Advancing Zero Trust from the Enterprise to the Edge in the DoD: A Collaborative and Innovative Approach

Presented by GDIT

The segment from the TV show "Zero Trust and In-depth" featured interviews with Randy Resnick, Director of the Zero Trust Portfolio Management Office at the Department of Defense (DoD), and John Sahlin, Vice President of Cyber Solutions at GDIT. The conversation revolved around the DoD's goal to implement a zero-trust framework by fiscal year 2027, emphasizing the shift from traditional security measures to a more dynamic, outcome-based approach.

Randy Resnick highlighted the DoD strategy that focuses on the desired outcome—stopping adversaries—allowing for industry innovation within the framework of 91 identified activities necessary for achieving zero trust. This approach moves away from checklists towards a more integrated and collaborative method, necessitating partnerships among diverse vendors to create holistic solutions.

John Sahlin supported the outcome-focused strategy, stressing the importance of mission objectives over compliance. He pointed out the significant shift towards collaboration within the industry, urging vendors to work together rather than in competition, to meet the complex requirements of zero trust, especially at the tactical edge. The discussion also touched on the challenges and necessities of adapting zero trust principles to various operational environments, including the tactical edge, where traditional IT solutions may not be feasible or sufficient.

Key Takeaways:

1. Shift from Compliance to Outcome-Based Strategies: The DoD is moving away from a compliance and checklist-driven approach to cybersecurity towards an outcome-based strategy. This shift encourages innovation within the industry and necessitates a deeper understanding of mission objectives, focusing on stopping adversaries and protecting sensitive data in diverse operational contexts.

2. Collaboration Among Vendors: The implementation of zero trust requires integrated solutions that no single vendor can provide alone. This has led to a call for increased collaboration among vendors, or "frenemies," to develop comprehensive solutions that meet the DoD's zero trust requirements. Such collaboration is essential for innovation and for addressing the complex challenges of cybersecurity in both IT and operational technology (OT) environments.

3. Adapting to the Tactical Edge: The conversation highlighted the unique challenges of applying zero trust principles in various operational environments, particularly at the tactical edge where resources may be limited, and traditional IT solutions may not be applicable. This underscores the need for flexible, adaptable solutions and further emphasizes the importance of industry collaboration in developing technologies that can meet these diverse requirements

Original Broadcast 2/27/24