As zero trust moves from policy to implementation across the federal government, security leaders continue to face an operational reality: Cyber networks are contested spaces. Persistence from the country’s adversaries has ensured a shift in focus from deterring attackers to ensuring that operations can continue safely even while under attack. For the Pentagon and the broader national security community, the perceived breach is a strategic imperative that shapes how cyber defenders must operate.
This method works offline and assumes that there is no inherently secure environment. Continuous awareness and flexible policies help organizations protect critical data while allowing authorized users secure access wherever they work. Zero trust has gained wide acceptance across the federal government, including within the Department of Defense, which has established strategic growth goals to guide business-wide implementation.
By ensuring data integrity, availability and controlled access, zero trust provides an essential foundation for cyber resilience. It is very effective in preventing unauthorized access and reducing the area of explosion. However, it does not directly affect the adversary’s decision-making once the intervention effort is underway. This is where cyber deception can add value to zero trust.
While zero trust provides strong security for access and data, security practices that include deception strengthen network defenders by including mechanisms that actively engage malicious actors. When combined with zero trust, cyber deception enables organizations to go beyond deterrence to limit attackers, change adversary behavior and reduce the extent of damage caused by an adversary.
Cyber fraud
Military Cyber Deception, often referred to as MILDEC, brings long-standing deception principles into the digital realm with the goal of influencing adversary actions. Rather than focusing solely on preventing attacks, deception creates uncertainty, destroys attackers’ resources, and exposes bad behavior earlier in the attack lifecycle.
In cyberspace, deception is particularly effective in disrupting the way adversaries perceive, interpret, and act. By producing misleading or incomplete signals, defenders can slow progress, cause errors, and gain insight into attackers’ intentions and tactics. This skill can be used while the attack is in progress, not after the damage has been done.
When implemented responsibly, cyber deception complements mistrust rather than replacing it. Zero trust protects legitimate users and sensitive data, while deception creates controlled environments that attract and install attackers without interfering with mission performance. The purpose of deception is to make a friendly media environment hostile to opponents. As with any advanced security capability, deception requires thoughtful governance to ensure it aligns with operational priorities and limitations.
How internet fraud works
For deception to be effective, it must appear real and believable. Poorly executed deception is easily detected and provides little value. However, when done correctly, hacking techniques offer significant defensive benefits.
Common methods include applications and directories that impersonate real users, devices and data to lure attackers away from the production environment. Honeypots and exploits are designed to appear vulnerable, allowing defenders to observe attacker behavior without compromising the operating system. Honeytokens, like certificates or documents, generate alerts when adversaries try to access or extract them.
These methods do more than just detect malicious activity. They can undermine the confidence of attackers by creating the illusion of progress, when in reality, the attacker reveals tools, methods and plans. Even a modest delay can give defenders valuable time to react and contain threats.
Historically, using deception on a large scale has been difficult. Creating large sites often requires duplicated resources and specialized teams, with limited adoption despite clear benefits. Advances in artificial intelligence are now changing this dynamic.
Scaling with artificial intelligence
AI-enabled platforms make cyber fraud more effective and worse for federal and security agencies. By automating key elements of deception, AI allows defenders to respond quickly and with greater consistency while reducing operational overhead.
AI can support powerful deception production, creating an environment that adapts to attackers’ behavior in real time. It can analyze attackers’ interactions to identify methods, tools and techniques that provide security improvements. Automated engagement capabilities help maintain long-term trusted relationships, while an integrated orchestration coordinates fraud events with broader security and trust performance.
In fact, this allows organizations to extend their coverage without slowing down legitimate users or disrupting project performance.
Building stronger cyber security
The complexity of today’s threat environment makes one point clear. Effective cyber security requires more than just strong prevention. Zero trust provides the foundation by securing access, protecting data and enabling secure operations. Cyber deceptionbuilds on that foundation by actively engaging adversaries and reducing uncertainty for defenders while increasing it for attackers.
By combining zero trust with fraud practices, organizations can strengthen stability throughout the business. This approach supports mission effectiveness while reducing the effectiveness of adversaries in a contested digital environment.
As cyber threats continue to evolve, federal cybersecurity policies must evolve with them. Together, zero trust and cyber deception provide a comprehensive and flexible approach, protecting systems and data while reducing the impact of attacks before they can succeed.
Russ Smith is the chief technology officer at Zscaler.
Copyright © 2026 Federal News Network. All rights reserved. This website is not intended for users located in the European Economic Area.
#Strengthening #security #operations #builds #false #trust #Strengthening #national #security #deception #Federal #News #Network