The transition to zero trust security architectures is integral to the U.S. Department of the Army’s modernization efforts, said Army CIO Raj Iyer during an FCW virtual roundtable on October 27 where he explained security challenges that the service branch is facing and how the move to zero trust security concepts will help.
Government-wide, the move to zero trust has become an essential part of the Federal government’s strategy to bolster cybersecurity, and a means to accomplish IT modernization.
The Army, Iyer said, is facing various cybersecurity challenges, including:
- Cybersecurity for OT assets in critical infrastructure that is not well understood;
- Inconsistent application of configurations/architecture for cloud security;
- Increased attack surface areas due to a growing technology footprint;
- Prioritizing cybersecurity requirements for weapons systems; and
- Lack of visibility into cyber budget and spending.
“These challenges affect the Army’s ability to keep pace with our adversary’s sophisticated cyberattack vectors, and a perimeter-defense approach cannot always counter these threats,” Iyer said. “If we cannot take a perimeter-defense approach, we have to rely on zero trust to keep us safe.”
The Army’s end-state objective is a secure digital ecosystem based on zero trust, using innovative solutions to enable seamless interoperability of data for multi-domain operations (MDO). Getting there will entail:
- Integrated industry and government best practices and information sharing;
- Increased IT investment accountability through robust financial analytics and governance;
- Improved user access and collaboration environments; and
- Standardized cyber policies and risk frameworks across all Army systems.
Iyer pointed to the service branch’s recently released Army Digital Transformation Strategy (ADTS) as a big part of building its future cybersecurity posture. The ADTS outlines an integrated master plan to synchronize and integrate all ongoing activities to achieve the digital-age Army.
“Our mission with [ADTS] is to drive digital transformation, innovation, and reform through strategy, policy, governance, oversight, and rapid capabilities to establish an MDO force,” Iyer said.
The Army has a variety of zero trust initiatives ongoing to produce a secure, coordinated, seamless, transparent, and cost-effective IT architecture that transforms data into actionable information and ensures dependable mission execution in the face of a persistent cyber threat, the CIO said.. Those relate to:
- Endpoint (IT, OT, IoT) Security;
- Secure access service edge for cloud;
- Cyber analytics with AI/ML; and
- Software-defined networking.
“Zero trust is a set of principles, not an end-all, be-all solution. Agencies must remain agile and adaptable. Our adversaries took advantage of this inherent trust we had in our system. Zero trust is a journey, and I don’ think it will ever just end,” Iyer concluded.