Sherman said the team would be up and running by the fall and be overseen by the chief information security officer, Dave Mckeown. According to Sherman, the new team will help boost a new approach to security, which he says is a top priority.
“You don’t just buy zero trust, it’s not a tool or a technology, it really is a new strategy,” he said during FedScoop’s FedTalks conference. “We have got to run a new … defense, and zero trust is going to be it.”
Zero trust requires both a technical and cultural change to cybersecurity protocol, where administrators assume there are already adversaries in a network and the goal is to stop their movement instead of just trying to defend the perimeter.
“I am very serious about this being a priority,” he added.
The new team will also work closely with the Defense Information Systems Agency (DISA). The military IT agency has its own zero trust efforts in its Thunderdome program. Sherman added that DISA will work closely with the new portfolio management team.
DISA is also working on a critical piece of tech to implementing zero trust, an enterprise-level identity, credentialing and access management (ICAM) tool. Sherman said this will be critical to the new framework, and that the tool should be ready by early next year.
“This is a dynamic, tough problem .. but we have the military department’s commitments on this and we have a number of pilots underway,” he said.
Zero trust has become a topic of interest not just for the DOD, but across government. A recent executive order from President Joe Biden called on all agencies to develop plans to shift to a zero trust security model following the SolarWinds breach.
Another cybersecurity priority is improving the workforce in DOD defending networks. Sherman said he is working on a full review of the workforce to find a way to support those working in cyber.
Sherman also announced a deadline for a new cyber workforce strategy that will need to be complete by early next year. The strategy will aim to boost the always thinly stretched cyber work force by recruiting, retaining and reskilling cyber talent.
“The women and men who make up the core of our civilian and uniform workforce are going to be critical in this,” he said.