Pages

17 June 2023

DoD finding it ‘hard to orchestrate’ services on zero trust, holding monthly discussions: Resnick

JASPREET GILL

Chief of the Department of Defense Zero Trust Portfolio Management Office Randy Resnick, and DoD Acting Principal Deputy Chief Information Officer for Cybersecurity and DoD Senior Information Security Officer, David McKeown, hold an off-camera, on-the-record virtual press briefing on the release of the DoD Zero Trust Strategy and Roadmap at the Pentagon, , Nov. 22, 2022. (U.S. Air Force Tech. Sgt. Jack Sanders.)

WASHINGTON — The Pentagon is keeping a close eye on the military services as they develop their own plans for implementing the department’s zero trust vision, a key official spearheading the effort said today.

The Defense Department’s zero trust strategy, released last November, tasked each service to develop its action plan to achieve a baseline level of zero trust by fiscal 2027. But Randy Resnick, the director of the Defense Department’s zero trust portfolio management office, said today that it’s proving “hard to orchestrate” each service’s individual zero trust efforts into something cohesive.

As a result, DoD has started doing weekly “huddles” and larger monthly meetings with the services and “communities of interest” (COI) in an effort to educate them on how to execute the department’s vision outlined in its zero trust strategy.

The quarterly meetings are “deep dives into the technology and the successes that some of our folks in the DoD have achieved up to this point,” Resnick said the Potomac Officers Club’s Cyber Summit. They’ve “been very lively conversations. Each one … of the TEMs and the COI probably has maybe 150 people that call in. And maybe for the huddle, the week to week, it’s maybe 50. So this is a big number going across DoD.”

The military services are expected to submit their implementation plans by October.

At the same time, Resnick said he’s working with the services to see where the 91 activities outlined in the strategy to get to the “targeted” baseline level of zero trust by FY27 can be mitigated “to make it simpler, while still maintaining the ability…to stop the adversary.”

“So you know, the zero trust strategy in the Department of Defense is mostly an enterprise wide strategy, but it starts to break down when you get to the edge,” Resnick said. “And when I mean edge, I mean in the last mile. That’s my words. And when you think about the last mile challenges in a denied, degraded, disconnected environment, each service has a different definition of what [the] last mile is.”

Meanwhile, DoD is already taking away some lessons learned from the seven months since releasing its strategy. Deputy Chief Information Officer for Cybersecurity David McKeown said today during his keynote address at the summit that the department realizes its zero trust end goal needs to be an “integrated product.”

“It’s not a bunch of stovepipe tools that satisfy the 91 capabilities individually,” he said. “One of the problems we’ve had in the past is our technicians were not very good at doing integration and making things work with each other and coming up with an integrated dashboard.”

No comments:

Post a Comment