The Pentagon’s cyber malaise: Zero trust deadlines translate to zero urgency
The DOD CIO must work aggressively and directly with combatant commanders to secure the OT assets our military depends on to project power across every theater of operation.
By
Lucian Niemeyer
and
Tatyana Bolton
May 22, 2025
At a time when the Chinese Communist Party (CCP) has brazenly confirmed the targeting of the operational technology (OT) that underpins our military’s global reach, the nomination of Kirsten Davies as the Department of Defense Chief Information Officer arrives not a moment too soon. As the CCP becomes increasingly unconcerned with concealing its intent in targeting our homeland, Secretary of Defense Pete Hegseth must empower the CIO to dismantle institutional complacency and morass that’s plaguing the department. To do so, the CIO must work aggressively and directly with combatant commanders to secure the OT assets our military depends on to project power across every theater of operation. Despite the current silence of the physical battlefield, the clock ticks loudly as the CCP prepositions across our critical infrastructure networks — ensuring we will no longer have a first-mover’s advantage when deterrence fails, and the kinetic war begins.
This bombshell revelation came just as the Department of Defense floated a “soft” deadline of 2035 to achieve Zero Trust (ZT) cyber protections for the same operational technology in weapons systems. The Pentagon’s Zero Trust portfolio director, Randy Resnick, described the DOD’s challenge in alarming terms: “We are far away. I’m suggesting fiscal [year 20]35 and beyond. That might actually be a 10-year effort or more.” This admission is not deterrence, but an open invitation for adversaries to ignore the Geneva Conventions and coerce Americans with existential threats. We are in a hot cyber war today, not in 2035. Our adversaries are attacking our water and power systems now. So why is the Pentagon telling our adversaries they have 10 years to penetrate our OT, disrupt mission-critical assets, and prevent weapons from launching and hitting their targets?
The secretary of defense and combatant commanders are prioritizing urgent lethality to immediately deter an adversary. We don’t have the luxury of time where “soft” deadlines introduce more risk to our global missions, weakening the deterrent credibility of the entire U.S. military. With global strife raging, we need this leadership in all programs, including the cyber protection of OT. However, when Pentagon leaders assess “no easy feat” with estimated capabilities “far away,” the message to adversaries is clear: We’re unprepared and unwilling to act quickly to counter this specific cyber threat… and that must change.
Zero trust means zero excuses.
https://defensescoop.com/2025/05/22/pentagon-cyber-malaise-zero-trust-deadlines-translate-zero-urgency/
