Cybersecurity

Zero trust for weapons systems will be ‘heavy lifting’ for the Pentagon

While the mandate for military and defense agencies to achieve a targeted Zero Trust architecture by 2027 does not include weapons systems such as tanks or aircraft, senior officials say IT systems supporting weapons platforms are subject to Zero Trust requirements. I think it should be targeted.

“There are a number of support systems that support these weapon systems, but they are essentially IT systems that are similar to regular networks and computers. They are part of NIPR and SIPR, so we We believe it should be covered,” David McCune, the Pentagon’s chief information security officer, said Wednesday at the Pentagon Zero Trust Symposium.

“The actual weapon system platform — we’re going to continue to work on how we can employ that. But all the support systems that are associated with the weapon system are either part of the weapon system or the weapon system itself (the network (sometimes called application-based or application-based), but yes, they should be subject to the obligation.”

While it’s nearly impossible to retrofit Zero Trust into some weapons systems that are already built, the Department of Defense’s Office of the Chief Information Officer has been working to improve IT infrastructure for functions such as command and control, logistics, and maintenance. We are working to reach our zero trust target level by 2027. .

“We’ll continue to look at other areas. Zero trust for weapons systems is going to be a huge undertaking. We have to figure out how to make it happen. It’s one thing to do it with weapons systems, weapons platforms, operational technology, etc.,” said Pentagon CIO John Sherman.

In 2018, the Government Accountability Office reported that the Department of Defense “routinely” discovers cyber vulnerabilities in weapons systems late in the development process. Although the department made some progress through 2021, it failed to incorporate cybersecurity requirements into contracts. The watchdog said some contracts contained no language regarding cybersecurity requirements at all.

OT, including weapon system cybersecurity from the beginning

Darryl Hegley, the Air Force’s technical director for control systems cyber resiliency, said it is important for the Department of Defense to incorporate operational technology into all planning processes as it moves forward with zero trust implementation.

“One of the things I really want to do is include OT in all of our planning processes to make sure we’re considering the full scope of OT when we’re discussing how to integrate solutions. IT. We haven’t yet found an IT system that can operate without OT. But we still haven’t applied cyber to OT,” Hegley said.

Last year, Hegley’s team conducted a Zero Trust pilot at Spangdahlem Air Base in Germany. The team dispatched to the base was able to target 38 out of 91 operations to protect five water systems and his two sewage systems.

The Zero Trust Portfolio Management Office funded the pilot, which began operations in December. This project has shown promising results regarding the security of his OT using Zero Trust principles, but among other things in the Department of Defense’s efforts to apply Zero Trust not only to networks but also to operational technology systems Gaps in coordination remain.

“There is a lot of innovation in the world, and vendors [zero trust] Solutions applicable to OT. What we learned from that process was just a lack of coordination with other parts of the Department of the Air Force,” Hegley said.

Copyright © 2024 Federal News Network. All rights reserved. This website is not directed to users within the European Economic Area.




Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button