December 14, 2022 By Jonathan Reed 2 min read

The Pentagon plans to implement a zero trust architecture across its entire enterprise by 2027, according to DoD CIO John Sherman.

“What we’re aiming for is by 2027 to have zero trust deployed across the majority of our enterprise systems in the Department of Defense in five years,” Sherman said at a recent FedTalks keynote presentation. “That’s an ambitious goal for those of you familiar with zero trust, but the adversary capability we’re facing leaves us no choice but to move at that level of pace.”

Here’s a look at what the Pentagon’s zero trust initiative will entail and how the U.S. government plans to face the new reality of perimeter-less security.

Implementing zero trust for millions

The Pentagon plans to roll out zero trust at scale for their enterprise of over four million people by 2027. This ambitious plan is based upon the continued rising threat of attacks from individuals, cyber gangs and state actors.

Meanwhile, Commander Gen. Jackie Van Ovost of the U.S. Transportation Command announced that her organization is already at work. “Last month, we completed our implementation of our core zero trust capabilities on our classified network, reaching the baseline maturity level,” said Van Ovost.

Explore Zero Trust Solutions  

Zero trust for the entire U.S. government

The DoD announcement is far from unique. In January 2022, the Executive Office of the President released an announcement about government-wide zero trust goals. Clearly, the U.S. Government places high confidence in the approach and intends to embrace it as soon as possible.

“In the current threat environment, the Federal Government can no longer depend on conventional perimeter-based defenses to protect critical systems and data,” the memo states. “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments to defend the vital institutions that underpin the American way of life.”

The White House states that transitioning to a zero trust approach will provide a defensible architecture for new environments. In addition, the government says it will require agencies to meet specific zero trust objectives within the next few years.

The current threat environment “leaves us no choice”

In today’s reality, remote work and connected devices are commonplace. A company’s tech stack regularly expands with new tools and applications. Even if they tried, enterprises can no longer define a perimeter to protect.

Now security must be verified for every app, user, software and device. With zero trust, all requests are assumed to be unauthorized until proven otherwise. Instead of a single technology, zero trust uses multiple strategies, such as multi-factor authentication, micro-segmentation and AI-driven contextual analytics.

Organizations that turn to zero trust realize 20.5% lower costs for a data breach than those not using zero trust. In fact, companies with zero trust deployed saved nearly $1 million in average breach costs compared to those without it.

DoD CIO Sherman said the current threat environment “leaves us no choice.” The answer that many are turning to is zero trust.

More from News

Securing critical infrastructure with the carrot and stick

4 min read - It wasn’t long ago that cybersecurity was a fringe topic of interest. Now, headline-making breaches impact large numbers of everyday citizens. Entire cities find themselves under cyberattack. In a short time, cyber has taken an important place in the national discourse. Today, governments, regulatory agencies and companies must work together to confront this growing threat. So how is the federal government bolstering security for critical infrastructure? It looks like they are using a carrot-and-stick approach. Back in March 2022, the…

650,000 cyber jobs are now vacant: How to tackle the risk

4 min read - How far is the United States behind in filing cybersecurity jobs? As per Rep. Andrew Garbarino, R-N.Y., Chairman of the HHS Cybersecurity and Infrastructure Protection Subcommittee, overseas adversaries have a workforce advantage over FBI cyber personnel of 50 to one. His statements were made during a recent subcommittee hearing titled “Growing the National Cybersecurity Talent Pipeline.” Meanwhile, recent CyberSeek data shows over 650,000 cyber jobs to fill nationwide. Given the rising rate of cyberattacks, these numbers are truly alarming. How…

Will data backups save you from ransomware? Think again

4 min read - Backups are an essential part of any solid anti-ransomware strategy. In fact, research shows that the median recovery cost for ransomware victims that used backups is half the cost incurred by those that paid the ransom. But not all data backup approaches are created equal. A separate report found that in 93% of ransomware incidents, threat actors actively target backup repositories. This results in 75% of victims losing at least some of their backups during the attack, and more than…

Should you worry about state-sponsored attacks? Maybe not.

4 min read - More than ever, state-sponsored cyber threats worry security professionals. In fact, nation-state activity alerts increased against critical infrastructure from 20% to 40% from 2021 to 2022, according to a recent Microsoft Digital Defense Report. With the advent of the hybrid war in Ukraine, nation-state actors are launching increasingly sophisticated attacks. But is this the most prominent danger facing companies today? While nation-state-based attacks cannot be ignored, it looks like insider cyber incidents are far more common. In fact, for the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today