With President Biden’s cyber executive order (EO) guiding Federal agencies towards implementing zero trust architectures, the U.S. Army Corps of Engineers has already created a Zero Trust Playbook to help outline the change and create guidelines, the Corps’ CIO said today.
The Corps had already been making progress on zero trust when the EO came out, giving it a head start, Army Corps of Engineers CIO Dovarius Peoples said July 7 on a Federal News Network webinar.
“The Zero Trust Playbook goes through about 12 different areas,” Peoples said on the webinar. “Because when most people talk about zero trust you only see it maybe from about three different perspectives, but we’ve gone from all aspects of zero trust to include the training aspects; the training from the executive level down to the technician that is responsible for implementing those things as well.”
Peoples said the process of developing the playbook has included conversations with the Federal CIO council and the U.S. Army. He said it was critical for the Corps to include training as an aspect of the playbook, and also look at zero trust from both an informational technology and operation technology aspect.
“Ultimately, in order to implement and execute you have to be trained, and we put a heavy emphasis on the training of our personnel,” Peoples said. “The Corps of Engineers, we have a heavy civil mission, and that civil mission includes working with a lot of the levees locks and dams at the local [and] state level.”
“We support those state levels when it comes to disaster recovery waterway missions, critical infrastructure and those types of things, and that’s one area that we believe could be enhanced, even as we work to meet … the executive order that was published so we’re looking at it from all aspects of it, and how do we implement zero trust framework through our playbook,” he said.
Peoples said a key to properly integrating a zero trust architecture at the Corps will be meeting end-users where they are currently and training them up. Another key will be for the Corps to leverage shared services in that process.
“When you talk about zero trust you think about shared services, think about the Federal government,” Peoples said. “And that’s one of the things that I personally believe that from a Federal DoD (Department of Defense) side of the house we could do a lot better job of leveraging some of the things that our brothers and other organizations have done through zero trust being able to show this property security so leveraging that capability to help empower the end-user.”