February 10, 2026

From legacy to leadership: Achieving Zero Trust cybersecurity in government with AI

By Kylie Watson, Head of Cybersecurity, Asia Pacific, Middle East and Africa, DXC Technology

The critical need for Zero Trust

The world’s rapid acceleration in digital transformation across multiple sectors has made cybersecurity not just an IT issue, but a leadership priority for government agencies.

Adversaries are using AI to outpace traditional defences, and cyber threats are escalating in scale and sophistication. The federal government’s Cyber Security Strategy 2030 outlines a clear direction for public service agencies to meet these growing threats.

Cybersecurity leaders know that adopting a Zero Trust model can help address the guidelines set out in the strategy, but the question arises; how can agencies rapidly introduce a Zero Trust approach that both integrates with existing infrastructure and evolves with ongoing technology modernisation? 

The challenge: Legacy systems and rising threats

Zero Trust is widely recognised as the gold standard for modern cybersecurity. It is a model that assumes breach as the default, enforcing verification for all users, ensuring they can only access the absolute necessities for their role and continuously monitoring activity.

It’s a simple enough model. You could liken it to securing a house. Traditional cybersecurity methods rely on locking the front door to keep intruders out. Zero Trust, on the other hand, assumes an intruder might still get in. Once inside, they encounter locked doors, drawers and cabinets at every turn, preventing them from easily accessing valuables in multiple locations.

Implementing this siloed protection model in complex technology environments, however, is far from straightforward.

The solution: AI-enhanced Zero Trust

Zero Trust offers a path forward but, to be practical for the public sector, it must work within existing infrastructure. This is where AI becomes a game-changer.

Rather than forcing agencies into rip-and-replace programs which require significant investment to implement and years to integrate, AI can be integrated as an intelligent layer over existing systems, enabling Zero Trust principles without disrupting critical operations. There are three key ways this can come to life.

1. Strengthening identity and access

In today’s borderless world, identity is the new perimeter. Zero Trust begins by ensuring that only authorised people and devices can access sensitive systems. Multi-factor authentication (MFA) is a fast, effective starting point, a point that is enshrined in guidance from the Australian Cyber Security Centre and the Australian Signals Directorate. Furthermore, 83% of organisations confirm MFA can be implemented without modifying legacy code. Role-based access control adds another layer of authenticated cybersecurity, with 60% validating its effectiveness for legacy integration.

AI can take this a step further by enabling adaptive authentication, with machine learning able to analyse user behaviour, detect anomalies and adjust access dynamically, reducing false positives and improving cybersecurity without adding friction.

2. Continuous monitoring and threat detection

Legacy systems can often struggle with real-time monitoring due to data volume and tool limitations. Agentic Security Operations Centre (SOC) capabilities solve this by processing vast datasets at speed, identifying patterns and flagging genuine threats in real-time. Automated remediation can even neutralise risks before they escalate, reducing reliance on overstretched cybersecurity teams and providing an additional layer of efficiency.

3. Microsegmentation for breach containment

Think, again, of Zero Trust as a house. If there is a break-in to the living room, microsegmentation prevents lateral movement into any other rooms, locking down access beyond the initial entry point. This principle is vital for complex environments, where lateral movement can turn a minor breach into a major incident. AI-driven segmentation simplifies this process, creating secure zones without manual intervention.

DXC’s perspective: Turning ambition into action

Zero Trust is not a destination, it’s a journey. Transforming to align with Zero Trust principles doesn’t mean starting from scratch. DXC partners with organisations to maximise tech ambitions while working within the parameters of existing infrastructure.

By layering AI-driven visibility, analytics and adaptive controls into legacy systems, the government can prioritise cybersecurity throughout strategic modernisation programs.

DXC’s 3,200+ cybersecurity professionals expertly address these challenges with global experience enabling secure-by-design environments in critical infrastructure, together with industry-leading partners and best-of-breed technology. Our approach focuses on:

• Identity-first cybersecurity using MFA, IAM, and AI-driven verification
• Adaptive monitoring powered by an agentic SOC for real-time threat detection and response
• Microsegmentation to reduce the blast radius of breaches
• Integration with existing environments to minimise disruption and cost

Conclusion: A call to action

Successfully embedding Zero Trust into government agencies will require more than technology. It will need cultural change, cross-agency collaboration, strong leadership and a commitment to secure-by-design principles at every level.

Zero Trust is an approach that doesn’t demand wholesale system overhauls — it can start with small steps. Begin with identity and gradually layer AI-driven controls before building in microsegmentation. Above all, agencies need to treat Zero Trust as a continuous journey that evolves with technology, threats and citizen expectations.

DXC stands ready to help. Together, we can build a safer, smarter and more trusted digital future for all Australians.