Dr. Daniel Goure authored a blog post in which he said the U.S. must adopt a Zero Trust Cybersecurity policy in light of recent cyber attacks from countries like China and Russia. Goure is the vice president at the Lexington Institute, a research think tank based in Arlington, Virginia.

"For the U.S. to have confidence in sharing data with allies, those countries must begin now to implement a program of Zero Trust Cybersecurity," Goure wrote. 

According to Goure's commentary, the U.S. is dependent on information sharing with other countries to be able to compete against hostile foreign nations. China and Russia have increased their cybersecurity attacks recently, making cybersecurity and the need for a global policy more necessary.

"As the leading military, technological and economic power of the democratic world, public and private institutions in the United States deal with a barrage of cyberattacks every day," Goure said. 

The Office of Management and Budget, the Departments of State, Defense, Energy and Commerce, IT, finance, defense and scientific research sectors have all been breached recently. Similarly, European countries have seen an uptick in cyber attacks since Russia invaded Ukraine.

According to Goure, the National Security Agency (NSA) discovered Chinese hackers had infiltrated Japan's military technology and other cyber attacks were carried out on Australia which recently completed a nuclear information agreement with the United Kingdom. Goure said the problems of remote work and the "Internet of Things" "which involves connecting billions of sensors and other devices" contribute to this problem. Goure claims U.S. military networks are the most complex yet the most vulnerable. Finding a way to secure the U.S.'s military networks while sharing important information with allied nations is complicated as every country has different security systems. Goure suggested a Zero Trust Cybersecurity program which "takes as a foundational principle the idea that a network is always at risk of being penetrated and that all users must be continually authenticated and authorized."

According to Goure, Zero Trust never assumes a user is authorized and each user can be isolated and investigated quickly. Part of Zero Trust is Comply-to-Connect (C2C) which "requires that all endpoints and users on a defense department network be identified, authenticated, qualified and continually monitored." Goure said C2C allows networks to operate at a proper speed even while being attacked. Goure mentioned the Pentagon's plan to attach C2C to all networks in the next five years. Goure said, "It would be wise for all U.S. partners to adopt them [C2C and Continuous Diagnostics and Mitigation]."