The Office of Management and Budget released a new federal zero trust strategy that requires government agencies to meet robust cybersecurity standards and aims to reinforce federal defense capabilities against a rising number of threats on critical government infrastructure and operations.
OMB’s strategy, released via memorandum on Jan. 26, builds on President Biden’s May 2021 executive order on improving the nation’s cybersecurity, which called upon federal agencies to ramp up security measures in response to the major Colonial Pipeline ransomware attack.
“We are not waiting to respond to the next cyber breach,” commented National Cyber Director Chris Inglis, a 2022 Wash100 Award winner. “Rather, this Administration is continuing to reduce the risk to our nation by taking proactive steps towards a more resilient society,” he added, calling the strategy a major step in building up the government’s cyber defenses.
The zero trust model assumes that no actor, system, network or service – not even within an organization’s security perimeter – can be trusted. The principle requires more stringent verification for anything and everything attempting to establish access to organizational systems.
Citing the Department of Defense’s Zero Trust Reference Architecture, the memo described the zero trust principle as a drastically transformational yet necessary change for the future of national security.
“It is a dramatic paradigm shift in philosophy of how we secure our infrastructure, networks, and data, from verify once at the perimeter to continual verification of each user, device, application, and transaction,” the memo quoted from the Defense Department document.
Federal agencies are targeting identity and access control strategies like multi-factor authentication to prevent malicious actors from performing account takeovers, stealing data or launching cyber attacks.
“People need to understand how their systems work, what connects to the internet, what vectors exist, where you’re doing mitigation efforts at your perimeter,” said Robert Costello, chief information officer for the Cybersecurity and Infrastructure Security Agency. “We absolutely encourage everyone to start moving to a zero trust model.”
If you’re interested in learning more about zero trust and cybersecurity, join GovCon Wire Events’ Information Security and Innovation Forum on Feb. 23.
CISA’s Robert Costello is slated to keynote the timely event and will provide attendees with an exclusive look into how his agency is working to deploy advanced technology to address cybercrime and fortify the digital landscapes of critical government agencies
Click here to register for the Feb. 23 Information Security and Innovation Forum hosted by GovCon Wire Events.