The Department of Defense (DoD) plans to implement a zero trust architecture across the entire department by 2027, and will soon release a detailed strategy on how it will get there, a DoD spokesperson confirmed to MeriTalk.
“What we’re aiming for is by 2027 to have zero trust deployed across a majority of our enterprise systems at the DoD,” the DoD Chief Information Officer John Sherman confirmed through a DoD spokesperson.
“Five years. That’s an ambitious goal… but the adversary capability we’re facing leaves us no choice but to move at that level of pace,” Sherman said.
To support that ambitious goal, the Pentagon plans to release a new strategy as soon as next month which will define DoD’s approach to zero trust and how it plans to tackle the implementation. Representatives from DoD teams associated with policy, personnel, readiness, and other areas are working hard to get the strategy document completed, Sherman said.
“At DoD, we’re taking this very seriously,” he said. “And we are committed to implementing zero trust at scale for our four-million-person-plus enterprise that we lead.”
Sherman also wants to figure out how to deal with the technical debt DoD has accrued over the last 20 years fighting in places like Iraq and Afghanistan. The Pentagon, he explained, needs to start thinking of new ways to protect its weapons systems, networks, and data to ensure they’re “cyber safe” and secure.
DoD also plans to release a cyber workforce strategy in the next few months. The strategy is in the final stages of coordination and involves people from DoD’s personnel, readiness, and policy teams thinking “differently about the environment we’re in,” Sherman said.