The United States Department of Defense (DoD) has a zero trust The Challenge. At the same time, the cyber threat landscape and offensive and defensive tactics are evolving with advances in AI and ML, including adversaries’ ability to use sophisticated algorithms to identify network and software vulnerabilities, predict trends, and exploit weaknesses. All of this means that the need for a data-driven approach to improving security practices has become more critical than ever.
Zero Trust security principles are a sound foundation for the DoD because they assume that no one is trusted by default, whether inside or outside an organization’s network, and require strict identity authentication and continuous verification to maintain the security of critical assets and networks. The challenge, however, is that there is currently no consistent approach to training and implementing Zero Trust across agencies. It is difficult to implement given the varying security needs, tooling, training, and adoption levels across the military. The military must move from an isolated network management model to a more integrated approach to address this challenge.
To help overcome these challenges, DoD has released a comprehensive strategy 400-Page Guide to Zero Trust Overlaysaiming to standardize the process for the first time. However, this voluminous guide will take time to implement, and the DoD does not plan to fully implement Zero Trust until 2027. So where should agencies start, and how can we improve training and accelerate implementation now?
On the AI Offensive Battlefield
Cyberattacks are becoming more sophisticated and harder to detect. For example, AI-based attacks can adapt and evolve in real time, allowing malicious actors to change their techniques more quickly than defensive cyber operations (DCOs). AI and ML also enable automation and expansion of these efforts, creating more credible and larger-scale phishing campaigns and sophisticated malware delivery. All of these tactics pose a significant risk to government agencies whose digital assets and connected devices are not adequately protected.
These technologies can also exploit vulnerabilities in the cloud, network, and devices. By using AI and ML to analyze vast amounts of data, attackers can identify and target weaknesses with extreme precision. They may also be able to poison the underlying AI language models to create false alarms and unwanted actions from defensive tools.
Leveraging AI for Better Defense
To counter these techniques, the military is also using AI and ML in defensive measures to strengthen key cybersecurity actions, such as anomaly detection, alert generation, and incident response. AI-powered systems can also analyze network traffic and user behavior patterns to identify potential threats faster than humans alone. At the same time, ML algorithms are enhancing security information and event management (SIEM) systems and security orchestration automation and response (SOAR) tools to make them more effective in managing and mitigating incoming threats.
However, the effectiveness of military cyber defenses still relies heavily on effective training and a good understanding of the underlying technologies. Cybersecurity professionals must be able to interpret the information generated by AI and make informed decisions based on it.
Trust no one and train everyone
Zero Trust architecture is increasingly being seen as a solution to the challenges posed by AI and machine learning. Initial training should focus on standardizing foundational technologies—including secure web gateways, Zero Trust network access solutions, identity and access management, multi-factor authentication, device certification, and biometrics, among others—and developing a common understanding of Zero Trust principles. This foundation will support more advanced security measures as DoD moves toward full, broad implementation.
The next step is to educate users on zero trust security by taking a data-centric approach rather than focusing solely on specific security tools or technologies. Emphasizing the importance of understanding and managing data elements such as authentication logs and the state of connected devices will help establish a stronger foundation for implementing zero trust security. This will not only protect data, but also create a standard approach that includes additional sensors to identify misconfigurations, leaks, or potential malicious activity.
Training should be an organization-wide awareness effort to build security and privacy knowledge, educating all employees on the importance of a Zero Trust approach to protecting DoD information, systems, networks, and personnel. From there, organizations can focus on more specific management and role training for systems developers. This documentation will help build institutional knowledge on how to consistently deliver the security, privacy, and control functions needed to maintain a Zero Trust environment.
Remember that while the mission and functions of each DoD agency may vary, there must always be a standard that each mission must meet to ensure the baseline across the department. This also makes collaboration with the private sector, such as CISA Joint Cyber Defense Collaboration Project (JCDC) for sharing threat intelligence and expertise, which is valuable when building zero trust models. Engagement with industry leaders will help ensure that security policies and training programs reflect the latest threat intelligence and security best practices. This collaboration will also foster a more agile and informed approach to cybersecurity, enabling the Army to better manage the challenges of AI and ML.
Strengthening government security for the future
The use of AI and ML as weapons further complicates the digital battlefield, presenting significant challenges and opportunities. As adversaries leverage these technologies to enhance their offensive capabilities, the military must leverage AI and ML defensively while maintaining zero trust principles. By taking a proactive, unified approach to zero trust training and adoption, the U.S. military can stay ahead of evolving threats and build a more secure defense for the future.