The Pentagon is implementing a "zero trust" strategy to protect its servers from cyber attacks

Image source: topwar.ru

The new anti-hacker strategy of the US Department of Defense is called "zero trust". Its essence lies in the fact that the network is already considered to be subject to cyberattack, and any user or account owner who performs actions in it is a potential threat.

- Randy Reznik told reporters before the release of the new network security strategy.

Many skeptics claim that this strategy is five or more years late, and although they may be right, its main idea is that the Ministry of Defense has changed its attitude to cybersecurity very much, and in the near future they want to make it a reference for other units. The developers of the ideas of the "zero trust" strategy solve security problems architecturally, striving for a lasting and measurable effect.

The 29-page strategy paints a very disturbing picture for the information segment of the US Department of Defense, which is subject to large-scale and constant attacks by known and unknown attackers. It names both individual individuals and opponents sponsored by states, especially, according to the States themselves, by China. At the same time, it is said that allegedly the Chinese very often violate the "tranquility of the network space" of the Pentagon.

The strategy of protection against cyber attacks is divided into types of zero-trust targets. The first stage receives the prefix "target" zero trust. It represents the required minimum set of actions that the Ministry of Defense and its units must perform by fiscal year 2027.

More global requirements are included in the "extended" zero trust, which should provide the highest level of protection. In total, 152 necessary "actions" are defined in the strategy. 91 items must be completed to achieve the target zero level of trust and another 61 actions, according to the American authors, will make the IT system of the US Department of Defense fully protected.

Although the strategy does not indicate specific technologies or solutions, it is a list of requirements and algorithms that the US Department of Defense should implement to achieve targeted and advanced security levels.