Zero Trust

May 2, 2022
By John Greenstein, General Manager of Public Sector, Bluescape

While improved service delivery and return on investment are top-of-mind procurement objectives when choosing a Software as a Service (SaaS) partner, federal agencies must equally prioritize “security first” measures to ensure vulnerable legacy systems are protected in today’s digitally dominated climate.

April 28, 2022
By George I. Seffers
Stephen Wallace, chief technology officer and director of DISA’s Emerging Technology Directorate, shown during a session of TechNet Cyber 2022, told reporters during a media roundtable at the conference that his organization already is evaluating future capabilities for the next generation of Thunderdome. Photo by Michael Carpenter

The Defense Information Systems Agency (DISA) is still in the prototyping stage with its zero-trust solution but already is looking ahead to the next version.

Thunderdome, the prototype being developed by Booz Allen Hamilton under a six-month contract awarded in January, is DISA’s solution for implementing zero-trust cybersecurity. It is a comprehensive effort requiring cooperation across the agency, as well as with the military services, combatant commands and others.

April 26, 2022
By George I. Seffers
Recent lessons learned from the Defense Information Systems Agency's Thunderdome program include the need to move more quickly to implement zero trust on the Defense Department's classified network known as SIPRNet. Credit: ArtemisDiana/Shutterstock

The U.S. Defense Information Systems Agency (DISA) intends to double down on the security of its classified networks in the coming months as it experiments with the zero-trust prototype known as Thunderdome.

Julian Breyer, DISA’s senior enterprise and security architect, reported a change in priorities while discussing Thunderdome during a panel session at AFCEA’s TechNet Cyber conference in Baltimore, April 26.

April 26, 2022
By Nuray Taylor
Credit: enzozo/Shutterstock

By the end of 2022, leaders at the Defense Information Systems Agency (DISA) anticipate having a production decision as part of its zero-trust prototype officials call Thunderdome, Brian Hermann, director of the agency’s Cyber Security and Analytics Directorate, said during a micro-keynote session Tuesday during AFCEA’s annual TechNet Cyber conference, taking place April 26-28 in Baltimore. 

April 1, 2022
By George I. Seffers
The Defense Information Systems Agency created teams with representatives from across the agency to help define its zero trust-solution known as Thunderdome. By enhancing interagency communication and operation, the approach may change the way DISA does business.  Tartila/Shutterstock

Thunderdome, the Defense Information Systems Agency’s zero-trust solution, may enhance cybersecurity while also transforming the way the agency does business.

March 10, 2022
By George I. Seffers
Netflix’s Simian Army of software production tools offers a potential model for the Defense Department to mimic. Credit: Wiratchai wansamngam/Shutterstock

The U.S. Department of Defense might learn a thing or two about the software-defined world from non-defense industry companies such as Netflix and Mazda, Jason Weiss, chief software officer, U.S. Defense Department, recently suggested to the AFCEA Cyber Committee.

Weiss, who serves on the committee, relayed an incident from Mazda that he said keeps him up at night. The incident was reported by BBC News in a February 10th article.

March 8, 2022
By James Stanger
Workforce education seems to be the secret weapon organizations use to successfully implement zero trust. Credit: Stuart Miles/Shutterstock

This article is part of a series that explores zero trust, cyber resiliency and similar topics.

Over the past year or so, I’ve discovered the secret weapon that IT leaders of various U.S. government entities have deployed as they implement zero trust architectures. Their first step has been to create a comprehensive educational pathway for their workers. This is because no one can implement zero trust alone.

Zero trust: Only education can move you forward

February 22, 2022
By Dan Schulman
The Office of Management and Budget mandates that agencies allow Internet access to least one Federal Information Security Management Act Moderate system that requires authentication and is not currently Internet-accessible. Credit: jamesteohart/Shutterstock

 This article is part of a series that explores zero trust, cyber resiliency and similar topics.

The recently released federal zero-trust strategy from the Office and Management and Budget (OMB) and the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) has one action area that has raised a few eyebrows within the zero trust community: Go ahead and open your applications to the Internet. Wait… what?

November 8, 2021
By John Dvorak
Zero trust may not be an entirely new concept, but it is still important, says John Dvorak, emerging technology specialist for Red Hat and a member of the AFCEA Technology Committee and Zero Trust Strategies Subcommittee.  By Matt Gibson/Shutterstock

More than just a technology focus, zero trust (ZT) is an invitation for all of us to think differently about cybersecurity. We are losing on the cybersecurity battlefield, and continued investment in more advanced versions of the same architecture patterns will not change that.

