Zero trust has become an important tool in federal cyber plans, with the Biden Administration showcasing zero trust as one of the lynchpins of 2023 National Cyber Strategy. Out of this has come a bevy of implementation strategies from individual agencies, none of which really get to the heart of the cyber challenges around zero trust implementation and the federal threat landscape, overall.
Cyber defense is not a line in the sand. The threats are constantly evolving. Because of that, federal zero trust plans need to ensure that agencies, experts and professionals in both the private and public sector are consistently aware of these threats and how they’re behaving.
Understanding the threat terrain
Organizations should prioritize creating cybersecurity strategies in collaboration with national partners with similar missions, ensuring a comprehensive approach and common vision on what the threat landscape looks like. A lack of knowledge on the terrain will impact security measures, leaving federal cyber defenders stranded like soldiers entering battle with no understanding of their environment.
As agencies build out their zero trust plans they need insights and case studies on threat terrain right now that include actual threat modeling to go in tandem with guidelines. The priority should be to show agencies the value of gaining visibility of the terrain they’ve jumped into in the past 20 years. This will not only make the strategy helpful for a broader range of agencies, but also give a snapshot of the threat landscape at any given time so they can see how it is evolving.
None of this guidance will work without use cases that show agencies the nuances of implementing certain technologies, strategies and platforms.
A good example for compiling information to form your strategy would be utilizing the National Security Telecommunications Advisory Committee (NSTAC) and the National Security Agency (NSA) plans. They provide guidelines for practical actions like micro and macro segmentation. This is incredibly useful, especially for agencies and other organizations that don’t have the resources to create their own guidance. These documents provide detailed strategic guidance on policy frameworks, interagency coordination, technical implementation and best practices.
Agencies can utilize them immediately to help in three areas:
Policy integration and alignment: Structure policies around principle zero trust-defined areas, mapping governance to these areas for long-term visibility and management.
Partnerships for implementation: Frame where your boundaries are and ensure that partners are of like mind when implementing strategy. Your defenses need to connect.
Continuous improvement and adaptation: Once these bonds are identified, maintain visibility. Constant evolution is necessary and should be the nature of anyone supporting information and communication technology (ICT). Know your terrain and consistently work with your partners to defend it.
Seasoning strategies to taste
While entities like the departments of Defense and Homeland Security have established important use cases and strategies, other organizations should make sure they’re considering their own unique mission needs and objectives. Tying implementation of zero trust architecture to these goals is essential for aligning zero trust implementation with an agency’s existing strategies. A practical starting point for this is to evaluate how organizational missions align with those already equipped with detailed strategy and threat profiles.
This critical information — the assets, where they’re stored and the paths they may travel, the risk of exposure, how you defend and monitor them, and the actions you’ll take upon authorized and non-authorized exposure — can make the difference in the event of an attack. New threats are always identified, and you don’t want to redo this effort under fire.
Zero trust will continue to be a centerpiece of federal cyber strategies across government, and rightfully so. When implemented correctly it can make a huge impact on federal security. But to ensure success, agencies need to develop strategies that center around situational awareness and actionable strategies. The threat landscape is only getting more and more complex with malicious actors and nation states utilizing incredibly innovative tools in an attempt to infiltrate government networks. Proper zero trust implementation is essential to combatting this constantly evolving frontier.
Will Smith is director of business expansion and solutions design at RELI Group.
Federal zero trust implementation hinges on actionable strategies
Zero trust will continue to be a centerpiece of federal cyber strategies across government, and rightfully so.
Zero trust has become an important tool in federal cyber plans, with the Biden Administration showcasing zero trust as one of the lynchpins of 2023 National Cyber Strategy. Out of this has come a bevy of implementation strategies from individual agencies, none of which really get to the heart of the cyber challenges around zero trust implementation and the federal threat landscape, overall.
Cyber defense is not a line in the sand. The threats are constantly evolving. Because of that, federal zero trust plans need to ensure that agencies, experts and professionals in both the private and public sector are consistently aware of these threats and how they’re behaving.
Understanding the threat terrain
Organizations should prioritize creating cybersecurity strategies in collaboration with national partners with similar missions, ensuring a comprehensive approach and common vision on what the threat landscape looks like. A lack of knowledge on the terrain will impact security measures, leaving federal cyber defenders stranded like soldiers entering battle with no understanding of their environment.
As agencies build out their zero trust plans they need insights and case studies on threat terrain right now that include actual threat modeling to go in tandem with guidelines. The priority should be to show agencies the value of gaining visibility of the terrain they’ve jumped into in the past 20 years. This will not only make the strategy helpful for a broader range of agencies, but also give a snapshot of the threat landscape at any given time so they can see how it is evolving.
Discover how agencies ensure end-to-end security of software development in our new ebook, sponsored by Synack.
Actionable guidance
None of this guidance will work without use cases that show agencies the nuances of implementing certain technologies, strategies and platforms.
A good example for compiling information to form your strategy would be utilizing the National Security Telecommunications Advisory Committee (NSTAC) and the National Security Agency (NSA) plans. They provide guidelines for practical actions like micro and macro segmentation. This is incredibly useful, especially for agencies and other organizations that don’t have the resources to create their own guidance. These documents provide detailed strategic guidance on policy frameworks, interagency coordination, technical implementation and best practices.
Agencies can utilize them immediately to help in three areas:
Seasoning strategies to taste
While entities like the departments of Defense and Homeland Security have established important use cases and strategies, other organizations should make sure they’re considering their own unique mission needs and objectives. Tying implementation of zero trust architecture to these goals is essential for aligning zero trust implementation with an agency’s existing strategies. A practical starting point for this is to evaluate how organizational missions align with those already equipped with detailed strategy and threat profiles.
This critical information — the assets, where they’re stored and the paths they may travel, the risk of exposure, how you defend and monitor them, and the actions you’ll take upon authorized and non-authorized exposure — can make the difference in the event of an attack. New threats are always identified, and you don’t want to redo this effort under fire.
Zero trust will continue to be a centerpiece of federal cyber strategies across government, and rightfully so. When implemented correctly it can make a huge impact on federal security. But to ensure success, agencies need to develop strategies that center around situational awareness and actionable strategies. The threat landscape is only getting more and more complex with malicious actors and nation states utilizing incredibly innovative tools in an attempt to infiltrate government networks. Proper zero trust implementation is essential to combatting this constantly evolving frontier.
Will Smith is director of business expansion and solutions design at RELI Group.
Read more: Commentary
Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
Related Stories
Energy Dept advisor studying intersection of OT and zero trust
A zero-trust approach to space cybersecurity could be the answer
The open standard that is unlocking zero trust collaboration with allies