Pentagon taking 'cybersecurity seriously' with new office

The Pentagon is to open a new zero trust cybersecurity office in December spurred by the recent SolarWinds intrusion of federal systems.

The Pentagon has announced it will formally launch a new office dedicated to accelerating the adoption of a new “zero trust” cybersecurity model.

David McKeown, DoD’s chief information security officer, said the office will fall under DoD’s chief information officer and be led by a yet-to-be-named senior executive. The move is part of an acceleration to ongoing zero trust implementation spurred by the Russian-orchestrated SolarWinds intrusion of federal systems.

“We’ve redoubled our efforts, we’ve fought for dollars internally to get after this problem faster,” McKeown said at C4ISRNET’s CyberCon event.

Commenting on the news, Felipe Duarte, Senior Researcher at secure access company Appgate, says by focusing on Zero Trust, "the Pentagon sends a clear message to cyber-criminals that they are taking cybersecurity seriously".

“The SolarWinds' attack revealed how lots of organisations, including government ones, are vulnerable to supply-chain attacks, and that after an initial breach, there aren't enough barriers in current infrastructures to stop the threats from spreading, he said. "The Kaseya attack was another example, where attackers managed to infect lots of Kaseya customers attacking the VSA application. After the attackers get access through any trusted application, they can easily navigate through the network.

"Zero Trust then becomes the natural solution for that. Only by segmenting the networks and assuming all connections can be compromised you can detect an intruder in your network. ZeroTrust needs to be implemented in the core infrastructure, you must profile any device trying to connect in your network, use multi-factor authentication to ensure credentials are not compromised, segment networks creating isolated perimeters, and, most important, only provide access to what a user or a system needs to," he adds. 

"This, along with Biden's memo published earlier this year, should be a wake-up-call to all organisations that haven't adopted Zero Trust yet. The best way to contain the damage from a Ransomware or a Spyware attack is to implement Zero Trust.”

 

 

Share

Featured Articles

How secure is sensitive data stored in the cloud?

A Cloud Security Alliance (CSA) survey has found 67% of organisations store sensitive data in public cloud environments, but how secure is it?

CYBER LIVE LONDON: Day 2 highlights of the hybrid tech show

We take a look at highlights of the different stages at the Tech Live London show, including insights from Claroty, SalesForce and Oracle

TECH LIVE LONDON: An overview of the hybrid technology show

We take a look at the first day of Tech Live London with insights from technology leaders from companies such as IBM, Microsoft and Vodafone

Does a cashless society mean higher risk of fraud?

Cyber Security

5 minutes with Gary Brickhouse, CISO of GuidePoint Security

Cyber Security

CTO at Passbolt explains the importance of password managers

Application Security