The Department of Defense (DoD) plans to release in the coming days a detailed strategy for its ambitious department-wide zero trust security strategy, said Randy Resnick, director of Zero Trust Portfolio Management at DoD, during FCW’s CDM Summit event on Nov. 2.
DoD Chief Information Officer (CIO) John Sherman signed off on the strategy last Thursday.
“We are now in the classification review to make [the strategy] available for public release. We’re expecting to release it to the public in a week or two,” Resnick said.
Sherman first announced this ambitious goal in August, saying that DoD planned to implement a zero trust architecture across the entire department by 2027, and promising to release a strategy in the near term on how to advance that goal.
The strategy intends to achieve a DoD information enterprise secured by a fully implemented department-wide zero trust cybersecurity solutions architecture, Resnick explained today.
“We placed a five-year deadline upon the Department of Defense to reach a certain level, a level that we believe will slow down and contain the adversary,” Resnick added.
DoD is looking to shorten the implementation time for a department-wide zero trust architecture to meet its 2027 goal. Therefore, the Pentagon has actively shared its approach to zero trust and its execution plans widely across the government to develop its strategy.
“Now we are looking for industry insight. We need industry’s help to realize the speed of adoption necessary to meet the threats we face,” Resnick said.
In preparation for release of the strategy, Resnick explained that DoD is prepared to facilitate industry collaboration to help implement the 45 zero trust capabilities laid out – 20 of which are related to the Continuous Diagnostics and Mitigation (CDM) Program – such as implementing a user inventory.
“Although the DoD has not been a major part of the CDM program, we’re very aware of it,” Resnick said. “We in the .mil domain and the intel community networks have benefited greatly from the defensive cyber tools that industry developed over the past decade and deployed under the CDM program.”
Resnick explained that industry might already be developing or have developed solutions that can help accelerate the implementation of the DoD’s zero trust strategy and “[therefore] we believe it’s especially important to engage with [industry] early on in this process. There’s no reason why we can’t share information and collaborate,” he added.