Zero trust and AI continue as top cyber priorities in second half of 2024

As 2024 passes its midpoint, federal agencies continue to make strides protecting our nation’s networks against ever-evolving, increasingly cunning cyber attackers and nation states. They’re doing this all while balancing technological progress and cyber protection, openness and security. 

It’s a monumental task, but by continuing to focus on modernization, zero trust implementation and automation, agencies will stand more than a fighting chance of successfully defending against this new breed of cybercriminal. 

The federal government faces more attacks on its systems and critical infrastructure than ever before. And more than that, they’ve gained immeasurable complexity. But by keeping technological pace with cybercriminals, agencies can operate from a much more confident cyber posture and deploy those same tools to thwart attacks.

Make the investment now

Modernization should be a big motivator for federal agencies in the second half of 2024 and beyond. It’s not always cheap or easy, but spending the money now will not only fortify networks in ways old tech never could, but it will also save countless dollars in maintenance and upkeep. 

Another benefit of modernization is that agencies can move from unwieldy single-vendor systems to customized, multi-vendor environments where best-in-class technologies work together. For cybersecurity, that means creating a system that automatically integrates other tool sets in the environment and wraps them into one platform. 

For example, by utilizing a cyber mesh architecture, agencies can enable security tools that normally run in silos to interoperate through several supportive layers, such as consolidated policy management, security intelligence and identity fabric. This kind of platform is necessary given how the traditional network perimeter has transformed into a diverse network of infrastructure including IoT devices, remote machines, cloud computing and edge devices.

As agencies modernize their systems, they also need modern strategies to protect them. That means utilizing plans and platforms like zero trust architecture that’s already been proven in the private sector to be vastly more effective than traditional network protection.

Zero trust reigns supreme

It’s no surprise that zero trust will continue to play a big part in federal cyber plans in the second half of 2024 and well beyond. Given the bevy of executive orders and guidance over the last two years, coupled with big investments planned by the Biden administration in 2025, every agency will have some part to play in implementing zero trust architecture in their organizations. 

President Biden’s 2025 budget request asks for nearly $13 billion in cybersecurity spending for both defense and civilian agencies — a bump of nearly 10% from last year’s request — and significant chunks are set aside for zero trust initiatives. Specifically, the FY 2025 budget requests $470 million for the Continuous Diagnostics and Mitigation (CDM) Program, which supports zero trust implementation through a dashboard that offers a detailed view of the cyber landscape across the whole federal government.

The Defense Department overall has been a has been a leader in demonstrating how to implement zero trust strategies. While the Pentagon is certainly ahead of the curve — with agencies like the Defense Information Systems Agency taking truly innovative approaches — many DoD components are still in the early stages of their journeys. But much like any great technology shift, every step counts. 

Those still in the nascent stages of their march to implementation should start with tasks like creating an inventory of users and devices and defining risk tolerance. These foundational actions will set up agencies for success in meeting the DoD’s 2027 deadline.

As agencies step into the next chapter of their journeys, they should be thinking about advanced technologies that will take their cyber protections to the next level. That’s where artificial intelligence and machine learning come in.

Automate to survive

AI has become a double-edged sword. While it’s enabled even low-level hackers with the ability to set their sights on big targets, the technology is also our best chance at defending against those threats. 

AI has been baked into many of the Biden administration’s cyber orders and guidance. 

In the described strategic objectives of the 2023 National Cyber Strategy, the administration called for expanding federal research and development efforts around the use of AI for cybersecurity. Last August, the White House launched a two-year competition to figure out ways to find and fix vulnerabilities in an automated and scalable way.

This means agencies that haven’t begun to integrate AI into their cyber strategies need to start. Luckily, the federal government produces a wellspring of data, which is the most essential component to properly implementing automation into cyber practices. 

For example, the cybersecurity mesh architectures mentioned above have the side benefit of generating a lot of cross-agency data. Government cyber teams can use this data to train AI to understand the difference between normal behavior and potentially malicious behavior. This can be used to power the automation of rote tasks like identifying anomalies and executing predetermined responses, freeing analysts to do more satisfying and impactful work.

The second half of 2024 — and likely much of 2025 — will see a similar drumbeat to the one we’ve seen over the last couple years — a march toward more secure networks using modernized technology, zero trust strategies and AI-powered platforms. Every agency is at a different stage in their missions, but no step forward is too small. 

Steve Hoffman is president of Fortinet Federal.

Copyright © 2024 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.