The Defense Department is on track to implement its zero trust cybersecurity framework by the end of fiscal year 2027, senior Pentagon information technology officials said this week.
David McKeown, who serves as the DOD’s deputy chief information officer, underscored the significant progress the department has made in implementing what he said will be a transformational change in how the department approaches cybersecurity.
“Zero trust integration offers the most robust and reliable approach to cybersecurity, ensuring that our systems are resilient against evolving threats, while safeguarding our nation’s interests,” McKeown said today during his keynote address as part of a virtual two-day Zero Trust Symposium hosted by the Defense Acquisition University.
“It is not just a program, or a new application, zero trust is an evolution of our entire security landscape,” he said. “By embracing it, we not only protect our data, but we strengthen our defenses and preserve our way of life.”
Once implemented, the zero trust framework will move the DOD beyond traditional network security methods with capabilities designed to reduce exposure to cyberattacks, enable risk management and data sharing and quickly contain and remediate adversary activities.
The department released its strategy for achieving its vision for a zero trust architecture in 2022. The strategy outlines four high-level goals including cultural adoption, security and defense of DOD information systems, technology acceleration and zero trust enablement.
Since unveiling the strategy, McKeown, who also serves as the department’s senior information security officer, said his office has remained laser focused on making it a reality.
“As the DOD’s lead for zero trust, we have made great progress,” he said, detailing the department’s efforts to align resources and capabilities at the component level, review implementation plans submitted by DOD agencies and work with industry to build solutions.
John Sherman, DOD’s chief information officer, said implementing the framework has been an “absolute top priority.”
“If you look at our funding, and if you look at our cyber investments we’re making and the time we’re spending, zero trust is first and foremost among what we’re doing,” Sherman said yesterday, the first day of the symposium.
He said what once seemed unachievable just a few years ago is now becoming a reality.
“We are looking really good, on track, to get target-level zero trust in place by the end of fiscal [year] 2027,” he said.
Both officials underscored the importance of implementing the framework as adversaries continue to improve their offensive cyber capabilities.
“Our protection and detection methodologies absolutely need to change in order to defend against today’s adversaries,” McKeown said. “Because of this, zero trust is my top cybersecurity initiative. I absolutely believe zero trust will greatly improve our ability to defend our networks against sophisticated attacks.”