Zero Trust

April 20, 2021
 
Zero trust architecture isn’t a single architecture, nor is it a single solution that can be purchased, but an interrelated set of old and new technologies and methods working together, said Don Maclean, chief cybersecurity technologist for DLT Solutions.

Many federal government agencies are interested in improving their cybersecurity by moving to a zero trust architecture model. But such a move, while very beneficial to the organization, is a complex and involved process that requires some fundamental changes in how security and operations are approached, says Don Maclean, chief cybersecurity technologist for DLT Solutions.

Zero trust architecture is a cybersecurity concept that assumes a network is or will be compromised and takes steps to protect data at every potential point of access.

April 19, 2021
 
Industry can help the DOD with complex technology acquisition and deployment projects by providing services and expertise, said Dana Barnes, senior vice president of public sector at Palo Alto Networks. Credit: Shutterstock

Cybersecurity in the federal government, especially for the Department of Defense, is a complex dance between agencies and commercial partners. To get things right, companies working with the government need to be adaptable and resilient in helping government customers meet their mission goals, said Dana Barnes, senior vice president of public sector at Palo Alto Networks.

April 9, 2021
By Robert K. Ackerman
A communications tower for military 5G rises above a forest. Several challenges loom as the U.S. Defense Department strives to implement 5G into the force. Credit: M.Moira/Shutterstock

The revolutionary advantages offered by defense use of 5G technology could be undone if the United States doesn’t begin now to meet and overcome a set of challenges, said an expert from the National Security Agency (NSA). These challenges range from developing effective security measures to ensuring the supply chain is not contaminated by parts made by foreign adversaries.

February 1, 2021
By Mark S. Sincevich
Senior Airman Rose Li, USAF (l), and Airman 1st Class Eric Gardella, USAF, 86th Communications Squadron wing cyber readiness technicians, monitor malicious network activity during exercise Tacet Venari at Ramstein Air Base, Germany, in 2020 to prepare local cyber defenders in safeguarding critical technological infrastructures. U.S. Air Force photo by Staff Sgt. Devin Boyer

The federal government has been taking zero trust more seriously. Although a significant part of it has yet to be implemented, some initial work has been completed with zero trust network access, yet the outside-in approach to zero trust and complexity remains. But the more important aspect of zero trust relates to application and workload connections, which is what attackers care about and is not being protected today.

This “other side” of zero trust and a host-based micro-segmentation approach will lead to greater security and will stop the lateral movement of malware. Constituting multiple pilot projects is the best way forward in the inside-out approach to zero trust.

February 16, 2021
By Alex Chapin
Securing all of the entryways into U.S. Defense Department networks with zero trust is a multistep process, says Alex Chapin, vice president, McAfee Federal. Credit: mkfilm/Shutterstock

Ask someone in federal IT what zero trust means and you’re likely to hear that it’s about access control: never granting access to any system, app or network without first authenticating the user or device, even if the user is an insider. The term “Never trust; always verify” has become a common way to express the concept of zero trust, and the phrase is first on the list of the Defense Information Systems Agency’s (DISA’s) explanation.

January 29, 2020
By Kimberly Underwood
The FBI is examining how zero trust architecture could apply to its cybersecurity measures. Credit: Shutterstock/Kristi Blokhin

The Federal Bureau of Investigation (FBI) has a unique role as a federal law enforcement agency as well as a national security department. Its vast information technology enterprise must support its functionality in carrying out these roles, which have different rules of engagement. And when adding new tools, processes or software, the bureau has to consider solutions carefully. With zero trust architecture—a method that combines user authentication, authorization and monitoring; visibility and analytics; automation and orchestration; end user device activity; applications and workload; network and other infrastructure measures; and data tenants to provide more advanced cybersecurity—gaining use in the U.S.

December 1, 2020
By Kimberly Underwood
Vice Adm. Nancy A. Norton, USN, director of the Defense Information Systems Agency (DISA) and commander, Joint Force Headquarters Department of Defense Information Network, reports that the interagency and international partnerships DISA has forged have strengthened the protection of critical assets around the world. Adm. Norton was the opening keynote speaker December 1 at AFCEA TechNet Cyber Conference, being held virtually through December 3.

Like most organizations during the pandemic, the Defense Information Systems Agency, or DISA, is doing things a bit differently this year. Naturally, the agency is leveraging virtual events to increase its engagement with key mission partners, as well as government, industry and academia, including at the annual TechNet Cyber conference, noted Vice Adm. Nancy Norton, USN, DISA’s director and the commander of Joint Forces Headquarters for the Department of Defense Information Systems Network (JFHQ-DODIN).

