Zero Trust Strategy released by US Department of Defense on November 22, 2022 (Source: CDSTIC)
The US Department of Defense (DoD) released the Department Zero Trust Strategy, a cyber protection program, on November 22, 2022.
According to military observer Shao Yongling, the DoD believes traditional cybersecurity approachesare no longer able to cope with current and future cybersecurity threats, so it launched the “Zero Trust” cyber protection program to create a “never trust, always verify” mechanism to fortify its cybersecurity.
The US military holds that the progress of technology enables perpetrators to extract sensitive data from the DoD and the national security system more easily. The “castle-and-moat” security approachesbased on conventional authentication and authorization models donot work effectively to thwart current and future cyber-attack vectors, and a coordinated,defensive response that is adaptive, flexible, and agile is urgently needed. This change of concept requires everyone to ensure the security of equipment, procedures, assets and services in a “never trust, always verify” spirit, and users will only be allowed to access the truly needed data when necessary.
Abandoning the traditional cyber security concept to build a brand-new architecture faces many technical challenges, said Shao, and the US has just started and is still testing the water.
The “zero trust” security concept turns from the traditional approach to “multi-attribute-based confidencelevels” and the authentication and authorization strategy based on “minimal access”. Zero Trust uses continuous multi-factor authentication, micro-segmentation, advanced encryption,endpoint security, analytics, and robust auditing, among other capabilities, to fortify data,applications, assets, and services to deliver cyber resilience.
Shao also pointed out that while stressing what cyber security threats it is facing and rolling out the Zero Trust program, the US feels no qualms about attacking its rivals’ or even allies’ network to steal secrets, which is typical double standards. It is the US that’s the biggest threat and destroyer of global cybersecurity.
For a long time, the US has been tapping its rivals and allies in various ways and leaving “backdoor” in the hardware and software it sells in order to gain access to intelligence and secrets.
What the so-called “zero trust strategy” really means is that the US will fortify its own “moat” to protect the “castle” while feeling comfortable about jeopardizing the network of other countries. It should have the capability to stop other countries from accessing American network at will while ensuring its own access to other countries’ network anytime, anyway it wants.
“Double standards” is the keyword of American’s strategy in any domain.
Editor's note: Originally published on military.cnr.cn, this article is translated from Chinese into English and edited by the China Military Online. The information and opinions in this article do not necessarily reflect the views of eng.chinamil.com.cn.
