabilities allows for a defense-specific, comprehensive zero trust plan that continuously assesses risk, reviews access privileges and monitors user and device activity, among further steps when necessary.   

Looking forward while staying agile

A comprehensive and robust zero trust strategy must provide a constantly evolving posture that addresses all potential access points, including those emerging with the rapidly shifting landscape. This means understanding the users, their personas, cloud and network access, and the user devices needed to get their jobs done.   

To cover these devices and applications, zero trust strategies must include comprehensive, continuous monitoring and risk assessment through tools such as secure access service edge (SASE) and its associated elements, cloud access security broker (CASB), zero trust network access (ZTNA) and secure web gateway (SWG).   

A secure access service edge is the backbone of this platform. It helps secure the DOD's networks by providing one solution that supports continuous verification through combined cloud security solutions. SASE enforces security policies by assessing the user and device risk within context. As a result, the SASE platform secures the network regardless of the devices or users requesting access.  

The Defense Information Systems Agency is working to offer SASE capabilities and other identity-based technologies through the Thunderdome program, an effort to assist in transitioning to a zero trust architecture. Thunderdome has seven capabilities that align with the zero trust architecture's seven pillars: user, device, network and environment, application and workload, data, visibility and analytics, and automation and orchestration.  

A cloud access security broker is an element of SASE that performs the vital function of monitoring communications between applications, automatically and continuously scanning for risks and anomalies like unusual access or privilege modifications.  This is an improvement from standard security measures of the past. For example, virtual private networks provide full access to any device that connects to the network. This means that once given access, cybercriminals can move laterally across an organization's infrastructure. However, CASB will be able to detect these anomalies in real time. Real-time rule blocking prohibits the device or user from accessing the network until validated, protecting critical government data.   

A zero trust network architecture is another solution that allows organizations to limit access to private applications—a key factor for the DOD, where the work inherently involves highly sensitive information. ZTNA also gives users seamless and secure public access to otherwise internally-only accessible applications without the need for exposing these apps to the Internet directly. The approach of giving users only access to the applications that they need to perform their job, rather than access to an entire network of applications or devices, follows the principles of zero trust. This approach can help restrict an attacker’s ability to move laterally within the environment if singular user accounts were to be compromised.

A secure web gateway provides yet another layer of network protection by serving as the portal that can safeguard user access to certain sites and networks. By deploying SWG, the DOD can utilize a first-line defense to block access to certain sites and safeguard data with pre-established security policies.

These platforms serve as an overarching solution to help DOD secure data on their networks as targeted threats evolve in sophistication. 

A dedicated strategy for mobile 

To prepare for a zero trust-oriented future, defense leaders must create a comprehensive cybersecurity plan factoring in these elements and addressing the proliferation of mobile devices.   

With one in 15 government employees exposed to phishing threats, and application-specific threats surging nearly twentyfold across all levels of government in 2020, mobile devices are often overlooked by government agencies.   

DOD information technology leaders must educate employees on emerging and increasingly common mobile threats. User education needs to be coupled with robust mobile solutions that offer real-time visibility and protection against threats. 

Scale, scale, scale 

One single agency or branch of the military alone evaluating and disseminating technology is not enough. The scale, cost and depth of skills required for such a large undertaking far exceeds what one branch or organization can—or should—handle alone. 

As with the recent Joint Cyber Defense Collaborative, there must be a large-scale movement within DOD to collaborate and disseminate zero trust practices throughout contractor organizations and private sector companies. In turn, these groups provide their own broader industry expertise in zero trust architecture.  

The cyber threat environment that the DOD faces is daunting as attacks and cybercriminals evolve in complexity. Targeted tactics and vulnerabilities continue to emerge at an alarming rate. Military leaders must be prepared to defend against these threats—and a proper zero trust strategy is critical to mission success.

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.