The U.S. Defense Department is adjusting its IT security strategy to reflect modernized system safety solutions in the form of zero-trust architecture. The Defense Information Systems Agency (DISA) is pursuing a data-centric and verification-focused model that has been championed by the IT security industry for some time. Existing limitations caused by outdated federal network construction will make zero-trust adoption a chore, and DISA is seeking guidance from industry leaders for this shift.
The paradigm for the federal government’s endgame includes Secure Access Service Edge technology. Ditching silos and adapting to current trends means converging network assets and security services into a single cloud-housed platform. DISA hopes to also bring cloud-based software-defined wide area networks (SD WAN) into the mix. Network user identification will be streamlined by the appropriation of enterprise identity, credentialing, and access management (ICAM).
Lending a hand to DISA in these matters is an appealing prospect for IT rehabilitation facilitators. They would be scoring an Other Transaction Agreement contract that guarantees a truncated payment timeline and serves as a loophole for constrictive Federal Acquisition Regulations. DISA is setting a high bar by expecting operations on this new technology to reach the standard of minimum viable product within six months of a contract award. The agency has also toyed with implementing a Challenge-Based Acquisition to ensure that candidates have the countless technical proficiencies needed to pull off such a drastic overhaul before entering into this lucrative contract.
U.S. cybersecurity budgeting signals that defense is taking precedence over offense in terms of long-range strategy. 2022 fund requests include $980 million for cryptology, which is the largest year-over-year increase at $302 million. The Defense Department is also appealing for a notable increase in the ICAM budget; it has set its sights on around $250 million to be allocated in that undertaking. This accompanies a marked decrease in funds for international “hunt-forward” exercises.
Zero-trust adoption was a central theme in the Biden administration’s recent EO on cybersecurity, and the money is amassing quickly. Federal agencies will need trusted partners in the IT industry to bolster this venture with battle-tested security expertise and network architecture prowess. The competition for an OTA contract will surely bring the cream of the crop of service providers to the fore, and the U.S. government’s cybersecurity strength will be all the better for it.