Army Deputy Chief Information Officer Maj. Gen. Jan Norris said Tuesday that one of the largest obstacles to implementing the service's Zero Trust strategy will be keeping up with technology that is constantly evolving.
The Defense Department aims to implement its Zero Trust cybersecurity framework by 2027, and the Army’s plan involves achieving Zero Trust levels for the service’s Unified Network, a data-centric Zero Trust architecture, hybrid cloud resource and “unified endpoint and security management” that is cloud-based and internet-accessible.
During a virtual event hosted by GovExec on Tuesday, Norris said the challenge for DOD stems from a need to program requirements out years in advance in order to receive funding.
“When you do that, are you flexible enough with what you've programmed to be able to pivot in a world of ever-evolving technology? And I think that's inherently our challenge,” he said.
“And I can think back over my 30-year career where we've iterated on different technologies, and can you pivot fast enough?" he added. "DOD, traditionally, we're not always that flexible in our bureaucracy, but we have to be for the future.”
Norris said the Army has a goal of achieving 90 target capability areas by 2027, which will be divided up into three phases. From now through the end of 2024, Norris said the service will focus on implementing foundational capabilities such as identity management, endpoint solutions for security and incident response. A second phase, which will last roughly from 2025 to 2027, will involve streamlining identity services with “automated identity management and identity verification,” in addition to building out scalable network resources, he said.
Beyond 2027, Norris said the focus will be on adapting and continuously monitoring for evolving threats.