October 1, 2020
By Kimberly Underwood
Department of Defense Chief Information Officer Dana Deasy, pictured speaking at the Pentagon in April, explained to reporters yesterday that the department has not heard anything back from the Federal Communications Commission about the disputed Ligado ruling. Credit: DOD photo by Marvin Lynchard

The Defense Department’s Joint Enterprise Defense Infrastructure, or JEDI, cloud effort has been tied up in the Court of Federal Claims since a preliminary injunction was issued in February. And although that has prevented the DOD from implementing Microsoft Azure cloud computing solutions, the department is not sitting idle, according to Chief Information Officer Dana Deasy.

“Cloud for me has always been first and foremost about supporting the warfighter,” Deasy told a group of reporters yesterday during a virtual Defense Writers Group meeting. “And when we got put on hold with JEDI, that didn't mean we were going to stop working on figuring out ways to support the warfighter.”

September 29, 2020
By Ned Miller, Chief Technical Strategist, McAfee U.S. Public Sector

Over the last few months, Zero Trust Architecture (ZTA) conversations have been top-of-mind across the DoD. We have been hearing the chatter during industry events all while sharing conflicting interpretations and using various definitions. In a sense, there is an uncertainty around how the security model can and should work. From the chatter, one thing is clear—we need more time. Time to settle in on just how quickly mission owners can classify a comprehensive and all-inclusive acceptable definition of Zero Trust Architecture.

September 21, 2020
By Kimberly Underwood
The Defense Information Systems Agency is finishing its zero trust architecture to bring advances in security and data availability to warfighters. Credit: DISA

Over the last few months, the Defense Information Systems Agency, known as DISA, has been working with the National Security Agency, the Department of Defense (DoD) chief information officer and others to finalize an initial reference architecture for zero trust. The construct, according to DISA’s director, Vice Adm. Nancy Norton, USN, and commander, Joint Force Headquarters-Department of Defense Information Network, will ensure every person wanting to use the DoD Information Network, or DODIN, is identified and every device trying to connect is authenticated.

September 9, 2020
 

Federal agencies and especially the DOD are quickly embracing cloud computing for many IT requirements. Traditional computing paradigms are giving way to distributed computing that is fundamental to the dynamic and ephemeral cloud environment.

At the same time, the user base is also becoming much more distributed, particularly in this era of increased remote work. Teams of globally dispersed personnel from the DOD, partner organizations and even supporting contractors are now regularly leveraging the cloud to share information critical to mission fulfillment.

July 15, 2020
By George I. Seffers
U.S. Defense Department officials intend to complete an initial zero trust architecture by year's end to improve cybersecurity, according to Vice Adm. Nancy Norton, USN, director, Defense Information Systems Agency.

The U.S. Defense Department by the end of the calendar year will release an initial zero trust architecture to improve cybersecurity across the department, says Vice Adm. Nancy Norton, USN, director, Defense Information Systems Agency, and commander, Joint Force Headquarters-Department of Defense Information Network.

Norton’s agency, commonly known as DISA, is working with the National Security Agency, the Department of Defense (DOD) chief information officer and others on what she calls an initial “reference” architecture for zero trust, which essentially ensures every person wanting to use the DOD Information Network, or DODIN, is identified and every device trying to connect is authenticated.

July 14, 2020
By George I. Seffers
Lt. Gen. Bruce Crawford, USA, the Army's soon-to-retire CIO/G-6, attends a working lunch during the Joint Warfighting Assessment on Joint Base Lewis-McChord, Wash., May 1, 2019. The CIO said during the Army’s virtual 2020 Signal Conference hosted by AFCEA that the time is right for the service to split the CIO and G-6 offices. Credit: Sgt. Torrance Saunders

The U.S. Army’s near future will include an increased focus on adopting “zero trust” cybersecurity practices, better protecting its network endpoints and consolidating its plethora of cloud computing contracts, according to Lt. Gen. Bruce Crawford, the Army’s outgoing CIO/G-6. It also will likely include tightening defense budgets.

The general indicated during a keynote address for the Army’s virtual 2020 Signal Conference, which is hosted by AFCEA, that the 2021 fiscal year “is going to be all about driving on priorities.”

May 28, 2020
 

Zero Trust, a strategic security model to “never trust, always verify,” centers on preventing successful breaches by eliminating the whole concept of trust from an organization’s digital environment; instead, everything must be proven. 

April 1, 2019
By Cathy Hall
By employing the Zero Trust concept, organizations benefit from a stronger security posture, including decreased reputational risk with their customers and partners. Credit: JNE Valokuvaus/Shutterstock

In today’s environment, the network no longer can be considered a safe zone. Every asset an organization possesses and every transaction it conducts must be secured as if it were a standalone item continually exposed to the full range of cyber threats. The realization that perimeter protection alone is not sufficient has led to the security concept of Zero Trust. In this never-trust/always-verify approach, all entities and transactions rely on multiple solutions to work together and secure digital assets.