Zero trust would have helped prevent Pentagon leak, CIO Sherman says

BALTIMORE — The recent leak of national security documents would have been easier to discover and prevent had the U.S. Department of Defense already instituted the latest cybersecurity practices known as zero trust, according to Pentagon Chief Information Officer John Sherman.

The disclosure of the classified reports, allegedly spearheaded by a 21-year-old member of the Massachusetts Air National Guard, has prompted a hard look at the department’s information-security practices. The breach included insights about the ongoing Russia-Ukraine war.

Sherman on May 3 said a zero-trust approach “sure as heck would’ve made it a lot more likely that we would have caught this and been able to prevent it at the front end.” Prying eyes and ears are both an external threat — considering China, Russia and other nations — and an internal hazard.

“This is something we’ve grappled with for years,” Sherman said at the AFCEA TechNet Cyber conference in Baltimore. “We had the Snowden disclosures nearly 10 years ago. We’ve had other unfortunate events here.”

Edward Snowden was a former American intelligence contractor who in 2013 made public the existence of global surveillance dragnets. The U.S. government deemed him a traitor; he was later granted Russian citizenship.

Zero trust is a different paradigm for cybersecurity, one which assumes networks are always at risk or already jeopardized, requiring constant validation of devices, users and their digital reach. Sherman previously likened zero trust to believing “no one or no thing.”

The Pentagon in November published its transition strategy, with eyes set on widespread implementation by fiscal 2027.

Read more

Explore the site

More from the blog

Latest News