The new anti-hacking strategy of the US Department of Defense is called “zero trust”. Its essence lies in the fact that the network is considered to be already subject to a cyber attack, and any user or account owner who performs actions on it is a potential threat.
With zero trust, we assume that the network has already been compromised, and with the help of repeated user authentication and genuine authorization, we will in every possible way prevent the attacker from moving around the network, as well as quickly identify him and reduce the damage and vulnerability that he could exploit.
Randy Resnick told reporters ahead of the release of a new network security strategy.
Many skeptics argue that this strategy is five years or more late, and while they may be right, its main message is that the Department of Defense has changed its attitude to cybersecurity very much, and they want to make it a benchmark for other departments in the near future. . Developers of the ideas of the "zero trust" strategy solve security problems architecturally, striving for a long-term and measurable effect.
The 29-page strategy paints a very disturbing picture for the US Department of Defense information segment, which is under widespread and constant attack from known and unknown attackers. It names both individuals and those sponsored by the states of opponents, especially, as they say in the States themselves, China. At the same time, it is said that allegedly the Chinese very often violate the “calm of the network space” of the Pentagon.
The cyber attack strategy is broken down into types of zero trust targets. The first stage is prefixed with "target" zero trust. It represents the required minimum set of actions that the Department of Defense and its divisions must complete by Fiscal Year 2027.
More global requirements are included in the "extended" zero trust, which should provide the highest level of protection. In total, 152 necessary “actions” are identified in the strategy. 91 points must be completed to achieve the target zero level of trust, and 61 more actions, according to American authors, will make the US Department of Defense IT system completely secure.
Although the strategy does not point to specific technologies or solutions, it is a list of requirements and algorithms that the US Department of Defense must implement in order to achieve targeted and advanced levels of security.