Zero Trust

August 18, 2021
By George I. Seffers
Credit: Shutterstock/Olivier Le Moal

The Defense Information Systems Agency intends next month to award a contract for its Thunderdome zero-trust architecture and to begin implementing a prototype within six months. The new architecture is expected to enhance security, reduce complexity and save costs while replacing the current defense-in-depth approach to network security.

September 7, 2021
Posted by Kimberly Underwood
The Cybersecurity and Infrastructure Security Agency has released two key documents meant to raise the cybersecurity practices of government agencies and organizations. The documents, the Cloud Security Technical Reference Architecture and the Zero Trust Maturity Model, are open for public comment through September 30, the agency reported. Credit: Shutterstock/Andrey Suslov

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, or CISA, released two key documents meant to raise the cybersecurity practices of government agencies and organizations. The documents, the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model are open for public comment through September 30, the agency reported.

August 18, 2021
By George I. Seffers
Credit: Gerd Altmann/Pixabay

Defense Information Systems Agency (DISA) officials do not plan to try to force others in the Defense Department or military services to use its zero-trust solution known as Thunderdome.

Thunderdome is a fledgling program that offers a range of capabilities, including secure access service edge (SASE), software-defined area networking (SD-WAN), identity credential access management (ICAM) and virtual security stacks.

SASE, which is pronounced “sassy,” is a technology package that includes SD-WAN, firewall as a service and cloud access security broker. While SASE has been implemented across much of the commercial world, it has not yet been widely adopted by the government.

August 1, 2021
 

“Never Trust, Always Verify”: that’s the essence of Zero Trust security. But to be effective, agencies need to validate more than just their users. Tanium can help you validate devices too.

With Tanium’s comprehensive endpoint visibility and control, you can collect real-time data to authenticate devices within zero-trust models. This will help close vulnerabilities, improve cyber hygiene and raise the barrier to entry into your network.

Tanium is the ideal partner for your Zero Trust journey. Visit Tanium.com to learn more.

July 22, 2021
By Kimberly Underwood
U.S. Air Force airmen at Andersen Air Force Base, Guam, work to refuel an F-35A Lighting II aircraft assigned to Eielson Air Force Base, Alaska during the Cope North exercise in February. The airmen were conducting agile combat employment, or ACE, training during the exercise. The service’s ACE operations, which aim to bring more agility, resiliency and deterrence in a near-peer competitive environment, will be supported by its zero-trust architecture platforms. Credit: Pacific Air Forces/Senior Airmen Jona

Led by the Air Combat Command, the U.S. Air Force is pursuing zero-trust architecture on a level not seen before. One of the service’s first main use cases applies the cybersecurity measure to the agile combat employment (ACE). ACE operations provide a more lean, agile and lethal force that can generate airpower from multiple locations. ACE requires a different kind of command and control (C2) environment, as well as advanced planning concepts and logistical supply line support.

June 22, 2021
By Kimberly Underwood

Following the success of some initial, smaller-scale efforts, the U.S. Air Force is pursuing zero trust architecture on a level not seen before. The service’s Air Combat Command is leading the charge into many more initiatives with a comprehensive view to employ zero trust architecture across its bases, weapon systems and missions.

June 14, 2021
 
Credit: ZinetroN/Shutterstock

A delayed focus on IT modernization could create a gap between frequent high-impact cyber breaches and the U.S. Department of the Navy’s preparedness to address them. From the SolarWinds hack to ransomware, new cyber threats emerge almost weekly. Advances in technology to help defend against such threats occur so quickly that current acquisition and infrastructure programs cannot keep pace.

June 1, 2021
By Henry S. Kenyon

As the Department of Defense migrates more mission-critical systems and software to cloud environments, it must also consider an innovative way for securing this new environment from potential cyber attack.

It is up to DoD organizations like the Defense Information Systems Agency (DISA) to work out the details of such efforts and ensure the military’s considerable inventory of legacy equipment and systems can continue to interoperate smoothly with the latest technologies. But integrating different technologies is never an easy process.

May 19, 2021
 
Cloud-based security architectures can help federal agencies protect their infrastructure and manage change as it occurs, says Sean Frazier, federal chief security officer at Okta Inc. Credit: Shutterstock

As more federal agencies and businesses move to the cloud, managing their security needs in this new environment becomes critical. One way to do this is to implement zero-trust architectures as part of an identity cloud environment, said Sean Frazier, federal chief security officer at Okta Inc.

Zero-trust architecture, where it is assumed that the network is or will be compromised, is the latest phase of security development. This is important as the Defense Department modernizes its cloud-based systems under constant pressure from foreign cyber attacks.

