木瓜AV

Following a series of executive orders aimed at bolstering the country鈥檚 cybersecurity posture over the last few years, the DoD is now aligning with much of the federal government in pursuing a more unified, standardized approach to cybersecurity.

While the DoD will continue to encourage its various components to stand up their own zero-trust offices (e.g., the Army confirmed in October 2022 that the service will establish its ), the goal of targeted zero-trust by FY27 ensures that all branches will adhere to a universal minimum standard of network security and best practices. The DoD can be expected to drive this initiative with a cultural focus on zero-trust training and adoption as well as strategic use of the Planning, Programming, Budgeting, and Execution (PPBE) process for resource allocation.

The roadmap describes how the Department is under 鈥渨ide-scale and persistent attack from known and unknown malicious actors鈥� who 鈥渙ften鈥� breach the Pentagon鈥檚 鈥渄efensive perimeter.鈥� The timeline for components to phase in zero-trust implementation 鈥� with the first deadline, logging all network traffic, arriving in Q4 of FY23 鈥� illustrates the real urgency behind this initiative.

The roadmap even provides accelerated timelines for components to more quickly reach 鈥渁dvanced zero-trust.鈥� While not yet a requirement, advanced zero-trust goes beyond targeted zero-trust and includes a greater focus on the 鈥淩espond鈥� and 鈥淩ecover鈥� functions of the , with the goal of more effectively countering advanced persistent threats (APTs) and nation-state adversaries.

While the roadmap does name what capabilities the DoD must implement to achieve targeted zero-trust, it does not point to specific technologies or solutions. That鈥檚 where collaboration and partnership with commercial providers will play a critical role in helping the Department meet its goals.

The roadmap defines three courses of action for the Department to reach targeted zero-trust: establish a zero-trust 鈥渂aseline,鈥� partner with commercial providers to develop zero-trust compliant cloud environments, and utilize government-owned private cloud. There is a clear role for providers in each of these areas. Finally, integration across solutions and the different pillars of zero-trust, which creates greater visibility and the ability to organize a more effective response to threat actions, will be a critical area for industry partners to address as the Department is seeking help in this regard.