Page 4 - FCW, November/December 2021
P. 4

FJinding the path to Zero Trust
ust like its commercial and private security and modernize federal cyber security by building a wall around the networking counterparts, federal defenses. Among its requirements environment and screening everything
network operations face a growing tide of cyber intrusions that change and morph as hackers get smarter and more nimble. Decision-makers from all areas of government agree that things have to change.
The tide is getting higher and higher. The White House reported more than 30,000 information security incidents across the federal government in 2020 alone, from small unnoticed incursions, to the high profile hacks of IT facilities at big government agencies.
“The United States now operates
in a cyber landscape that requires a level of data security, resilience, and trustworthiness that neither the U.S. government nor the private sector alone is currently equipped to provide,” concluded a report from the U.S. Cyberspace Solarium Commission.
In his May, 2021 executive order, President Biden reiterated that thinking with an executive order mandating that the federal government significantly improve network
include increasing cybersecurity incident intelligence sharing between agencies, standardizing cybersecurity requirements, implementing zero-trust architectures, requiring multifactor authentication and encryption for data at rest and in transit, creating a uniform response to cyber incidents, improving detection of incidents on federal networks, and improving investigative and remediation capabilities.
The Defense Department’s recent Zero Trust Reference Architecture emphasizes the zero-trust aspect of
the executive order. The DoD defines zero-trust as a cybersecurity strategy and framework that embeds security throughout the architecture to prevent malicious actors from accessing critical assets. The idea is that no person, system, network or service operating outside or within the security perimeter can be trusted. Instead, the system must verify anything and everything attempting to establish access.
“For years, both public and private sector organizations managed
that came in or out, but that doesn’t work anymore,” said Matt Richbourg, a security solutions architect at CDW·G. “What really works is making sure
that anybody who wants access to data or resources can prove that they have the right to do so. Zero trust is about verifying everything.”
Meeting ambitious cybersecurity goals
In most cases, these new realities
and mandates mean agencies should consider taking a hard look at the cybersecurity defenses they have in place with fresh eyes. For example, some tools may have outlived their usefulness, while others might be too easily strong-armed by hackers. An analysis of the overall cybersecurity infrastructure might also reveal unacceptable lag times in detection, alert triage and threat correlation when today’s environment calls for lightning- fast data collection, analysis and action.
Before making any changes, the first step is figuring out what technology

   2   3   4   5   6