WASHINGTON — Pentagon leadership will begin reviewing plans to implement zero-trust measures across the military, as cybersecurity officials eye a 2027 deadline.

Pentagon Chief Information Officer John Sherman on Sept. 7 said the services and other defense organizations will submit their blueprints in the coming weeks, with evaluations scheduled between then and “the holiday period.” The inspections will be led by Randy Resnick, the director of the zero-trust portfolio management office, and his team.

“That’s a very important milestone, coming up here next month, to get these plans in and start the assessment,” Sherman said at the Billington Cybersecurity Summit in Washington. “We’ve got to flip the script here, given what we face here in 2023 and beyond.”

Zero trust is a different paradigm for cybersecurity — one that assumes networks are always at risk or already jeopardized, requiring constant validation of devices, users and their virtual reach.

This chart was included in the Pentagon's new zero-trust strategy and provides a look at what the new approach to cybersecurity comprises.

Since 2015, the Department of Defense has experienced more than 12,000 cyber incidents, with annual totals steadily declining since 2017, according to a Government Accountability Office report. The push to beef up digital defenses comes as the U.S. prepares for potential conflict with Russia or China. Both wield serious cyber arsenals.

The Pentagon published its zero-trust strategy in November. It detailed dozens of activities and capabilities needed to reach “targeted” zero trust by 2027. Dozens more are need to satisfy “advanced” requirements farther down the road.

Different approaches from different organizations are expected, but with the same goal in mind. Sherman has previously likened it to a pick-your-own adventure.

“When you have combatant commanders talking about zero trust, the chairman of the Joint Chiefs of Staff talking about zero trust, it is in the DNA of the department now,” he said Thursday. “Everybody’s rowing in the same direction.”

Colin Demarest was a reporter at C4ISRNET, where he covered military networks, cyber and IT. Colin had previously covered the Department of Energy and its National Nuclear Security Administration — namely Cold War cleanup and nuclear weapons development — for a daily newspaper in South Carolina. Colin is also an award-winning photographer.

More In Cyber