In May 2021, President Biden issued an Executive Order calling on federal agencies to improve their cybersecurity posture. Zero trust, an approach to cybersecurity that relies on continuous authentication, is a core part of the order, and since it was released, public sector organizations have made strides in moving toward full zero trust implementation.
Zero trust is one of many topics that may be explored at the Potomac Officers Club’s 2024 Cyber Summit, where experts will convene to consider the federal government’s top cyber priorities and challenges as they navigate the evolving domain. Click here to learn more, and click here to register to attend the May 2024 event.
At this year’s edition of the summit, Randy Resnick, director of Department of Defense’s Zero Trust Portfolio Management Office, participated in a panel discussion in which cyber leaders shared their insights on the importance of zero trust at the edge.
“We have 91 activities in an enterprise environment for zero trust to stop the adversary. We need to start thinking through what can we mitigate to the 91 and make it simpler at the edge, while still maintaining the ability to slow down or stop the adversary,” Resnick said during the conversation
An outspoken advocate for the adoption of this approach, Resnick has regularly shared his thoughts on a variety of DOD zero trust initiatives.
In late October, the department received 43 zero trust roadmaps from the services and agencies, which Resnick said at the National Defense University’s Cyber Beacon Congress would be reviewed within weeks.
These plans are part of a DOD-wide zero trust effort that was solidified with the November 2022 release of its Zero Trust Strategy, and according to Resnick, his office collaborated heavily with various DOD components to help them develop these individualized strategies.
In a LinkedIn post published last month, Resnick said that he was impressed with the “very comprehensive” plans he has seen so far.
These plans are some of many DOD efforts to embrace zero trust. Earlier this year, the department launched a hacking experiment in cooperation with its Joint Warfighting Cloud Capability contract partners: Amazon Web Services, Oracle, Google and Microsoft.
The $9 billion JWCC contract vehicle is designed to allow the DOD to procure enterprisewide cloud services directly from these providers.
Conducted by the National Security Agency, the program will carry out realistic representations of adversary cyberattacks on its participants, giving them the opportunity to see how these events could impact their data security, Resnick said in a webcast.
“That’s going to give us a really good feel on whether or not these zero trust overlays are implemented correctly,” he added.
He explained that the tests are designed to identify ways in which the DOD could implement zero trust in the cloud, which “would be absolutely revolutionary” if it can be done.
Don’t miss your chance to hear speakers in Resnick’s field share their insights on cybersecurity at the 2024 Cyber Summit! Click here to secure your spot.