January 25, 2022
Posted by George I. Seffers
Under a newly awarded contract from the Defense Information Systems Agency, Booz Allen Hamilton will develop a prototypical zero-trust solution as part of the Thunderdome program. Credit: Olivier Le Moal/Shutterstock

The Defense Information Systems Agency (DISA) has announced the award of a $6.8 million contract to Booz Allen Hamilton for a Thunderdome prototype, a zero-trust security model.

During this six-month effort, the agency will operationally test how to implement DISA’s Zero Trust Reference Architecture, published in March 2020 for the Defense Department, by taking advantage of commercial technologies such as secure access service edge (SASE) and software-defined wide area networks (SD-WANs). Thunderdome will also incorporate greater cybersecurity centered around data protection and integrate with existing endpoint and identity initiatives aligned to zero trust, according to the press release.

December 1, 2021
By Kimberly Underwood
Illustration design by Chris D’Elia based on artwoIllustration design by Chris D’Elia based on artwork by Zlatko Guzmic and Anastasia Asadcheva/Shutterstockrk by Zlatko Guzmic and Anastasia Asadcheva/Shutterstock

Researchers at the Massachusetts Institute of Technology Lincoln Laboratory that developed the Linux-based open-source zero-trust architecture called Keylime are now seeing it deployed more significantly.

December 1, 2021
 
Zero-trust techniques can help improve federal agency videoconferencing systems. Credit: Shutterstock

The COVID-19 pandemic changed how government agencies do business by requiring remote work and videoconferencing for meetings, creating a growing need for securing these virtual workspaces.

One way to achieve this security, and one that is being mandated across the federal government, is with zero-trust architecture.

Zero trust requires a change of perspective about securing data versus securing networks because data can be anywhere on a device, Joel Bilheimer, a strategic account architect with Pexip, told SIGNAL Magazine Senior Editor Kimberly Underwood during a SIGNAL Executive Video Series discussion.

December 1, 2021
By Robert K. Ackerman
Implementation of zero-trust security will require users to adopt new security measures and attitudes. Credit: metamorworks/Shutterstock

The human factor looms as the most imposing challenge to implementing zero-trust security, say experts. Aspects of this factor range from cultural acceptance to training, and sub-elements such as organizations and technologies also will play a role. Ultimately, change will have to come from the top of an organization to be truly effective.

All security measures depend to a large degree on human cooperation, but that is only part of the picture for zero trust. Its implementation will entail a massive change in security procedures both for users and for network architects. And, the ability to share information across organizational boundaries will be strongly affected at all government levels.

December 1, 2021
By George I. Seffers
Officials across the U.S. government are releasing guidance documents and assisting departments and agencies in the adoption of zero-trust cybersecurity architectures. The OMB is considered the team captain for zero trust, and the Cybersecurity and Infrastructure Security Agency within the DHS is compiling lessons learned for inclusion in a zero-trust playbook to be released early next year.  Illustration design by Chris D’Elia based on artwork by Phase4Studios & Yaran/Shutterstock

The Cybersecurity and Infrastructure Security Agency may soon release an initial playbook for departments and agencies to follow while transitioning to a zero-trust cybersecurity architecture. The new guidance will be based on lessons learned from various pilot programs across the government.

December 1, 2021
By George I. Seffers
A Hawaii Air National Guard F-22 Raptor flies with an Australian air force E-7A Wedgetail near Oahu, Hawaii, earlier this year. The U.S. Defense Department’s joint all-domain command and control concept envisions connecting any sensors and weapon systems from across the military services while also enhancing the ability to share data with allies and other mission partners. Credit: Air National Guard Staff Sgt. John Linzmeier

The U.S. Defense Department has chalked up a number of accomplishments in a short amount of time aimed at achieving a vision of connecting sensors and weapon systems from all of the military services. However, officials still are assessing the best way to achieve zero trust.

December 1, 2021
By Robert K. Ackerman
The spread of 5G will accelerate the need for zero-trust security, which in turn will help increase the number and types of networks spawned by the technology. Credit: Fit Ztudio/Shutterstock

The use of zero trust could prove to be a boon for 5G networks by providing vital security across networks made up of a variety of innovative devices and capabilities. Fully established zero trust could allow unprecedented network visibility and situational awareness while ensuring that potential attack points are closed to cyber marauders. Yet, implementing zero trust runs the risk of slowing down the network’s fast data flow if it is not applied properly.

