Routinely, data breaches demonstrate the pitfalls of relying on detection to identify malicious activities taking place on a network. Federal cyber experts discussed the importance of prevention over detection to combat cyber threats and how zero trust can enhance cyber solutions on Oct 28 at an event hosted by FCW.
Federal cybersecurity solutions are modernizing rapidly due to the evolving nature of the types and scale of threats. Implementing a zero trust framework is integral to improving cyber resiliency within any agency, Army Cybersecurity Director and Chief Information Security Officer (CISO) Major General Matthew Easley said today.
The White House’s Executive Order (EO) on Improving the Nation’s Cybersecurity has made every federal agency evaluate its current posture and identify short and long-term tasks to improve cyber resilience. One of those tasks is to adopt and advance toward a zero trust architecture.
“We need a zero trust framework because IT is changing dramatically,” Easley said. Especially because with a large percentage of the workforce in non-traditional places, agencies have witnessed critical vulnerabilities not just at the network or operating system level but in common office applications.
“[We need] to implement the zero trust framework to make prevention and detection stronger and more cost-effective,” he said.
Easley added that implementing a zero trust architecture provides the foundation of inherent distrust to build secure trust.
“Zero trust is a paradigm used to bring these scores of cyber solutions [like prevention and detection] to our framework that allows our leaders and decision-makers to make good cyber decisions,” he said. Therefore, advancing zero trust architectures have no end date; this is a continuous journey, he added.
Communication and Partnerships
Federal cybersecurity experts explained that agencies must communicate and work together to improve cyber resilience to learn what is working for U.S. cybersecurity efforts and what needs improvement.
For the Department of Defense (DoD), a key part of the cyber efforts is approaching cyber solutions and policies from a holistic approach, implementing widespread practices across the board. But for these cyber practices to work, there needs to be clear communication and partnerships in any agency, Sudha Vyas, chief cybersecurity architect for the OCIO at DoD, said at the event.
“This is especially important because you want to make sure the pendulum is moving in the right direction. This has to be a collaboration across many different domains,” Vyas said, emphasizing that this is not a journey that can be taken alone. “The only way to successfully advance is making sure these solutions are being implemented appropriately and work, and that can only be accomplished through proper communication in your agency.”
Terry Mitchell, the principal cyber advisor for the Office of the Under Secretary of the Army, agreed with Vyas added that cyber threats have gotten too big and too persistent for any one agency to deal with on its own.
“We have ideas for solutions, but we need to put them in the right place, and at the right time; this means we need to communicate not just with the other services but with other Federal players ad industry as well,” Mitchell said.