The news has just leaked out: The US State Department was recently the victim of a cyber-attack. The attack is believed to have taken place a few weeks ago, shortly after a Senate committee warned of the risk of a data breach. What is surprising is that this is not the first time the State Department has been the subject of a cyber-attack. Indeed, it was one of dozens of federal agencies - and thousands of private data networks (more than 18,000 government and private computer networks) - hit by the massive SolarWinds breach in December 2020. What then of the computer security lessons learned from the Department of Defense (DOD) "Zero Trust Reference Architecture"(1) and from the National Institute of Standards and Technology's Special Publication 800-207 on "COMPUTER SECURITY" devoted to the ZERO TRUST ARCHITECTURE (2)? Is this just another example of the famous saying that it is the shoemaker who is the worst shod? Or should we look further and analyse the con