December 1, 2021
By Kimberly Underwood
The flexibility enabled by Space Launch Delta 45’s addition of zero-trust architecture to its launch enterprise could enable U.S. Space Force guardians and U.S. Air Force airmen to conduct their launch mission-related tasks from really anywhere. In June, the Space Force and its mission partners at Cape Canaveral successfully launched into medium earth orbit the fifth Lockheed Martin-built Global Positioning System III Space Vehicle, SV05, aboard SpaceX’s Falcon 9 launch vehicle. Credit: SpaceX

The U.S. Space Force Space Launch Delta 45’s addition of zero-trust architecture to the launch enterprise could bring earth-shattering flexibility to its mission operations, its commander says. Under a year-long pilot effort, officials at Patrick Space Force Base, Florida, Space Launch Delta 45’s headquarters, and nearby Cape Canaveral Space Force Station, its launch range, have installed zero trust-related software and hardware into the launch mission system and are conducting beta testing and evaluation of the capabilities.

December 1, 2021
By Brig. Gen. Paul Fredenburgh III, USA (Ret.)

Make no mistake: zero trust represents a cultural shift from today’s approach. It will change the way information is secured and the way users access it. Yet, it also must be applied in ways that do not prevent the secured data from being effectively exploited by its users.

The president has issued an executive order to implement the necessary security to stay ahead of our adversaries. But ultimately, the challenge of zero trust is less one of technology and architecture and more one of integration into the operation and workflows. The key to a successful zero-trust implementation is to secure the data that people need to use while simultaneously enabling them to access it.

November 4, 2021
By Robert K. Ackerman
A member of the Army Corps of Engineers examines filter actuators at a water treatment plant in Baghdad. With a presence in more than 20 countries worldwide, the Corps is modernizing its infostructure to maintain connectivity with minimum downtime and maximum operational options.  U.S. Army Corps of Engineers photo

Known mostly for its large-scale physical projects, the Army Corps of Engineers is erecting a digital infostructure to allow it to engage in operations in a host of different settings. What will be a mobile Corps of Engineers will rely on many top-shelf information technologies, including zero trust.

November 1, 2021
By George I. Seffers
U.S. Air Force F-22 Raptors fly alongside an Air Force KC-135 Stratotanker during training near Mount Fuji, Japan, earlier this year. U.S. Indo-Pacific Command is building a mission partner environment that will allow greater interoperability between U.S. forces and international partners and allies in the region. Credit: Air Force Senior Airman Rebeckah Medeiros

The U.S. Indo-Pacific Command will deliver an initial mission partner environment next summer. The capability ultimately will allow U.S. forces to access classified and unclassified networks with one device. It also will provide more effective information sharing with allies and coalition forces.

November 1, 2021
By Jennifer A. Miller

When I hear of zero trust, I think of “In God We Trust,” the motto printed on U.S. currency and Florida’s official motto. More than just a buzzword phrase, though, zero trust is better understood as an approach to security.

October 13, 2021
 

There is a lot of information available about zero trust—at times inconsistent and unreliable. Talk to different vendors and you are likely to get different answers as to exactly what zero trust is and how to adopt it within your agency.

What you need to know is this:

October 8, 2021
By Robert K. Ackerman
The USS Zumwalt, one of the Navy's most technologically advanced ships, transits the Golden Gate as it enters San Francisco Bay. The U.S. Navy is working with industry to speed new information technology capabilities into the service. Credit: U.S. Navy photo

The U.S. Navy is looking to quickly implement commercial information technologies while it concurrently conducts a cattle drive to rid itself of obsolete capabilities, said its chief information officer (CIO). Aaron Weis allowed that industry will play a key role in providing innovation in an outside the box approach that addresses serious shortcomings.

“We have an infrastructure that for the most part is not supporting the mission,” Weis said.

August 18, 2021
By George I. Seffers
Credit: Shutterstock/Olivier Le Moal

The Defense Information Systems Agency intends next month to award a contract for its Thunderdome zero-trust architecture and to begin implementing a prototype within six months. The new architecture is expected to enhance security, reduce complexity and save costs while replacing the current defense-in-depth approach to network security.

September 7, 2021
Posted by Kimberly Underwood
The Cybersecurity and Infrastructure Security Agency has released two key documents meant to raise the cybersecurity practices of government agencies and organizations. The documents, the Cloud Security Technical Reference Architecture and the Zero Trust Maturity Model, are open for public comment through September 30, the agency reported. Credit: Shutterstock/Andrey Suslov

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, released two key documents meant to raise the cybersecurity practices of government agencies and organizations. The documents, the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model are open for public comment through September 30, the agency reported.

