Zero trust would have ‘likely’ caught and prevented classified leak, Pentagon CIO believes
You can officially count Department of Defense CIO John Sherman among those who believe a zero-trust security architecture across the U.S. military could’ve prevented the recent leaking and posting of classified national defense information online by an Air National Guard member.
Sherman said Wednesday at the AFCEA TechNet Cyber conference in Baltimore that zero trust “sure as heck would have made it a lot more likely that we would have caught this and been able to prevent it at the front end of something like this happening.”
Under Sherman’s direction, the DOD is working to deploy a zero-trust architecture — through which users are not given implicit trust but rather required to authenticate any time they move around a network — by 2027. The architecture is based on a series of principles like identity, monitoring, access management and more — and those capabilities could have been key in detecting Guardsmen Jack Teixeira as he allegedly leaked and distributed troves of classified documents, Sherman said at the conference.
For Teixeira — “a trusted insider, someone who’s gone through the background investigation and been given access to [the Joint Worldwide Intelligence Communication System], top secret-level capabilities,” as Sherman put it — zero-trust capabilities like user activity monitoring could have led to the early detection of the threat, he said.
There also needs to be better data access controls and a more thoughtful balance between “need to know” and “need to share” for classified information, Sherman said.
“How do you balance this, particularly at the top-secret level where we have capabilities like Intelink, where we have a large corpus of documents and information there? We want analysts who are working in the intel sections to be able to connect those dots, to be able to do the work they need to do, but we also need to have some sort of data access controls — pillar number four on the NIST zero trust framework. So how do we do that? How do we have the analytics and visibility — pillar number seven of zero trust — and implement this without turning the rheostat too far one way or another?” he added.
With this latest national security leak, Sherman said, it’s a reminder that while foreign adversaries are the top threat for the DOD, insider threats still loom.
“This is something we’ve grappled with for years. We had the Snowden disclosures nearly 10 years ago, we’ve had other unfortunate events here. We talk a lot about zero trust in terms of the global competition we’re in against state actors, the People’s Republic of China and the PLA over there, Russia, Iran, North Korea. But one of the most pernicious things we have to be aware of are insiders that will, using other means, release data that should never see the light of day,” he said.
Since the leaks, Sherman in April issued a directive aimed at ensuring DOD components are vigilant about who has access to sensitive information.