Pentagon taking 'cybersecurity seriously' with new office

The Pentagon is to open a new zero trust cybersecurity office in December spurred by the recent SolarWinds intrusion of federal systems.

The Pentagon has announced it will formally launch a new office dedicated to accelerating the adoption of a new “zero trust” cybersecurity model.

David McKeown, DoD’s chief information security officer, said the office will fall under DoD’s chief information officer and be led by a yet-to-be-named senior executive. The move is part of an acceleration to ongoing zero trust implementation spurred by the Russian-orchestrated SolarWinds intrusion of federal systems.

“We’ve redoubled our efforts, we’ve fought for dollars internally to get after this problem faster,” McKeown said at C4ISRNET’s CyberCon event.

Commenting on the news, Felipe Duarte, Senior Researcher at secure access company Appgate, says by focusing on Zero Trust, "the Pentagon sends a clear message to cyber-criminals that they are taking cybersecurity seriously".

“The SolarWinds' attack revealed how lots of organisations, including government ones, are vulnerable to supply-chain attacks, and that after an initial breach, there aren't enough barriers in current infrastructures to stop the threats from spreading, he said. "The Kaseya attack was another example, where attackers managed to infect lots of Kaseya customers attacking the VSA application. After the attackers get access through any trusted application, they can easily navigate through the network.

"Zero Trust then becomes the natural solution for that. Only by segmenting the networks and assuming all connections can be compromised you can detect an intruder in your network. ZeroTrust needs to be implemented in the core infrastructure, you must profile any device trying to connect in your network, use multi-factor authentication to ensure credentials are not compromised, segment networks creating isolated perimeters, and, most important, only provide access to what a user or a system needs to," he adds. 

"This, along with Biden's memo published earlier this year, should be a wake-up-call to all organisations that haven't adopted Zero Trust yet. The best way to contain the damage from a Ransomware or a Spyware attack is to implement Zero Trust.”




Featured Articles

Gartner unveils top cybersecurity predictions for 2023-2024

Half of CISOs will formally adopt human-centric design practices into their cybersecurity programmes, while adoption of zero trust architecture will rise

DDoS protection market to grow amid increase in attacks

According to research by Cloudflare, DDoS attacks increased by 109% last year, with the last 12 months seeing some of the largest attacks the world

The impact data poisoning has on cyber and AI

We take a look at why the risks of data and AI poisoning is continuing to wreak havoc on the cybersecurity industry

Five innovative ways AI can help prevent cyber attacks

Cyber Security

SailPoint delivers new non-employee risk management solution

Cyber Security

Akamai shares details of Asia’s record-breaking DDoS attack

Network Security