The principal information technology advisor to the commander of the Army Corps of Engineers said today that his organization is using zero trust principles to secure systems, and finds zero trust especially compelling because the organization relies on outside parties to provide technology services.
Like many others across the Federal government, Dovarius Peoples, the CIO/G-6 of the Army Corps of Engineers, faces a challenge when it comes to finding cybersecurity talent.
“One of the major challenges that we are facing, from a Federal as well as a department standpoint, is the race for cybersecurity talent,” said Peoples, speaking during an online event on August 13. More than 30,000 cybersecurity positions are left unfilled in the public sector.
This shortage has led the Army Corps of Engineers to use cloud and other technologies as a service, instead of developing them in-house, Peoples said.
“Due to the fact that as we outsource or consume these things as a service, we have little knowledge into those that have access or to those who are managing or maintaining our systems,” he said. “Zero trust concepts and principles, those are the things that will protect us from a lot of the threats.”
“Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location,” said a publication of the National Institute of Standards and Technology (NIST), released earlier this week.
Peoples said the Army Corps of Engineers has partnered closely with the Army Network Enterprise Technology Command, Army Cyber, and U.S. Cyber Command to begin to “operationalize a lot of the zero-trust concepts.”