Government Agencies Make Progress Implementing Zero Trust

November 23, 2020 by Kate Michael
Government Agencies Make Progress Implementing Zero Trust

WASHINGTON — Zero Trust is an approach to the design and implementation of internet technology networks. This security concept developed out of the belief that organizations should not trust anything — either outside or inside — its perimeter. Therefore, everything must be verified before being granted access to the system. 

Zero Trust relies on various existing technologies, including multi-factor authentication, orchestration, analytics, encryption, and scoring and file system permissions to stop data breaches and ensure a secure network. 

The Federal News Network convened a panel of Federal IT practitioners to find out how agencies are implementing strategies and initiatives around Zero Trust particularly in the complex operating environment that emerged due to the pandemic.

“We might, without COVID, still just be talking about Zero Trust as a construct,” said Christopher Cleary, chief information security officer for the Department of the Navy. “Now, we’ve not only embraced [Zero Trust], we’re now directed [to use it]. 


“One of the things we found almost immediately was our capacity through VPNs just to try and keep everybody teleworking at home… we choked on it very quickly,” said Cleary. So in an attempt to introduce more capacity, the Navy created a commercial virtual response (CVR) environment to allow people to connect directly through their devices, whether government furnished equipment or personal equipment, from wherever they are without going through any security stacks. 

“From a chief information security officer, you’re focusing on that risk reduction and… implementing security. In the CTO office, we’re trying to understand how Zero Trust fits into all of the IT goals that the CIO wants to do,” said Brian Campo, acting chief technology officer at the Department of Homeland Security. “Part of [Zero Trust] is a mission, part is just optimization. We’ve tried to increase capability as we reduce risk, and we [also] knew VPNs would be difficult in the age of COVID.” 

Even before moving to telework, the Department of Homeland Security and U.S. Customs and Border Protection were already moving things to the cloud, which made the transition to Zero Trust that much easier. 


“[You used to have your] inside, trusted network… and everything on that network was trusted equally,” said Alma Cole, chief information security officer at U.S. Customs and Border Protection. “And you have issues there with your weakest link. And we’re getting rid of that paradigm to where now it’s just the one unit that’s linking in, accessing exactly what it needs to do. And if there’s a breach, it limits the damage that could be done.”

“What we demonstrated was that we could really establish a very secure, almost overly secure environment… [where we] could almost monitor every keystroke,” said Cleary.

Private partners, like Verizon, Okta, and Fortinet are helping these government agencies enable the right access, to the right people, in the right context, while evaluating those permissions continuously. These partners are providing Zero Trust products and services that can be integrated into both wire lines and wireless networks. 

“While federal facilities are very secure, the weak link is all of those little companies that supply you,” said Junaid Islam, director of Public Sector for Verizon. “As we look long term at how people are going to work… work from home or distributed working is here to stay,” so these partners work with agencies to implement their entire security stack with strong identity checks and cryptographic controls. Because ultimately, identity management is the key element of Zero Trust architecture.”

“As challenging as it can be for Federal partners to do Zero Trust [at the agency level], it’s harder in an international or global environment,” added Jim Richberg, field chief information security officer at Fortinet. Yet agencies are working to use their Zero Trust architecture to make Cloud infrastructure behave as needed.


“In addition to the heightened security requirements that we have, now we’re also really trying to build common operational pictures across all of the various mission sets that we have,” said Cole. At USCBP and elsewhere, he’s looking for Zero Trust to enable offices to receive the information they need anywhere, anytime; maintain intelligence about everything going on in the network; and automate so that “we’re not chasing down problems, systems, or users, to deal with breaches or other issues.” 

“When you look through the breadth of what the Navy is [required] to do, [we try to] balance enterprise services with warfighting functions,” said Cleary. “It’s going to change the way we work. Reduction of physical facilities is flattening the network… We can have workers anywhere on the planet and won’t need legacy architecture. That’s big for us.” 

A+
a-

In The News

Health

Voting

Cybersecurity

September 16, 2022
by Dan McCue
FEC Clears Path for Warren to Spend Campaign Funds on Cybersecurity

WASHINGTON — Sen. Elizabeth Warren, D-Mass., can use campaign funds to pay for the cost of reasonable cybersecurity measures to... Read More

WASHINGTON — Sen. Elizabeth Warren, D-Mass., can use campaign funds to pay for the cost of reasonable cybersecurity measures to protect her home network, the Federal Election Commission announced on Friday. The decision came in response to an advisory opinion request on behalf of Warren Democrats... Read More

September 9, 2022
by Madeline Hughes
CISA Looking to Change Cybercrime Reporting Rules

WASHINGTON — As cybercrimes are on the rise, the Cybersecurity and Infrastructure Security Agency is asking people, businesses and other... Read More

WASHINGTON — As cybercrimes are on the rise, the Cybersecurity and Infrastructure Security Agency is asking people, businesses and other organizations for feedback on what its new reporting rules should look like. The agency released the eight-page request for information Friday asking people how the agency... Read More

July 13, 2022
by Madeline Hughes
Atlantic Council Offers New Approach to Cybersecurity  

WASHINGTON — The Atlantic Council outlined Tuesday how the U.S. government and businesses can work together to protect the nation’s... Read More

WASHINGTON — The Atlantic Council outlined Tuesday how the U.S. government and businesses can work together to protect the nation’s power grid from cyberattacks. The United States’ power grid is increasingly reliant on digital technology and the internet. This is especially true as the country moves... Read More

July 6, 2022
by Reece Nations
National Computer Forensics Institute Reauthorization Critical to Security

HOOVER, Ala. — As the National Computer Forensics Institute comes up for congressional reauthorization, forensics and cybersecurity experts told The... Read More

HOOVER, Ala. — As the National Computer Forensics Institute comes up for congressional reauthorization, forensics and cybersecurity experts told The Well News how the institute’s standardized curriculum is critical to contemporary law enforcement activities. Having a centralized hub for preparing police for handling incidents related to... Read More

May 18, 2022
by Dan McCue
Federal Agencies Told to Act Quickly to Turn Back Cyberthreat

WASHINGTON — The entity charged with protecting federal agencies from bad cyber actors issued a rare emergency directive Thursday, warning... Read More

WASHINGTON — The entity charged with protecting federal agencies from bad cyber actors issued a rare emergency directive Thursday, warning they should quickly take steps to protect themselves from vulnerabilities found in VMware. VMware is a cloud computing and virtualization technology company headquartered in Palo Alto,... Read More

May 6, 2022
by Madeline Hughes
Cybercrime Tracking Bill Signed Into Law

WASHINGTON — The Department of Justice can now get a handle on the number of cybercrimes happening in the U.S.... Read More

WASHINGTON — The Department of Justice can now get a handle on the number of cybercrimes happening in the U.S. after President Joe Biden signed a bill into law Thursday granting the department the ability to track crimes that have become increasingly prevalent in recent years.... Read More

News From The Well
scroll top