Randy Resnick, director of the Department of Defense’s Zero Trust Portfolio Management Office, said starting this spring, National Security Agency red-team hackers will test zero trust security by launching attacks on systems running on cloud platforms of Amazon Web Services, Oracle, Microsoft and Google, Breaking Defense reported Thursday.
The simulation will give participants a chance to observe a “realistic adversary attack [to] determine whether or not the red teams could get in and exploit data,” Resnick said during a webcast.
“That’s going to give us a really good feel on whether or not these zero trust overlays are implemented correctly,” he added.
In December, AWS, Oracle, Google and Microsoft won positions on the potential $9 billion Joint Warfighting Cloud Capability contract, which will enable DOD to directly procure enterprisewide cloud service offerings from commercial service providers across all classification levels and security domains.
Resnick said his office expects the test to provide a way for recommending to the Pentagon whether or not it could implement zero trust in the cloud.
“If…we come to the conclusion that in fact it can be done, it would be absolutely revolutionary,” he added.
According to the report, the test will serve as an “independent” experiment to determine how cloud service providers can quickly implement zero trust standards set by Resnick’s office.