Government Agencies Make Progress Implementing Zero Trust

November 23, 2020 by Kate Michael
Government Agencies Make Progress Implementing Zero Trust

WASHINGTON — Zero Trust is an approach to the design and implementation of internet technology networks. This security concept developed out of the belief that organizations should not trust anything — either outside or inside — its perimeter. Therefore, everything must be verified before being granted access to the system. 

Zero Trust relies on various existing technologies, including multi-factor authentication, orchestration, analytics, encryption, and scoring and file system permissions to stop data breaches and ensure a secure network. 

The Federal News Network convened a panel of Federal IT practitioners to find out how agencies are implementing strategies and initiatives around Zero Trust particularly in the complex operating environment that emerged due to the pandemic.

“We might, without COVID, still just be talking about Zero Trust as a construct,” said Christopher Cleary, chief information security officer for the Department of the Navy. “Now, we’ve not only embraced [Zero Trust], we’re now directed [to use it]. 

“One of the things we found almost immediately was our capacity through VPNs just to try and keep everybody teleworking at home… we choked on it very quickly,” said Cleary. So in an attempt to introduce more capacity, the Navy created a commercial virtual response (CVR) environment to allow people to connect directly through their devices, whether government furnished equipment or personal equipment, from wherever they are without going through any security stacks. 

“From a chief information security officer, you’re focusing on that risk reduction and… implementing security. In the CTO office, we’re trying to understand how Zero Trust fits into all of the IT goals that the CIO wants to do,” said Brian Campo, acting chief technology officer at the Department of Homeland Security. “Part of [Zero Trust] is a mission, part is just optimization. We’ve tried to increase capability as we reduce risk, and we [also] knew VPNs would be difficult in the age of COVID.” 

Even before moving to telework, the Department of Homeland Security and U.S. Customs and Border Protection were already moving things to the cloud, which made the transition to Zero Trust that much easier. 

“[You used to have your] inside, trusted network… and everything on that network was trusted equally,” said Alma Cole, chief information security officer at U.S. Customs and Border Protection. “And you have issues there with your weakest link. And we’re getting rid of that paradigm to where now it’s just the one unit that’s linking in, accessing exactly what it needs to do. And if there’s a breach, it limits the damage that could be done.”

“What we demonstrated was that we could really establish a very secure, almost overly secure environment… [where we] could almost monitor every keystroke,” said Cleary.

Private partners, like Verizon, Okta, and Fortinet are helping these government agencies enable the right access, to the right people, in the right context, while evaluating those permissions continuously. These partners are providing Zero Trust products and services that can be integrated into both wire lines and wireless networks. 

“While federal facilities are very secure, the weak link is all of those little companies that supply you,” said Junaid Islam, director of Public Sector for Verizon. “As we look long term at how people are going to work… work from home or distributed working is here to stay,” so these partners work with agencies to implement their entire security stack with strong identity checks and cryptographic controls. Because ultimately, identity management is the key element of Zero Trust architecture.”

“As challenging as it can be for Federal partners to do Zero Trust [at the agency level], it’s harder in an international or global environment,” added Jim Richberg, field chief information security officer at Fortinet. Yet agencies are working to use their Zero Trust architecture to make Cloud infrastructure behave as needed.

“In addition to the heightened security requirements that we have, now we’re also really trying to build common operational pictures across all of the various mission sets that we have,” said Cole. At USCBP and elsewhere, he’s looking for Zero Trust to enable offices to receive the information they need anywhere, anytime; maintain intelligence about everything going on in the network; and automate so that “we’re not chasing down problems, systems, or users, to deal with breaches or other issues.” 

“When you look through the breadth of what the Navy is [required] to do, [we try to] balance enterprise services with warfighting functions,” said Cleary. “It’s going to change the way we work. Reduction of physical facilities is flattening the network… We can have workers anywhere on the planet and won’t need legacy architecture. That’s big for us.” 

A+
a-
  • cybersecurity
  • federal government
  • IT
  • zero trust
  • In The News

    Health

    Voting

    Cybersecurity

    Americans Reporting Nationwide Cellular Outages From AT&T, Cricket Wireless and Others

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according... Read More

    A number of Americans are dealing with cellular outages on AT&T, Cricket Wireless, Verizon, T-Mobile and other service providers, according to data from Downdetector. AT&T had more than 73,000 outages around 9:30 a.m. ET, in locations including Houston, Atlanta and Chicago. The outages began at approximately... Read More

    States and Congress Wrestle With Cybersecurity at Water Utilities Amid Renewed Federal Warnings

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international... Read More

    HARRISBURG, Pa. (AP) — The tiny Aliquippa water authority in western Pennsylvania was perhaps the least-suspecting victim of an international cyberattack. It had never had outside help in protecting its systems from a cyberattack, either at its existing plant that dates to the 1930s or the... Read More

    December 6, 2023
    by Dan McCue
    HHS Unveils Next Steps to Enhance Cybersecurity of Health Care Records

    WASHINGTON — The bad guys in cyberspace want your health care records.  Between 2018 and 2022, there was a 93%... Read More

    WASHINGTON — The bad guys in cyberspace want your health care records.  Between 2018 and 2022, there was a 93% increase in large breaches in the health care sector, with a 278% increase in large breaches involving ransomware, according to the Department of Health and Human... Read More

    Insider Q&A: Pentagon AI Chief on Network-Centric Warfare, Generative AI Challenges

    The Pentagon's chief digital and artificial intelligence offer, Craig Martell, is alarmed by the potential for generative artificial intelligence systems... Read More

    The Pentagon's chief digital and artificial intelligence offer, Craig Martell, is alarmed by the potential for generative artificial intelligence systems like ChatGPT to deceive and sow disinformation. His talk on the technology at the DefCon hacker convention in August was a huge hit. But he's anything... Read More

    October 31, 2023
    by Tom Ramstack
    US Workforce Unprepared for AI, Technology Experts Tell Senate

    WASHINGTON — President Joe Biden’s executive order Monday setting regulatory standards for artificial intelligence prompted witnesses at a Senate hearing... Read More

    WASHINGTON — President Joe Biden’s executive order Monday setting regulatory standards for artificial intelligence prompted witnesses at a Senate hearing Tuesday to say it is only a first step in a process likely to transform American workplaces. “Artificial intelligence will not only disrupt lives, it will... Read More

    July 18, 2023
    by Tom Ramstack
    Congress Told AI Holds Great Risks and Benefits for US Military

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it... Read More

    WASHINGTON — Artificial intelligence experts warned Tuesday during a congressional hearing of ominous dangers for the United States if it falls behind in developing the technology but a bright future by taking the lead. One of the greatest risks would be defending against a foreign enemy... Read More

    News From The Well
    scroll top