Pentagon to Launch 'Zero Trust' Cybersecurity Office in December Due to SolarWinds Attack - Report
03:06 GMT 11.11.2021 (Updated: 12:45 GMT 13.04.2023)
Zero trust assumes that there is no trust between networks, devices, or users, and therefore necessitates constant, real-time verification of data accessing users. It is a shift from perimeter-based security, in which an intruder can typically travel freely within a network once they've gained access.
US Department of Defense Chief Information Security Officer David McKeown stated that the Pentagon will formally open a new agency committed to speeding the implementation of a new "zero trust" cybersecurity approach next month, C4SIRNET reported on Wednesday.
According to the report, the agency will report to the DoD's chief information officer and be overseen by an unnamed senior executive. The action is reported to be part of a push to complete zero trust deployment in the wake of the SolarWinds hacker attack which breached federal systems.
"We’ve redoubled our efforts, we’ve fought for dollars internally to get after this problem faster," McKeown is quoted as saying at C4ISRNET’s CyberCon event. "We’re standing up a portfolio management office that will ... rationalize all network environments out there, prioritize and set each one of them on a path of zero trust over the coming five, six, seven years."
Moreover, McKeown noted that while the Department of Defense has embraced several components that are supposed to operate together to create a "zero trust" environment, it is not being prescriptive about which products its enclaves use as long as they work together.
"We’ve got a lot of attention on this now, and we’ve got senior leadership in the department on board and putting their money where their mouth is and helping us to implement this at a very fast pace," he said.
His remarks came nearly six months after the Biden administration issued an order to boost cybersecurity at government organizations in the aftermath of the SolarWinds hack.
The sophisticated attempt, according to McKeown, highlighted the lengths to which intruders will go and the need for improved protection. Despite the fact that SolarWinds was a widely trusted piece of software, it began "beaconing out" from within networks, he reportedly said.
"We have to be able to detect something like that," McKeown said. "Not only the external compromises but the internal malicious behavior and potential supply chain risks need to be looked at."
McKeown stated that the Pentagon believes that "zero trust is the only solution out there right now that gives us a fighting chance on detecting these folks that may have a foothold on our network or this anomalous software that we’ve allowed in."
US media reported last month that the hackers behind the SolarWinds intrusion attempted to access US government networks, as well as European government networks.