DISA leans in on zero trust
- By Lauren C. Williams
- Jul 22, 2020
The Defense Information Systems Agency is teaming up with the National Security Agency to deliver the defense community's first zero-trust reference architecture guidance later this year, DISA’s chief, Vice Adm. Nancy Norton said during the Army’s virtual Signal Conference on July 15.
Once complete, the reference architecture will be available for defense agencies to use as a guide to implementing zero trust environments where network access is continually authenticated, rather than relying on an initial login.
DISA began piloting the concept last year on the Secret Internet Protocol Router Network with U.S. Cyber Command.
“This is not going to be a wholesale, greenfield approach to new network architecture. We’re not starting over again with wholesale new equipment,” Norton said. “We are taking what’s out there today with our legacy equipment and building new principles into it.”
Norton added that analytics, policies, devices and automation would be incorporated along the way.
John Hale, DISA’s cloud portfolio office chief, said to bring zero trust to reality, DISA has been implementing it on the “use case by use case basis” as some cloud providers are “more forward-leaning than others.”
Speaking at a July 15 FCW and Defense Systems cloud event, Hale said the efforts were not pilots, but rather “large-scale implementations” that further prove out the need for boundary cloud access points, which are often criticized for choking network traffic. But even with zero trust architecture, DOD will still need the BCAPS, he said. .
DISA is also working on expanding access to boundary cloud access points for off-premises commercial cloud providers. Hale said a fourth installation for third-generation BCAPs will stand up in August, which should result in a forty-fold increas in bandwidth for off-premises providers.
“If we could have direct big, fat pipes between the end user and the commercial cloud provider, as long as they meet the zero trust [and] DOD security requirements, that’s ultimately where we want to go,” Hale said.
The Navy, which has increased migration to Microsoft 365, moved its Microsoft capabilities to third generation BCAPs, he said, adding that all mission partners should be able to use the BCAPs once the fourth installation is complete. Additional BCAPs will be added as needed, Hale said.
This article first appeared on FCW, a Defense Systems partner site.
Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.
Click here for previous articles by Wiliams.