Pentagon taking 'cybersecurity seriously' with new office

By BizClik Admin
The Pentagon is to open a new zero trust cybersecurity office in December spurred by the recent SolarWinds intrusion of federal systems.

The Pentagon has announced it will formally launch a new office dedicated to accelerating the adoption of a new “zero trust” cybersecurity model.

David McKeown, DoD’s chief information security officer, said the office will fall under DoD’s chief information officer and be led by a yet-to-be-named senior executive. The move is part of an acceleration to ongoing zero trust implementation spurred by the Russian-orchestrated SolarWinds intrusion of federal systems.

“We’ve redoubled our efforts, we’ve fought for dollars internally to get after this problem faster,” McKeown said at C4ISRNET’s CyberCon event.

Commenting on the news, Felipe Duarte, Senior Researcher at secure access company Appgate, says by focusing on Zero Trust, "the Pentagon sends a clear message to cyber-criminals that they are taking cybersecurity seriously".

“The SolarWinds' attack revealed how lots of organisations, including government ones, are vulnerable to supply-chain attacks, and that after an initial breach, there aren't enough barriers in current infrastructures to stop the threats from spreading, he said. "The Kaseya attack was another example, where attackers managed to infect lots of Kaseya customers attacking the VSA application. After the attackers get access through any trusted application, they can easily navigate through the network.

"Zero Trust then becomes the natural solution for that. Only by segmenting the networks and assuming all connections can be compromised you can detect an intruder in your network. ZeroTrust needs to be implemented in the core infrastructure, you must profile any device trying to connect in your network, use multi-factor authentication to ensure credentials are not compromised, segment networks creating isolated perimeters, and, most important, only provide access to what a user or a system needs to," he adds. 

"This, along with Biden's memo published earlier this year, should be a wake-up-call to all organisations that haven't adopted Zero Trust yet. The best way to contain the damage from a Ransomware or a Spyware attack is to implement Zero Trust.”




Featured Articles

Worldwide IT Outage Not Cyber Attack - But Software Update

The global IT outage that is being described as one of the biggest ever is thankfully not being attributed to a cyber attack, but rather a software update

Companies Across Cyber Sphere Warn of Surge in DDoS attacks

DDoS attacks have over doubled in a year, with multiple reports highlighting how political instability around the globe could be behind it

UK Takes Steps to Strengthen Country's Cyber Security

The new government have made cybersecurity one of their top priorities as they lay out their plans for what they intend to do in power

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

Operational Security

Irdeto’s Andrew Bunten Talks Securing Online Content Streams

Network Security

Fortinet Cyber Survey Shows Global Scope of Skills Gap

Operational Security