April 20, 2021
 
Zero trust architecture isn’t a single architecture, nor is it a single solution that can be purchased, but an interrelated set of old and new technologies and methods working together, said Don Maclean, chief cybersecurity technologist for DLT Solutions.

Many federal government agencies are interested in improving their cybersecurity by moving to a zero trust architecture model. But such a move, while very beneficial to the organization, is a complex and involved process that requires some fundamental changes in how security and operations are approached, says Don Maclean, chief cybersecurity technologist for DLT Solutions.

Zero trust architecture is a cybersecurity concept that assumes a network is or will be compromised and takes steps to protect data at every potential point of access.

April 19, 2021
 
Industry can help the DOD with complex technology acquisition and deployment projects by providing services and expertise, said Dana Barnes, senior vice president of public sector at Palo Alto Networks. Credit: Shutterstock

Cybersecurity in the federal government, especially for the Department of Defense, is a complex dance between agencies and commercial partners. To get things right, companies working with the government need to be adaptable and resilient in helping government customers meet their mission goals, said Dana Barnes, senior vice president of public sector at Palo Alto Networks.

April 9, 2021
By Robert K. Ackerman
A communications tower for military 5G rises above a forest. Several challenges loom as the U.S. Defense Department strives to implement 5G into the force. Credit: M.Moira/Shutterstock

The revolutionary advantages offered by defense use of 5G technology could be undone if the United States doesn’t begin now to meet and overcome a set of challenges, said an expert from the National Security Agency (NSA). These challenges range from developing effective security measures to ensuring the supply chain is not contaminated by parts made by foreign adversaries.

February 1, 2021
By Mark S. Sincevich
Senior Airman Rose Li, USAF (l), and Airman 1st Class Eric Gardella, USAF, 86th Communications Squadron wing cyber readiness technicians, monitor malicious network activity during exercise Tacet Venari at Ramstein Air Base, Germany, in 2020 to prepare local cyber defenders in safeguarding critical technological infrastructures. U.S. Air Force photo by Staff Sgt. Devin Boyer

The federal government has been taking zero trust more seriously. Although a significant part of it has yet to be implemented, some initial work has been completed with zero trust network access, yet the outside-in approach to zero trust and complexity remains. But the more important aspect of zero trust relates to application and workload connections, which is what attackers care about and is not being protected today.

This “other side” of zero trust and a host-based micro-segmentation approach will lead to greater security and will stop the lateral movement of malware. Constituting multiple pilot projects is the best way forward in the inside-out approach to zero trust.

February 16, 2021
By Alex Chapin
Securing all of the entryways into U.S. Defense Department networks with zero trust is a multistep process, says Alex Chapin, vice president, McAfee Federal. Credit: mkfilm/Shutterstock

Ask someone in federal IT what zero trust means and you’re likely to hear that it’s about access control: never granting access to any system, app or network without first authenticating the user or device, even if the user is an insider. The term “Never trust; always verify” has become a common way to express the concept of zero trust, and the phrase is first on the list of the Defense Information Systems Agency’s (DISA’s) explanation.

January 29, 2020
By Kimberly Underwood
The FBI is examining how zero trust architecture could apply to its cybersecurity measures. Credit: Shutterstock/Kristi Blokhin

The Federal Bureau of Investigation (FBI) has a unique role as a federal law enforcement agency as well as a national security department. Its vast information technology enterprise must support its functionality in carrying out these roles, which have different rules of engagement. And when adding new tools, processes or software, the bureau has to consider solutions carefully. With zero trust architecture—a method that combines user authentication, authorization and monitoring; visibility and analytics; automation and orchestration; end user device activity; applications and workload; network and other infrastructure measures; and data tenants to provide more advanced cybersecurity—gaining use in the U.S.

December 1, 2020
By Kimberly Underwood
Vice Adm. Nancy A. Norton, USN, director of the Defense Information Systems Agency (DISA) and commander, Joint Force Headquarters Department of Defense Information Network, reports that the interagency and international partnerships DISA has forged have strengthened the protection of critical assets around the world. Adm. Norton was the opening keynote speaker December 1 at AFCEA TechNet Cyber Conference, being held virtually through December 3.

Like most organizations during the pandemic, the Defense Information Systems Agency, or DISA, is doing things a bit differently this year. Naturally, the agency is leveraging virtual events to increase its engagement with key mission partners, as well as government, industry and academia, including at the annual TechNet Cyber conference, noted Vice Adm. Nancy Norton, USN, DISA’s director and the commander of Joint Forces Headquarters for the Department of Defense Information Systems Network (JFHQ-DODIN).