August 18, 2021
By George I. Seffers
Credit: Gerd Altmann/Pixabay

Defense Information Systems Agency (DISA) officials do not plan to try to force others in the Defense Department or military services to use its zero-trust solution known as Thunderdome.

Thunderdome is a fledgling program that offers a range of capabilities, including secure access service edge (SASE), software-defined area networking (SD-WAN), identity credential access management (ICAM) and virtual security stacks.

SASE, which is pronounced “sassy,” is a technology package that includes SD-WAN, firewall as a service and cloud access security broker. While SASE has been implemented across much of the commercial world, it has not yet been widely adopted by the government.

August 1, 2021
 

“Never Trust, Always Verify”: that’s the essence of Zero Trust security. But to be effective, agencies need to validate more than just their users. Tanium can help you validate devices too.

With Tanium’s comprehensive endpoint visibility and control, you can collect real-time data to authenticate devices within zero-trust models. This will help close vulnerabilities, improve cyber hygiene and raise the barrier to entry into your network.

Tanium is the ideal partner for your Zero Trust journey. Visit Tanium.com to learn more.

July 22, 2021
By Kimberly Underwood
U.S. Air Force airmen at Andersen Air Force Base, Guam, work to refuel an F-35A Lighting II aircraft assigned to Eielson Air Force Base, Alaska during the Cope North exercise in February. The airmen were conducting agile combat employment, or ACE, training during the exercise. The service’s ACE operations, which aim to bring more agility, resiliency and deterrence in a near-peer competitive environment, will be supported by its zero-trust architecture platforms. Credit: Pacific Air Forces/Senior Airmen Jona

Led by the Air Combat Command, the U.S. Air Force is pursuing zero-trust architecture on a level not seen before. One of the service’s first main use cases applies the cybersecurity measure to the agile combat employment (ACE). ACE operations provide a more lean, agile and lethal force that can generate airpower from multiple locations. ACE requires a different kind of command and control (C2) environment, as well as advanced planning concepts and logistical supply line support.

June 22, 2021
By Kimberly Underwood

Following the success of some initial, smaller-scale efforts, the U.S. Air Force is pursuing zero trust architecture on a level not seen before. The service’s Air Combat Command is leading the charge into many more initiatives with a comprehensive view to employ zero trust architecture across its bases, weapon systems and missions.

June 14, 2021
 
Credit: ZinetroN/Shutterstock

A delayed focus on IT modernization could create a gap between frequent high-impact cyber breaches and the U.S. Department of the Navy’s preparedness to address them. From the SolarWinds hack to ransomware, new cyber threats emerge almost weekly. Advances in technology to help defend against such threats occur so quickly that current acquisition and infrastructure programs cannot keep pace.

June 1, 2021
By Henry S. Kenyon

As the Department of Defense migrates more mission-critical systems and software to cloud environments, it must also consider an innovative way for securing this new environment from potential cyber attack.

It is up to DoD organizations like the Defense Information Systems Agency (DISA) to work out the details of such efforts and ensure the military’s considerable inventory of legacy equipment and systems can continue to interoperate smoothly with the latest technologies. But integrating different technologies is never an easy process.

May 19, 2021
 
Cloud-based security architectures can help federal agencies protect their infrastructure and manage change as it occurs, says Sean Frazier, federal chief security officer at Okta Inc. Credit: Shutterstock

As more federal agencies and businesses move to the cloud, managing their security needs in this new environment becomes critical. One way to do this is to implement zero-trust architectures as part of an identity cloud environment, said Sean Frazier, federal chief security officer at Okta Inc.

Zero-trust architecture, where it is assumed that the network is or will be compromised, is the latest phase of security development. This is important as the Defense Department modernizes its cloud-based systems under constant pressure from foreign cyber attacks.

April 20, 2021
 
Zero trust architecture isn’t a single architecture, nor is it a single solution that can be purchased, but an interrelated set of old and new technologies and methods working together, said Don Maclean, chief cybersecurity technologist for DLT Solutions.

Many federal government agencies are interested in improving their cybersecurity by moving to a zero trust architecture model. But such a move, while very beneficial to the organization, is a complex and involved process that requires some fundamental changes in how security and operations are approached, says Don Maclean, chief cybersecurity technologist for DLT Solutions.

Zero trust architecture is a cybersecurity concept that assumes a network is or will be compromised and takes steps to protect data at every potential point of access.

