DON on Tight Deadline To Achieve Zero Trust
Having unveiled its Information Superiority Vision 2.0—also known as ISV2.0—in August 2024, the Department of the Navy (DON) is making strides in improving its cybersecurity posture by implementing zero-trust capabilities. Still, an end of fiscal year 2027 goal set by the U.S. Department of Defense (DoD) is fast approaching.
“I’ve already let the DoD [Chief Information Officer] know there’s no way the Navy is going to be 100% zero trust by 2027 for every aspect,” said Jane Rathbun, DON CIO. Zero trust integration will take a phased approach, she stated, and progress has already been made.
Rathbun was speaking at the WEST 2025 conference in San Diego, alongside recently appointed deputy DON CIO Barry Tanner.
“We’ve learned a lot over the last four-plus years about what it means to be zero trust; you don’t just build it and throw it out there,” Tanner told attendees. “You have to practice it.”
Through assessments demonstrated with the DoD Zero Trust Portfolio Management Office—with 151 out of 152 activities validated—the DON has been able to showcase the ability to achieve zero trust implementation. “Now it’s, how do we build on it?”
While the assessments showed promise, they were still done in only one environment, Tanner pointed out, saying there is still more work to do be done.
“The example that we’ve shown through the assessments that were done last year will help inform all of the networks and programs that have work to do on that, core identity services being a key to how you move forward on that, but we do not have time to waste. We have to move at speed,” he said.
At the same time, it’s important to start considering weapons systems, internet of things and other DON areas that prove difficult when it comes to data management.
“One of the things we’re prioritizing this year as we move into ISV2.0 is thinking through how we apply the lessons learned from our zero-trust journey in the enterprise to these other really tough problems,” Tanner stated.
There’s no way the Navy is going to be 100% zero trust by 2027 for every aspect.
Additionally, the DON is looking to pivot its approach from a compliance mindset to a readiness mindset. Compliance does not equal a secure environment, he emphasized.
“Device, identity, network, state of the devices on that network, the applications, the data, every lever has to be looked at, all that telemetry has to be assessed, and you have to make good decisions on the fly.”
Though achieving zero trust for facilities by 2027 is unlikely, Tanner spoke on the focus of driving to get to zero trust wherever possible to meet the mandate. The team will then identify gaps and set a plan for all other systems, such as combat and weapons systems.
The DON is also working closely with its counterparts in the facilities community, Tanner told the audience. A framework named MOSAICS, which stands for "more situational awareness for industrial control systems," is helping identify areas and activities necessary to meet the standards.
WEST is co-hosted by AFCEA International and the U.S. Naval Institute. SIGNAL Media is the official media of AFCEA International.
