Enable breadcrumbs token at /includes/pageheader.html.twig

Culture Shift Is Necessary for Zero Trust

Subject matter experts and decision-makers call for interoperability to best adapt to future needs.

TechNet Indo-Pacific panelists discuss bringing zero trust to Pacific warfighting. Credit: Artistic Mindz Photography

The speed of innovation often surpasses human tendencies. Therefore, with today’s initiatives such as zero trust, humans must refocus on the mission at hand—one that involves modern-day security challenges.

Kicking off the panel session at TechNet Indo-Pacific in Honolulu, Hawaii, Randy Resnick, director of the Department of Defense Zero Trust Portfolio Management Office, informed the audience of the current revision process over implementation points from the DoD. The first injection of feedback is due to happen by today (Thursday, November 9), and a turnaround with answers should be expected within the next week.

Quoting the Department of the Air Force Chief Technology Officer Jason Bonci, panelist Justin Stolpman said, “Often the disillusionment cycle spins faster than the delivery cycle.” Stolpman is the director of the Department of the Air Force Zero Trust Functional Management Office, Air Combat Command A6.

In a discussion about zero-trust implementation, the response was a resounding call for a culture change throughout all departments, as well as an emphasis on the need for interoperability.

“I underestimated what that challenge was,” said Resnick, who recently began his role in the DoD Chief Information Office. He joined the DoD following a 34-year career at the National Security Agency. “If you can’t successfully get past a culture change, zero trust is extremely difficult to implement.”

While Title 10 would allow each service to create its own zero-trust strategy, collaboration is key. Additionally, interoperability across multiple domains is vital for concrete security. "Zero trust is an everybody problem,” said Christopher Pymm, zero trust portfolio manager, ID7, at the Defense Information Systems Agency.

“I think we lose sight of the fact that we’re on the same side,” added National Security Agency’s Jamie Milne. “I think the government at large … do not do a good job of collaborative; it’s a cultural issue. We need to continue to have these conversations.”

Resnick, along with Pymm, offered that a hybrid cloud environment is being considered for best practices. As with any approach, however, it will have to be tailored toward the applications in use.

Furthermore, the Department of the Navy’s (DON) Zero Trust Architecture Lead David Voelker informed the audience of recruitment and retainment strategies within the cultural adoption. “1.4 and 1.5 is to identify a cadre of folks to be trained up to train the soldiers and sailors, marines and airmen that were going to be expected to take cybersecurity positions,” he explained. 1.5 will focus on development of the training curriculum, Voelker went on.

The Defense Acquisition University has partnered with DON to offer training courses for today’s professionals, which will potentially be driven down to the C-schools and A-schools. “If you look at the DON’s implementation plan, there is a section on ensuring that our new marines and sailors coming into the force are getting trained,” Voelker stated.

Nationwide recruitment is equally important, Pymm noted. “We need to train people; we also need to open the aperture as far as wherever we recruit from.”