With technology advancing rapidly and new threats taking shape, zero trust, a security strategy based on continuous authentication, has become a major priority for the Department of Defense. In November 2022, the department solidified its zero trust push with the release of the Zero Trust Strategy and Implementation Roadmap.
According to John Sherman, chief information officer of the DOD and a two-time Wash100 Award winner, the department “has made great strides in establishing a strong foundation for zero trust adoption and implementation.” Testifying before the House Armed Services Committee in March, he cited the January 2022 establishment of the ZT Portfolio Management Office, the release of the ZT Reference Architecture in July 2022, and of course, the creation of the strategy and implementation roadmap as indicators of progress.
Zero trust is one of many areas government CIOs are focused on. At the Potomac Officers Club’s 5th Annual CIO Summit in April 2024, top public sector information technology experts will come together with industry leaders to discuss a wide range of today’s most significant IT topics. Sherman delivered the opening keynote address at the 2023 iteration of the event, in which he discussed the Cybersecurity Maturation Model Certification.
Don’t miss your chance to secure your spot at next year’s CIO Summit! Click here to register early.
Since the ZT Implementation Strategy and Roadmap took shape, the DOD has made multiple steps forward in its move toward full zero trust. One of these milestones is the Defense Information System Agency’s Thunderdome prototype, which was completed earlier this year. During testing, Thunderdome was shown to improve network performance and increase security, setting a foundation for future zero trust efforts.
Another area in which progress has been made is in partnerships. David McKeown, deputy chief information officer for cybersecurity and chief information security officer at the DOD, said the department has “been partnering very heavily with commercial cloud providers” to compel them to analyze their offerings and collaborate with other private sector organizations to achieve the 91 capabilities the DOD needs to attain full zero trust.
“Really great relationships are forming there,” said McKeown, who believes the DOD is “on a good path” to reaching full zero trust by its target deadline: fiscal year 2027. McKeown received a Wash100 Award this year and spoke at the Potomac Officers Club’s 2023 Cyber Summit in June.
The next phase of the plan is bringing the zero trust strategies of each DOD component together for review, according to Sherman. During the Billington CyberSecurity Summit in September, he stated that the department will receive each of its organizations’ zero trust plans in the coming weeks. Beginning to assess these individual strategies together, Sherman said, is a “very important milestone” toward achieving zero trust across the entire DOD.
For more insights from public sector CIOs, register to attend the Potomac Officers Club’s 5th Annual CIO Summit!