U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

  1. Home
  2. News
  3. Second Annual Zero Trust Symposium Focuses On Implementation

Second Annual Zero Trust Symposium Focuses on Implementation

Zero Trust article banner with designs including the DoD seal.

Second Annual Zero Trust Symposium Focuses on Implementation

The second annual DoD Zero Trust Symposium served as an opportunity for the cybersecurity community to check in, share ideas and progress and discuss the path forward for Zero Trust. Experts from government, industry and academia participated as speakers and attendees during the two-day symposium to discuss the DoD framework, lessons learned and the way ahead.

“Last year started DoD on its Zero Trust journey,” said COL Gary Kipe, DoD Zero Trust Portfolio Management Office (ZTPMO). “We spend most of our day vigorously doing Zero Trust and cybersecurity.” Kipe noted that DoD needs to “slow down and think” how best to implement Zero Trust and expanded on public data breaches to explain the breadth of the threat facing DoD.

Attacks could focus on either the DoD directly or target vendors or subcontractors of all sizes. Risks, therefore, need to be identified beyond the Pentagon and combatant commands.

Zero Trust: A Critical Mission for DAU

“The whole area of cyber and Zero Trust is a vivid example of the things we’re dealing with today in our changing world,” said DAU President Jim Woolsey. “Technology is advancing quickly – [there is] no place that you can see that as vividly as the cyber realm.” Woolsey described complex phishing and other attacks that adversaries are deploying. In addition, new technology like artificial intelligence, machine learning and quantum computing are all exposing vulnerabilities and potential tools to protect data.

“Cyber attacks can be done by small groups of people … and is a vivid example of how near peers and others are gaining ground on us,” Woolsey said. With adversaries dedicated to breaching DoD’s systems, Zero Trust and cybersecurity are critical.

“The cyberworld is in the fight,” Woolsey said. “All of us have an opportunity to make things safer for everything, and ultimately for the warfighter... There are changes happening in training and learning, where DAU is responding and leading. Certification [alone] isn’t going to meet the need; [DoD] must be proactive and engaged with learning. You know what you need to learn; DAU needs to find ways to meet those needs.” 

Partnerships and Implementation

Cybersecurity and Zero Trust remain a collaborative team effort. Randy Resnick, Director, ZTPMO, described the symposium’s growth from its first year, which had 1,000 registered attendees. This year’s symposium had more than 3,000 registered attendees. In addition, ZTPMO made significant progress in implementation and development for Zero Trust across DoD since last year.

“Zero Trust is the most modern cybersecurity approach to defeat adversary activity,” Resnick said. Zero Trust assumes the “adversary is in-network” and “restricts their freedom of movement.” Zero Trust relies on systems constantly authenticating and authorizing users and devices to validate they belong on the network and automatically blocking those that fail validation. ZTPMO ensures that Services and components are synchronized and interoperable when applying cybersecurity.

Zero Trust “stops adversary access to DoD data,” Resnick said. ZTPMO’s goal is to defeat or frustrate the adversary by implementing a higher level of Zero Trust than what DoD had when they started their push for cybersecurity. Since the October 2022 DoD Zero Trust Strategy, ZTPMO has delivered implementation plans and submitted a briefing to Congress on trends and findings related to Zero Trust. In 2023, ZTPMO also delivered implementation plans for Zero Trust.

Zero Trust is “not easy to implement,” Resnick said. “We can’t do this on an annual basis...we need to automate this process.” Resnick recommended that organizations employ a full-time subject-matter expert on Zero Trust who can represent Zero Trust for these agencies or components that can communicate at a senior-level with ZTPMO.

In 2024, ZTPMO’s priorities include accelerating the ability to do pilots and engage with DoD components, including external government agencies. “We want to be partners and good citizens,” Resnick said. “Our focus is on promoting the sharing of strategy, information and interoperability” in 2024 and 2025. This work for each component would include various levels of assessments leading to a Zero Trust final report and adjudication. Testing, oversight, vendor oversight and documentation are also key parts of the next phase of Zero Trust implementation.

Zero Trust is a Top Priority

“Zero Trust is among our top priorities,” said John Sherman, DoD Chief Information Officer. He identified Zero Trust as the “fulcrum” for a variety of other issues, such as addressing and bringing DoD’s modern technical and technological solutions. “Zero Trust is first and foremost among our efforts.” Thanks to the work done by ZTPMO and their partners, DoD's is on track to reach the targeted levels of Zero Trust by the end of Fiscal Year 2027.

“We’ve got a strategy and implementation plan,” Sherman said. “We have to evolve.” According to Sherman, Zero Trust is part of this evolution and “a paradigm shift” as well as a “new way of doing defense.” He compared it to the concept of “active defense” and “air land battle,” terms that revolutionized conventional warfare. 

He shared that Zero Trust is facing the same challenges as the acquisition community for all systems, they need to move faster to deliver products at the speed of need. He acknowledged that DoD needs to improve the speed at which it achieves Authority to Operate and Continuous Authority to Operate. The process “needs to be rigorous and secure,”

“Compliance isn’t enough,” Sherman said. “You need a cybersecurity culture. I want our adversaries, our pacing challenge and others … unable to get to the data.”

Learn more about the symposium and view the presentations on DAU Media:

Zero Trust article banner with designs including the DoD seal. Matthew Sablan