A review of the Defense Department’s component-level zero trust security implementation plans is painting a clearer picture of trends and challenges running through the three-dozen-plus plans – including the vital importance of proper funding for components, and achieving interoperability across component zero trust plans – to meet DoD’s 2027 zero trust deployment goal.
Gurpreet Bhatia, DoD’s principal director for cybersecurity and deputy chief information security officer, shared some of that trend data during a keynote address at today’s Axonius Adapt 2024 conference in Washington.
“We’re at a stage where we’re working through those implementation plans and within those implementation plans – we have 39 of them – we’ve noticed several barriers and trends and we found a lot of great information,” Bhatia said.
The 39 implementation plans, approved last month by DoD, were a requirement under the department’s Zero Trust Strategy which DoD released in late 2022. The plans are meant to help the agency reach its goal of fully implementing a department-wide zero trust security framework by fiscal year 2027.
According to Bhatia, fiscal years may not necessarily be funded at appropriate times, which puts a strain on the department’s ability to meet the 2027 goal.
“Planning for that is really, really critical and vital because we only have three more years left to be on deadline,” he said.
Another trend emerging from the implementation plans is how DoD components and the department as a whole will track progress toward reaching the zero trust framework goals. According to Bhatia, DoD components have developed specific metrics on how to track progress, “and they’re prioritizing how they’re going to get through it.”
At the department level, “we’re looking for the progress towards your zero trust journey, where are you on that journey, and is there some implementation of capabilities and technologies along the way,” Bhatia explained.
The implementation plans also show that interoperability continues to be a challenge for the department, he said.
Bhatia explained that throughout the 39 implementation plans there are a slew of technologies and capabilities that present challenges to the secure sharing of information both within and outside the DoD.
“There’s lots of technologies that are implemented today across the 39 plans … and at some point we’re going to have to interoperate across the board if we really want that state of a seamless arena to share data across the board,” said Bhatia. Discussions on the interoperability goal are underway and focus on facilitating safe information sharing practices that fall within zero trust principles, not just within the department but also with allies who are starting their zero trust journeys.
