The Pentagon plans to implement a zero-trust architecture across its entire sprawling enterprise by 2027, its Chief Information Officer John Sherman confirmed on Wednesday.
It won’t be an easy feat to implement these technical and cultural shifts to enable the ultramodern cybersecurity framework. But according to Sherman, that near-term work will likely prove essential to winning future wars.
“What we’re aiming for is by 2027 to have zero-trust deployed across the majority of our enterprise systems in the Department of Defense — in five years. That’s an ambitious goal for those of you that are familiar with zero trust, but the adversary capability we’re facing leaves us no choice but to move at that level of pace,” he said at the FedTalks conference on Wednesday.
He and his team are leading a number of unfolding projects to meet that zero-trust intent.
Within the last month, Sherman said he’s hired a new deputy chief information security officer. Officials under his purview are also preparing a comprehensive zero-trust strategy that will dig deep into how DOD is defining its approach from across the main controls to the most highly sensitive systems.
“We should be publishing that out to you all perhaps as soon as next month,” Sherman told the audience. “I can tell you at DOD we’re taking this very seriously and we are committed to implementing zero-trust at scale for the 4 million-person-plus enterprise that we lead.”
The CIO also noted that Pentagon officials are also producing a new “cyber talent strategy” that should be completed in the next 2 months. Representatives from DOD teams associated with policy, personnel, readiness and other areas are working fervently to get the document out, Sherman said.
“It thinks differently about the environment we’re in. We’re all going after the same talent here. We’re all trying to expand the diversity aperture. This has got to be a whole-of-nation approach,” he said. “This is the space race of this generation.”
Following his speech, Sherman told FedScoop that — among those many zero-trust priorities — the most pressing cybersecurity issue he’s confronting right now is retiring all the “technical debt” DOD has accrued over the last 20 years fighting in places like Iraq, Afghanistan, Africa and elsewhere.
“We have to get after that on our weapons systems and networks to make sure we are able to modernize and make sure we have safe systems to get after our adversaries,” he said.