Transportation Command will be implementing a zero trust security model on its classified networks in the coming months, according to congressional testimony.
In “partnership with U.S. Cyber Command, we are implementing Zero Trust security model principles on our classified network and expect to complete implementation no later than the Summer of 2022,” Gen. Jacqueline Van Ovost, commander of Transcom, said Tuesday in written testimony to the Senate Armed Services Committee. “These actions have increased our cybersecurity posture as well as our ability to detect and mitigate adversarial activity.”
Zero trust is a paradigm that assumes networks are already compromised and validates users, devices and data continuously.
With high profile breaches over the past few years, the federal government is pushing agencies to move to this approach. The White House published a zero trust architecture directive in January.
The Defense Information Systems Agency is developing an architecture for the Department of Defense called Thunderdome. In January, it awarded a contract worth almost $7 million to prototype the effort. The agency has maintained that it is not mandating DOD organizations use the Thunderdome architecture, but it will be there for whoever wants to adopt it.
No further details were immediately available regarding Transportation Command’s move to zero trust.
Transcom is responsible for logistics and getting equipment around the world, coordinating with both military and commercial entities. As such, cybersecurity is of the utmost importance to the command.
“Our competitors are actively leveraging the cyber domain to achieve their national objectives. As a result, cyber resiliency and digital modernization initiatives will remain a top priority for the Command,” Van Ovost’s testimony read. “We continue to modernize our IT systems by not only taking advantage of cloud computing services but also through advancing our ability to manage data as a strategic asset to advance decision making at all levels. We also continue to increase our cyber hygiene and harden our cyberspace terrain to impose costs on an adversary’s ability to compromise our networks and systems. However, as adversaries advance their capabilities, cyber hygiene alone is not enough.”