April 19, 2021
 
Industry can help the DOD with complex technology acquisition and deployment projects by providing services and expertise, said Dana Barnes, senior vice president of public sector at Palo Alto Networks. Credit: Shutterstock

Cybersecurity in the federal government, especially for the Department of Defense, is a complex dance between agencies and commercial partners. To get things right, companies working with the government need to be adaptable and resilient in helping government customers meet their mission goals, said Dana Barnes, senior vice president of public sector at Palo Alto Networks.

April 9, 2021
By Robert K. Ackerman
A communications tower for military 5G rises above a forest. Several challenges loom as the U.S. Defense Department strives to implement 5G into the force. Credit: M.Moira/Shutterstock

The revolutionary advantages offered by defense use of 5G technology could be undone if the United States doesn’t begin now to meet and overcome a set of challenges, said an expert from the National Security Agency (NSA). These challenges range from developing effective security measures to ensuring the supply chain is not contaminated by parts made by foreign adversaries.

February 1, 2021
By Mark S. Sincevich
Senior Airman Rose Li, USAF (l), and Airman 1st Class Eric Gardella, USAF, 86th Communications Squadron wing cyber readiness technicians, monitor malicious network activity during exercise Tacet Venari at Ramstein Air Base, Germany, in 2020 to prepare local cyber defenders in safeguarding critical technological infrastructures. U.S. Air Force photo by Staff Sgt. Devin Boyer

The federal government has been taking zero trust more seriously. Although a significant part of it has yet to be implemented, some initial work has been completed with zero trust network access, yet the outside-in approach to zero trust and complexity remains. But the more important aspect of zero trust relates to application and workload connections, which is what attackers care about and is not being protected today.

This “other side” of zero trust and a host-based micro-segmentation approach will lead to greater security and will stop the lateral movement of malware. Constituting multiple pilot projects is the best way forward in the inside-out approach to zero trust.

February 16, 2021
By Alex Chapin
Securing all of the entryways into U.S. Defense Department networks with zero trust is a multistep process, says Alex Chapin, vice president, McAfee Federal. Credit: mkfilm/Shutterstock

Ask someone in federal IT what zero trust means and you’re likely to hear that it’s about access control: never granting access to any system, app or network without first authenticating the user or device, even if the user is an insider. The term “Never trust; always verify” has become a common way to express the concept of zero trust, and the phrase is first on the list of the Defense Information Systems Agency’s (DISA’s) explanation.

January 29, 2020
By Kimberly Underwood
The FBI is examining how zero trust architecture could apply to its cybersecurity measures. Credit: Shutterstock/Kristi Blokhin

The Federal Bureau of Investigation (FBI) has a unique role as a federal law enforcement agency as well as a national security department. Its vast information technology enterprise must support its functionality in carrying out these roles, which have different rules of engagement. And when adding new tools, processes or software, the bureau has to consider solutions carefully. With zero trust architecture—a method that combines user authentication, authorization and monitoring; visibility and analytics; automation and orchestration; end user device activity; applications and workload; network and other infrastructure measures; and data tenants to provide more advanced cybersecurity—gaining use in the U.S.

December 1, 2020
By Kimberly Underwood
Vice Adm. Nancy A. Norton, USN, director of the Defense Information Systems Agency (DISA) and commander, Joint Force Headquarters Department of Defense Information Network, reports that the interagency and international partnerships DISA has forged have strengthened the protection of critical assets around the world. Adm. Norton was the opening keynote speaker December 1 at AFCEA TechNet Cyber Conference, being held virtually through December 3.

Like most organizations during the pandemic, the Defense Information Systems Agency, or DISA, is doing things a bit differently this year. Naturally, the agency is leveraging virtual events to increase its engagement with key mission partners, as well as government, industry and academia, including at the annual TechNet Cyber conference, noted Vice Adm. Nancy Norton, USN, DISA’s director and the commander of Joint Forces Headquarters for the Department of Defense Information Systems Network (JFHQ-DODIN).

October 1, 2020
By Kimberly Underwood
Department of Defense Chief Information Officer Dana Deasy, pictured speaking at the Pentagon in April, explained to reporters yesterday that the department has not heard anything back from the Federal Communications Commission about the disputed Ligado ruling. Credit: DOD photo by Marvin Lynchard

The Defense Department’s Joint Enterprise Defense Infrastructure, or JEDI, cloud effort has been tied up in the Court of Federal Claims since a preliminary injunction was issued in February. And although that has prevented the DOD from implementing Microsoft Azure cloud computing solutions, the department is not sitting idle, according to Chief Information Officer Dana Deasy.

