Posted on Apr 29, 2023
Zero trust could have limited Pentagon leak, Navy CTO says
6.4K
8
3
4
4
0
The Navy’s chief technology officer said that if the Pentagon had already implemented its “zero-trust” approach to protecting its information networks, it may have more quickly detected a recent, high-profile classified document leak.
The discovery this month that a 21-year-old member of the Massachusetts Air National Guard with a top secret security clearance had posted possibly hundreds of classified documents to a gaming website called Discord has drawn attention to the U.S. Defense Department’s ability to combat threats from within its own networks.
The discovery this month that a 21-year-old member of the Massachusetts Air National Guard with a top secret security clearance had posted possibly hundreds of classified documents to a gaming website called Discord has drawn attention to the U.S. Defense Department’s ability to combat threats from within its own networks.
Zero trust could have limited Pentagon leak, Navy CTO says
Posted from c4isrnet.com
Technology
Cyber
Pentagon
Computer Networking
DoD
Posted 1 y ago
Responses: 2
3
3
0
PO1 William "Chip" Nagel
Maj Kim Patterson Unfortunately, Most Lessons are Only Learned the Hard Way!
(0)
(0)
1
1
0
PO1 William "Chip" Nagel
..."“The whole point of zero trust is to never trust. Always verify and assume breach,” Yeske said. “You begin from the point of assuming your network has been compromised, and if it hasn’t been compromised, that compromise is inevitable. Insider threats light up like a Christmas tree when that is your approach.”
The Pentagon released its zero-trust strategy last November, laying out a plan to implement the basic elements of the “trust no one” approach by 2027. The model requires that users and their devices be constantly evaluated.
“Part of what you do in a zero-trust approach is, every time a particular asset is accessed, you evaluate that access according to a set of policies,” Yeske said, noting that he doesn’t have knowledge of the investigation beyond what’s been reported publicly. “That policy-driven evaluation would have identified, I believe, a pattern of activity here where someone who’s a network administrator, someone who is an IT professional accessing this kind of information . . . would have been questioned.”...
..."“The whole point of zero trust is to never trust. Always verify and assume breach,” Yeske said. “You begin from the point of assuming your network has been compromised, and if it hasn’t been compromised, that compromise is inevitable. Insider threats light up like a Christmas tree when that is your approach.”
The Pentagon released its zero-trust strategy last November, laying out a plan to implement the basic elements of the “trust no one” approach by 2027. The model requires that users and their devices be constantly evaluated.
“Part of what you do in a zero-trust approach is, every time a particular asset is accessed, you evaluate that access according to a set of policies,” Yeske said, noting that he doesn’t have knowledge of the investigation beyond what’s been reported publicly. “That policy-driven evaluation would have identified, I believe, a pattern of activity here where someone who’s a network administrator, someone who is an IT professional accessing this kind of information . . . would have been questioned.”...
(1)
(0)
Read This Next
Continue with Facebook 
Continue with Google