October 1, 2020
By Kimberly Underwood
Department of Defense Chief Information Officer Dana Deasy, pictured speaking at the Pentagon in April, explained to reporters yesterday that the department has not heard anything back from the Federal Communications Commission about the disputed Ligado ruling. Credit: DOD photo by Marvin Lynchard

The Defense Department’s Joint Enterprise Defense Infrastructure, or JEDI, cloud effort has been tied up in the Court of Federal Claims since a preliminary injunction was issued in February. And although that has prevented the DOD from implementing Microsoft Azure cloud computing solutions, the department is not sitting idle, according to Chief Information Officer Dana Deasy.

“Cloud for me has always been first and foremost about supporting the warfighter,” Deasy told a group of reporters yesterday during a virtual Defense Writers Group meeting. “And when we got put on hold with JEDI, that didn't mean we were going to stop working on figuring out ways to support the warfighter.”

September 29, 2020
By Ned Miller, Chief Technical Strategist, McAfee U.S. Public Sector

Over the last few months, Zero Trust Architecture (ZTA) conversations have been top-of-mind across the DoD. We have been hearing the chatter during industry events all while sharing conflicting interpretations and using various definitions. In a sense, there is an uncertainty around how the security model can and should work. From the chatter, one thing is clear—we need more time. Time to settle in on just how quickly mission owners can classify a comprehensive and all-inclusive acceptable definition of Zero Trust Architecture.

September 21, 2020
By Kimberly Underwood
The Defense Information Systems Agency is finishing its zero trust architecture to bring advances in security and data availability to warfighters. Credit: DISA

Over the last few months, the Defense Information Systems Agency, known as DISA, has been working with the National Security Agency, the Department of Defense (DoD) chief information officer and others to finalize an initial reference architecture for zero trust. The construct, according to DISA’s director, Vice Adm. Nancy Norton, USN, and commander, Joint Force Headquarters-Department of Defense Information Network, will ensure every person wanting to use the DoD Information Network, or DODIN, is identified and every device trying to connect is authenticated.

September 9, 2020
 

Federal agencies and especially the DOD are quickly embracing cloud computing for many IT requirements. Traditional computing paradigms are giving way to distributed computing that is fundamental to the dynamic and ephemeral cloud environment.

At the same time, the user base is also becoming much more distributed, particularly in this era of increased remote work. Teams of globally dispersed personnel from the DOD, partner organizations and even supporting contractors are now regularly leveraging the cloud to share information critical to mission fulfillment.

July 15, 2020
By George I. Seffers
U.S. Defense Department officials intend to complete an initial zero trust architecture by year's end to improve cybersecurity, according to Vice Adm. Nancy Norton, USN, director, Defense Information Systems Agency.

The U.S. Defense Department by the end of the calendar year will release an initial zero trust architecture to improve cybersecurity across the department, says Vice Adm. Nancy Norton, USN, director, Defense Information Systems Agency, and commander, Joint Force Headquarters-Department of Defense Information Network.

Norton’s agency, commonly known as DISA, is working with the National Security Agency, the Department of Defense (DOD) chief information officer and others on what she calls an initial “reference” architecture for zero trust, which essentially ensures every person wanting to use the DOD Information Network, or DODIN, is identified and every device trying to connect is authenticated.

July 14, 2020
By George I. Seffers
Lt. Gen. Bruce Crawford, USA, the Army's soon-to-retire CIO/G-6, attends a working lunch during the Joint Warfighting Assessment on Joint Base Lewis-McChord, Wash., May 1, 2019. The CIO said during the Army’s virtual 2020 Signal Conference hosted by AFCEA that the time is right for the service to split the CIO and G-6 offices. Credit: Sgt. Torrance Saunders

The U.S. Army’s near future will include an increased focus on adopting “zero trust” cybersecurity practices, better protecting its network endpoints and consolidating its plethora of cloud computing contracts, according to Lt. Gen. Bruce Crawford, the Army’s outgoing CIO/G-6. It also will likely include tightening defense budgets.

The general indicated during a keynote address for the Army’s virtual 2020 Signal Conference, which is hosted by AFCEA, that the 2021 fiscal year “is going to be all about driving on priorities.”

May 28, 2020
 

Zero Trust, a strategic security model to “never trust, always verify,” centers on preventing successful breaches by eliminating the whole concept of trust from an organization’s digital environment; instead, everything must be proven. 

April 1, 2019
By Cathy Hall
By employing the Zero Trust concept, organizations benefit from a stronger security posture, including decreased reputational risk with their customers and partners. Credit: JNE Valokuvaus/Shutterstock

In today’s environment, the network no longer can be considered a safe zone. Every asset an organization possesses and every transaction it conducts must be secured as if it were a standalone item continually exposed to the full range of cyber threats. The realization that perimeter protection alone is not sufficient has led to the security concept of Zero Trust. In this never-trust/always-verify approach, all entities and transactions rely on multiple solutions to work together and secure digital assets.