The Pentagon’s primary data-management office is embarking on a plan to provide the highest possible level of data-transmission security. The new ‘zero trust’ cybersecurity model would ensure that information contained and transmitted on Defense Department computers and devices would be accessible only to those who are authorized to do so.
“This paradigm shift, from network-centric to a data-centric security model, will affect every arena of our cyber domain,” said Navy Vice Adm. Nancy A. Norton, director of the Defense Information Systems Agency. Norton unveiled the concept at a July 15 virtual conference held by the Armed Forces Communications and Electronics Association (AFCEA). “[It] will enable us to better support our warfighters, national leaders and mission partners.”
The zero trust concept entails a three-pronged approach: never trust, always verify; assume breach; and verify explicitly. It would stress the protection of cybersecurity and the role it would play in any future combat actions, Norton said, while fostering greater collaboration with government, industry and international partners.
“Right now, we have adversaries who actively seek to harm our nation and its standing in the world by constantly attacking our cyber domain,” Norton said. “They seek to sow discord in our society, to steal our critical information and to hack away at our technological edge. Our nation’s enemies are relentless, even during this pandemic.”