“Cloud for me has always been first and foremost about supporting the warfighter,” Deasy told a group of reporters yesterday during a virtual Defense Writers Group meeting. “And when we got put on hold with JEDI, that didn't mean we were going to stop working on figuring out ways to support the warfighter.”

September 29, 2020
By Ned Miller, Chief Technical Strategist, McAfee U.S. Public Sector

Over the last few months, Zero Trust Architecture (ZTA) conversations have been top-of-mind across the DoD. We have been hearing the chatter during industry events all while sharing conflicting interpretations and using various definitions. In a sense, there is an uncertainty around how the security model can and should work. From the chatter, one thing is clear—we need more time. Time to settle in on just how quickly mission owners can classify a comprehensive and all-inclusive acceptable definition of Zero Trust Architecture.

September 21, 2020
By Kimberly Underwood
The Defense Information Systems Agency is finishing its zero trust architecture to bring advances in security and data availability to warfighters. Credit: DISA

Over the last few months, the Defense Information Systems Agency, known as DISA, has been working with the National Security Agency, the Department of Defense (DoD) chief information officer and others to finalize an initial reference architecture for zero trust. The construct, according to DISA’s director, Vice Adm. Nancy Norton, USN, and commander, Joint Force Headquarters-Department of Defense Information Network, will ensure every person wanting to use the DoD Information Network, or DODIN, is identified and every device trying to connect is authenticated.

September 9, 2020
 

Federal agencies and especially the DOD are quickly embracing cloud computing for many IT requirements. Traditional computing paradigms are giving way to distributed computing that is fundamental to the dynamic and ephemeral cloud environment.

At the same time, the user base is also becoming much more distributed, particularly in this era of increased remote work. Teams of globally dispersed personnel from the DOD, partner organizations and even supporting contractors are now regularly leveraging the cloud to share information critical to mission fulfillment.

July 15, 2020
By George I. Seffers
U.S. Defense Department officials intend to complete an initial zero trust architecture by year's end to improve cybersecurity, according to Vice Adm. Nancy Norton, USN, director, Defense Information Systems Agency.

The U.S. Defense Department by the end of the calendar year will release an initial zero trust architecture to improve cybersecurity across the department, says Vice Adm. Nancy Norton, USN, director, Defense Information Systems Agency, and commander, Joint Force Headquarters-Department of Defense Information Network.

Norton’s agency, commonly known as DISA, is working with the National Security Agency, the Department of Defense (DOD) chief information officer and others on what she calls an initial “reference” architecture for zero trust, which essentially ensures every person wanting to use the DOD Information Network, or DODIN, is identified and every device trying to connect is authenticated.

July 14, 2020
By George I. Seffers
Lt. Gen. Bruce Crawford, USA, the Army's soon-to-retire CIO/G-6, attends a working lunch during the Joint Warfighting Assessment on Joint Base Lewis-McChord, Wash., May 1, 2019. The CIO said during the Army’s virtual 2020 Signal Conference hosted by AFCEA that the time is right for the service to split the CIO and G-6 offices. Credit: Sgt. Torrance Saunders

The U.S. Army’s near future will include an increased focus on adopting “zero trust” cybersecurity practices, better protecting its network endpoints and consolidating its plethora of cloud computing contracts, according to Lt. Gen. Bruce Crawford, the Army’s outgoing CIO/G-6. It also will likely include tightening defense budgets.

The general indicated during a keynote address for the Army’s virtual 2020 Signal Conference, which is hosted by AFCEA, that the 2021 fiscal year “is going to be all about driving on priorities.”

May 28, 2020
 

Zero Trust, a strategic security model to “never trust, always verify,” centers on preventing successful breaches by eliminating the whole concept of trust from an organization’s digital environment; instead, everything must be proven. 

April 1, 2019
By Cathy Hall
By employing the Zero Trust concept, organizations benefit from a stronger security posture, including decreased reputational risk with their customers and partners. Credit: JNE Valokuvaus/Shutterstock

In today’s environment, the network no longer can be considered a safe zone. Every asset an organization possesses and every transaction it conducts must be secured as if it were a standalone item continually exposed to the full range of cyber threats. The realization that perimeter protection alone is not sufficient has led to the security concept of Zero Trust. In this never-trust/always-verify approach, all entities and transactions rely on multiple solutions to work together and secure digital assets.