• FACEBOOK
  • INSTAGRAM
  • TWITTER
  • LINKDIN

Pentagon to Release Zero Trust Guidance for IoT and OT This September

Key Takeaways

  • The Department of Defense (DOD) plans to release guidance for integrating zero-trust security in IoT and operational technology systems by September 2023.
  • Current DOD guidelines include 152 security controls, comprising 91 target-level and 61 advanced-level requirements.
  • The DOD’s transition to zero-trust systems includes significant industry collaboration, with emphasis on operational technology’s unique response protocols.

New Zero-Trust Security Guidance for IoT and OT Systems

The Department of Defense (DOD) is actively working towards enhancing its cyber defenses by implementing zero-trust security architectures by 2027. Key guidance on how industry partners can integrate this security framework into Internet of Things (IoT) and operational technology (OT) systems is expected to be published by the end of this fiscal year.

Randy Resnick, a senior advisor in the DOD’s Zero Trust Portfolio Management Office, revealed at the GDIT Emerge: Edge Forward event that these new guidance documents will build upon the DOD’s previously established 91 baseline “target-level” zero-trust activities. The additional guidance is anticipated to be available in September.

The DOD uses “fan charts” to outline the necessary security controls that vendors must incorporate into their zero-trust solutions for military services and defense agencies. In total, there are 152 controls, with 91 designated as target level and 61 as advanced level, offering the highest security protection.

Resnick noted the fan chart for operational technology differs from the target-level compliance chart, indicating that while there is substantial overlap, the specific activities required for OT compliance vary. For IoT systems, the same 91 target-level activities will be used, along with two additional controls.

He emphasized the importance of differentiated responses in incident management for OT systems. In certain scenarios, the idea is to ensure systems either fail open or in a manner that minimizes potential harm.

Following the guidance on IoT and OT, the DOD will also release zero-trust overlays specifically for weapons systems. With the 2027 deadline approaching, Resnick expressed confidence in their progress, noting that his office has remained intact amid recent budget cuts.

The DOD continues to run successful pilot programs with industry partners that meet either target or advanced zero-trust levels. As these solutions mature, there is optimism that DOD organizations will soon be able to seamlessly adopt and implement these systems before the approaching deadline.

However, Resnick cautioned that installation remains a challenging component involving substantial professional services and potential modifications to infrastructure. He highlighted the need for industry stakeholders to adequately prepare for the logistics of a comprehensive switchover to zero-trust systems.

The content above is a summary. For more details, see the source article.

Leave a Comment

Your email address will not be published. Required fields are marked *

ADVERTISEMENT

Indo-Pacific Business Promotion Council (IPacBiz)
Indo-Pacific Business Promotion Council (IPacBiz)
Indo-Pacific Business Promotion Council (IPacBiz)
Indo-Pacific Business Promotion Council (IPacBiz)
Indo-Pacific Business Promotion Council (IPacBiz)

Become a member

RELATED NEWS

Aaronia-11-19-24.jpg

The G20 Summit in Brazil: High-Tech “Made in Germany” Protects G20 Participants from Illegal Drones

Smart Cities

Salt_Lake_City12_smart_cities_Adobe1_rt.jpg

Salt Lake City Unveils Comprehensive Digital Service Tool for Residents

Smart Cities

Little_Rock_Arkansas_smart_cities_Adobe1.jpg

US Cities Awarded Innovation Grants to Boost Economic Mobility

Smart Cities

1200x800_ChargeGuru_Charger_smart_cities_PR1_rt.jpg

EV Infrastructure Influencing Purchase and Rental Choices in the UK

Smart Cities

Become a member

Scroll to Top