Chris Cleary, the U.S. Navy’s principal cyber advisor, said that data is the fuel driving the implementation of zero trust security architectures, and said agencies moving in that direction need to meet the challenge of identifying data and protecting it.
At a Federal News Network event on Oct. 26, Cleary said the Navy is close to fully implementing zero trust architectures, and expects that the other military service branches will fall in close behind.
The COVID-19 pandemic, Cleary said, is one of the reasons why the Navy has excelled in embracing zero trust architecture. The service branch, he said, was already actively testing identity solutions and preparing for cloud-based solutions – like Microsoft 365 – when the public health crisis hit.
“These interesting opportunities to deploy certain technologies have been happy accidents to get closer and closer to a zero trust architecture,” he said. “We were prepared to roll out certain things. We used crisis as an opportunity and now we’re finding ourselves in a very good place in terms of getting to our zero trust roadmap.”
Data, he said, is the foundation and the most critical of the five pillars of zero trust, and conversations are finally starting to shift in that direction.
“Data is the fuel oil that allows everything else to happen, and we need to see that as a warfighting resource, a commodity, if you will. We can’t go to sea without fuel oil, we can’t do much of what we do without availability of data and the security of that,” Cleary said. “I now – even in defense critical infrastructure – can’t get away from the data argument.”
He emphasized that ensuring the availability, and then delivering, secure data is just as important as deploying other tactics within the department. Because of this, he said, it’s essential that zero trust security is resourced properly in the future.
“One of the challenges that the information technology space has had . . . is that information technology has always been seen as a necessary evil as opposed to the core of warfighting,” Cleary said. “We’re finding that this is fundamental to the way that we operate our services.”
He continued: “This is the way that we fight now. As this whole mission space is embraced more as a true foundational requirement for all warfighting, it eventually starts to get resourced appropriately. I think we’re beginning to see that shift now – we’re living in it.”
While properly resourcing zero trust security is critical, Cleary ended the discussion by noting that the cultural component of security within the Federal government needs to have a makeover as well.
“There is a large cultural component of this that has to change. Security is everybody’s business,” he said.
Everybody has “certain responsibilities they must take to ensure that we can get to things like zero trust principles,” Cleary said. “Once we make that final flip cognitively, then a lot of this gets a lot easier.”
