马克·波默洛
2022年1 月 26 日上午 05:20
DISA 与 Booz Allen Hamilton 签订了近 700 万美元的合同,为其 Thunderdome 零信任架构开发原型。(美国海岸警卫队一等士官 Luke Pinneo 拍摄)
华盛顿消息——美国国防部周二宣布,五角大楼最高 IT 机构DISA签署了一份价值近 700 万美元的合同,以开发其零信任 IT 架构。
近年来,网络威胁格局的发展发生了重大变化,变得更加活跃。结果,事实证明,传统的网络防御措施经不起考验。联邦政府现在已经转向所谓的零信任模型,该模型假设网络空间已经受到威胁,并不断验证用户、设备和数据。
授予 Booz Allen Hamilton 的合同是针对 Thunderdome 的,即国防信息系统局(DISA)实施的零信任。该合同为期六个月的原型工作,该机构将在其中测试如何实施涉及安全访问服务边缘和软件定义广域网等技术的零信任架构。
“在接下来的六个月中,我们计划生产一个可在整个部门扩展的工作原型,”迪砂数字能力和安全中心主任 Jason Martin 说。美国国防官员们解释说,Thunderdome 并不是国防部的唯一解决方案。它不会在国防部或服务中强制执行,这意味着服务可以选择与 DISA 合作或实施自己的零信任系统。
官员们还指出,Thunderdome 和零信任代表了国防部开展网络安全的方式的转变。“扎根于身份和增强的安全控制,Thunderdome 从根本上改变了我们经典的以网络为中心的纵深防御安全模式,以保护数据为中心,最终将通过采用零信任为部门提供更安全的操作环境原则,”DISA 副主任 Chris Barnhurst 说。
在发生了一系列备受瞩目的网络违规事件之后——例如,俄罗斯情报人员在政府供应商SolarWinds提供的软件更新中植入恶意代码,从而允许数月来前所未有的跨联邦网络访问——美国拜登政府于 2021 年 5 月发布了一项行政命令,以加强整个国家的网络安全联邦政府。该命令的主要原则之一是让机构实施零信任。
继2022年1 月 19 日签署的国家安全备忘录之后,该备忘录确立了改善美国国家安全系统网络安全的指标,要求各机构制定实施零信任架构的计划。
去年夏天,美国国防部还决定取消联合区域安全堆栈,该安全堆栈最初旨在通过将全球无数机密入口点整合到 25 个站点来缩小网络攻击面,支持零信任 Thunderdome 方法。
Welcome to Thunderdome: Pentagon awards zero trust architecture prototype
By Mark Pomerleau Jan 26, 05:20 AM
WASHINGTON — The Pentagon’s top IT office issued a nearly $7 million contract to develop its zero trust IT architecture, the Department of Defense announced Tuesday.
The cyber threat landscape has shifted in recent years, becoming much more dynamic. As a result, traditional defenses have proven to not be up to the test. The federal government has now shifted to what it calls a zero trust model, which assumes networks are already compromised and validates users, devices and data continuously.
The contract, awarded to Booz Allen Hamilton, is for Thunderdome, the Defense Information Systems Agency’s implementation of zero trust. The contract is for a six month prototype effort in which the agency will operationally test how to implement its zero trust architecture involving technologies such as Secure Access Service Edge and Software Defined-Wide Area Networks.
“Over the course of the next six months, we plan to produce a working prototype that is scalable across the department,” said Jason Martin, director of DISA’s digital capabilities and security center.
Officials have explained that Thunderdome is not intended to be the DoD’s sole solution. It will not be mandated across DoD or the services, meaning the services can opt to partner with DISA or implement their own zero trust system.
Officials also noted that Thunderdome and zero trust represents a shift in how the DoD conducts cybersecurity.
“Rooted in identity and enhanced security controls, Thunderdome fundamentally changes our classic network-centric defense-in-depth security model to one centered on the protection of data and will ultimately provide the department with a more secure operating environment through the adoption of zero trust principles,” said Chris Barnhurst, DISA deputy director.
Following a series of high profile cyber breaches – such as when Russian intelligence personnel planted malicious code in software updates provided by government supplier SolarWinds, allowing unprecedented access for months across federal networks – the Biden administration issued an executive order in May 2021 to strengthen cybersecurity across the federal government. One of the key tenets of that order was for agencies to implement zero trust.
A follow on Jan. 19 national security memorandum establishing metrics for improving the cybersecurity of national security systems requires agencies to develop a plan to implement zero trust architectures.
Last summer, the DoD also decided to do away with the Joint Regional Security Stacks, initially established to shrink the cyberattack surface by consolidating countless classified entry points around the world to 25 sites, in favor of the zero trust Thunderdome approach.
声明:本文来自网电空间战,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
