Page 25 - FCW, August 2020
P. 25
Trending
199 cloud services had received FedRAMP authorization as of July 31
Navy eyes shift to zero trust for COVID-related telework
DOD to
announce JEDI
award in August
The Navy’s top cyber official said he expects the department to move to a zero trust security model to secure government systems while a critical mass of employees continue to work from home due to the COVID-19 pandemic.
Chris Cleary, the Navy’s chief information security officer,
said that shortly after the
virus started spreading across
the U.S., the Navy adopted
the Defense Department’s
internal collaboration tool,
called the Commercial
Virtual Remote Environment. Although operational and classified work was still
routed through secure facilities, the tool allowed hundreds of thousands of Navy employees to continue working while under stay-at-home orders by accessing agency information through the cloud on their government-issued or even personal devices.
It made it possible for many projects to continue functioning, and the experience taught the Navy the value of creating a new, broader security architecture. “I think you’re going to see the Navy, based on COVID, aggressively pursue zero trust,” Cleary said during a
webcast hosted by FireEye in July. “It was something that was being kicked around as the latest buzzword a year ago, but now it’s really moved to the top of the stack, principally to enable this telework problem.”
Zero trust is built on the assumptions that there is no meaningful network perimeter and that access controls should be tightly regulated and monitored even for high- level employees. It has been steadily gaining popularity in the private and
public sectors over the past decade.
— Derek B. Johnson
The Defense Department plans to announce the winner of its $10 billion cloud contract, the Joint Enterprise Defense Infrastructure, in August.
The contract was initially awarded to Microsoft in October 2019, but the choice sparked multiple legal and oversight probes regarding how the solicitation was handled and whether there was undue influence from the White House.
A judge gave DOD a 120-day stay, which expires Aug. 17, to reconsider portions of the JEDI contract and collect revised bids from Microsoft and Amazon Web Services, which filed a lawsuit and protests over technical requirements.
On July 30, DOD CIO Dana Deasy told reporters the department expects to re-announce its “intentions to award” by the end of August, “barring any last-minute unforeseen additional issues that are raised.” He conducted the call via DOD’s Commercial Virtual Remote Environment using a version of the Microsoft Teams platform.
DOD expanded its use of the CVR Environment to cope with the teleworking mandates that were issued early in the COVID-19 pandemic. Since then, the platform has approached 1 million users, and Deasy said it is spurring conversations about using the capability to facilitate classified work.
He also said there are active conversations about what a sustained teleworking environment might look like and whether DOD should consider reducing its office space to save money that could be reinvested in higher mission priorities.
— Lauren C. Williams
DHS bill would create public/ private cyber center
The Cybersecurity and Infrastructure Security Agency would receive a hefty budget increase and establish a joint cybersecurity center under the $56 billion Department of Homeland Security funding bill crafted by the House Appropriations Committee.
The bill would set aside $2.25 billion for CISA operations, which is about $239 million above 2020 spending levels and nearly $500 million more than the agency requested. Approximately $11.6 million would go toward establishing a new Joint Cyber Center for National Cyber Defense.
“The idea is to establish a joint cyber center to bring together
federal and \[state, local, tribal and territorial\] governments, industry and international partners to strategically and operationally counter nation-state cyberthreats,” a House Democratic aide told FCW.
Other notable funding provisions for CISA include $19.4 million for the Multi- State Information Sharing and Analysis Center, $6 million to beef up Hunt and Incident Response Teams, $18 million to support supply chain risk management priorities, $10 million for vulnerability management infrastructure and $32.6 million for cyber defense education and training.
— Derek B. Johnson
“I think you’re going to see the Navy, based on COVID, aggressively pursue zero trust.”
— Chris Cleary, Navy
August 2020 FCW.COM 25