In its 2022 Zero Trust Strategy, the Department of Defense set a goal to achieve full zero trust implementation by 2027, a target David McKeown, deputy chief information officer for cybersecurity and senior information security officer for the DOD, described in February as “super aggressive.”
The Pentagon has remained on schedule as it works to meet the objectives laid out in the strategy, but now, the organization is trying to “accelerate that by a year through a variety of means,” McKeown said during a recent DefenseScoop event.
McKeown, a 2023 Wash100 Award winner, will offer even more of his insights as the opening keynote speaker at the Potomac Officers Club’s 2024 Cyber Summit on Thursday. At the event, public and private sector experts will convene to dive into the U.S. government’s top cyber priorities. The summit will also feature a panel focused on zero trust.
Click here to learn more about the event and register to attend.
The DOD Zero Trust Strategy is an ambitious, comprehensive plan that aims to integrate zero trust principles into all five cybersecurity functions – identify, protect, detect, respond and recover – across the joint force and full defense ecosystem. It lists 91 target-level activities to be completed by the initial 2027 deadline and looks further into the future with a set of 61 advanced activities.
“We had three different ways in which you could implement it. The first one was to uplift your current environment by adding all the necessary tools and capabilities and integrating them. Secondly, was to adopt commercial cloud solutions that already have the capabilities built in. And then lastly, purpose-built on prem clouds that also were proven to meet zero-trust capabilities,” McKeown said.
As part of the process, the department asked each military branch and defense agency to submit their own implementation plans. The DOD received 43 of these strategies in October.
“We see that most organizations, because of the diversity of their [network] terrain, are doing a hybrid of all of those things to achieve zero trust,” he noted.
Though the characteristics and needs of different DOD components vary, integrated products are a must, according to McKeown. To incorporate these capabilities, he said the department is collaborating with vendors to determine ways to “best deliver integrated products to the folks working on zero trust there.”
Hear more from McKeown at the 2024 Cyber Summit! Click here to register before spots run out.