Security

DoDIIS 2021: Intelligence Agency CIOs Chart Path Ahead on Zero Trust

IT chiefs in the intelligence community and the military services are on board with the move to zero-trust architectures.

Phil Goldstein

Twitter

Phil Goldstein is a former web editor of the CDW family of tech magazines and a veteran technology journalist. He lives in Washington, D.C., with his wife and their animals: a dog named Brenna, and two cats, Grady and Princess.

The U.S. intelligence community’s IT leaders are enthusiastic about the federal government’s shift to zero-trust architectures for cybersecurity, according to IT leaders from key intelligence agencies.

During a pane on Tuesday of intelligence agency IT leaders at the 2021 DoDIIS Worldwide Conference in Phoenix, several said they are looking forward to the shift and how it will enhance their IT security posture. In particular, they discussed how the move to zero trust will bring a more data-centric focus to security and how it will spur automaton.

Officials said at the conference that the Office of the Director of National Intelligence will likely release guidance on zero trust for national security systems before the end of the year.

Sue Dorr, CIO of ODNI, said that “no matter what we do, we cannot human our way out of cyber” concerns, and noted there is a greater need to focus on automation and how artificial intelligence can augment the capabilities of intelligence agencies’ cybersecurity workers.

“We need to make sure humans are working against the hardest problems,” she said.

Christopher Page, CIO of the Navy, said that the service is “very interested in treating information as a strategic asset,” as zero trust pushes agencies to do, with a focus less on perimeter security and more on data security. However, he said, the fundamentals of cybersecurity — confidentiality, integrity and availability — will still apply.

Click the banner to get access to customized cybersecurity content by becoming an Insider,

How Intelligence Agencies Are Thinking About Zero Trust

Page said the Navy is looking at how zero trust helps the branch mitigate risks around those fundamental areas. He also said sailors and workers across the Navy need a better understanding of the underpinnings of zero trust.

“We need to invest in people, materiel, services, training and educating our people,” Page said. He also noted that the shift to zero trust cannot be treated as a blank check for IT security vendors. There needs to be a clear understanding of how long it will take to get new cybersecurity capabilities online and a way to measure the actual benefits of new technologies and policies.

Leonel Garciga, director of Army intelligence community information management, said the government is “watching in real time a big shift” in cybersecurity. The move to zero trust is ushering in more of a threat-based and risk-based approach to cybersecurity, he said.

“We need to move the rest of Defense Department in the same direction,” he said.

Col. Michael Medgyessy, CIO and chief data officer for the Air Force intelligence community, said embracing zero trust would help intelligence agencies refocus on “protecting data and how we access it.”

The identity, credential and access management aspect of a zero-trust architecture is essential, Medgyessy said. “The ICAM solution as part of zero trust is so fundamental,” he added. That way, location won’t matter when users connect to the Air Force’s networks and assets, as long as they can properly authenticate who they are, he said.

Follow FedTech coverage for more articles from DoDIIS 2021.

Photography by Phil Goldstein