Zero Trust Will Require a Paradigm Shift
The Department of Defense Zero Trust 2027 strategy is underway. The implementation includes an extensive evaluation for all defense industry participants. Speakers at this year’s annual TechNet Cyber conference discussed their biggest challenges as the transition takes place.
“I wish we could have looked at the business processes that we use in a number of these programs, largely on the business side, and done some BPR [business process reengineering] ahead of time before we went into zero trust,” said Winston Beauchamp, deputy chief information officer for the Department of the Air Force.
Beauchamp joined a panel of experts in Baltimore on Wednesday.
Much of the data being examined to meet zero-trust standards, whether in data holdings or legacy systems, could have been consolidated. “Alas, there is no time,” he said.
His request to industry, therefore, was to find mechanisms that will allow the DoD to do so in an automated way. “Finding some way to help us do that doesn’t require an 18-month slog of BPR would be terrific,” Beauchamp stated.
[Zero trust] is a complete paradigm culture shift that is going to take a lot longer than 2027 to really live those principles.
The challenge for zero-trust implementation will be in identifying and tagging data, which in and of itself is an extremely complex space, said Robert Vietmeyer. “We are working with buildups and our commercial partners on making advancements through the whole identity, ICAM [identity, credential and access management],” he added.
Vietmeyer currently serves as the chief software officer for the deputy chief information officer for Information Enterprise.
“We at the department have not done a good job on really training on specific data tags on both the data itself and then on access control tags on people and their attributes,” he explained.
The transition will not just be a checklist business, however. “Zero trust is a set of principles that we should be living and breathing and operating against,” Jane Rathbun, CIO for the Department of the Navy, stated.
“We don’t have standard ontologies, we don’t have good ways of understanding the provenance of our data, of tagging our data so that it works for our operations,” she said, echoing Vietmeyer’s comments.
The goal, though it will change standard operations, will simplify the ecosystems.
“It is a complete paradigm culture shift that is going to take a lot longer than 2027 to really live those principles.”
Identity access management will be one of the focal points, she added.
TechNet Cyber is an annual event held in Baltimore, Maryland, organized by AFCEA International. SIGNAL Media is the official media of AFCEA.
