Almost two months after President Joe Biden signed his executive order on cybersecurity implementing several sprints for agencies to strengthen their security posture, the Cybersecurity and Infrastructure Security Agency says a long-term vision for the adoption of zero trust between agencies is being focused.
Matt Hartman, CISA deputy executive assistant director for cybersecurity, said the cybersecurity executive order focuses on short-term sprints, but will result in strategies and roadmaps that will give cyber policy momentum in the rest of the Biden administration.
For example, he said the entire federal government should be able to make “significant progress” in implementing zero trust over the next three years.
“The administration fully recognizes that many of the fundamental issues that are addressed will only be resolved over time – literally years of focus and continued investment. It is my feeling, that as we come to the end of the 90 day EO calendar, we will have many lasting plans with additional milestones that the White House, OMB, CISA and others will continue to work on. lead over the next several years, for the duration of this administration, ”Hartman said last Wednesday, the Homeland Security and Law Enforcement Forum of the United States Council for Technology and Industry.
CISA, as part of the cyber executive decree Biden signed in May, implemented a zero trust maturity model that focuses on the five essential pillars for agencies – identity, device, network, application workload. and data.
Hartman said the transition to zero trust will partly hinge on agencies adopting automation solutions such as continuous validation and real-time machine learning analytics.
“As agencies move to optimal zero-trust implementations, their solutions will become more automated, they will integrate fully across the pillars, and they will become more dynamic in their policy enforcement decisions,” he said. -he declares.
But with more than 100 civilian agencies of varying sizes and maturity levels, Hartman said the executive order eschews a one-size-fits-all approach to moving to zero trust.
“For a lot of agencies, success will come down to starting small, not trying to boil the ocean all at once, staying nimble. Everyone to be successful here will need a top level champion, someone who is committed to overcoming obstacles and ensuring clear communications at all levels, ”he said.
Karl Mathias, chief information officer of the Marshals Service, said his agency and the rest of the Justice Department began to move towards zero trust long before the administration’s decree to better secure its operating environment. multi-cloud.
“The basic problem is that we’ve always been very network-focused on our security, so once you can penetrate the boundaries of the network, you tend to be able to move around. We like the idea that instead of depending on that network limit as your only defense, you go more to the application level, and you have this broker out there that says, “OK, I’m going to find out who you are. , and then I’ll make some decisions on where you’re from, and I’ll give you a score. And based on that score, we’ll decide whether you can access this app or not, ”Mathias said.
Later this month, agencies are due to submit plans to the OMB outlining how they plan to implement zero trust as a security infrastructure.
Meanwhile, the OE is asking the OMB and CISA, in collaboration with the General Services Administration and the Federal Risk Authorization and Management Program (FedRAMP), to develop a federal cloud security strategy focused on accelerating adoption of zero trust.
Iranga Kahangama, director of the National Security Council for Cyber Incident Response, said the White House drafted the executive order in “direct response” to breach events such as the Solarwinds and Microsoft Exchange compromises.
“We have literally taken the hardships we have had as a federal government, trying to unbox and understand these incidents and really looking to lower the barrier in terms of information sharing, intelligence gathering and global detection. All of these lessons learned were applied very directly to this, ”Kahangama said.
CISA, under the executive order, recently submitted its recommendations for implementing enterprise-wide endpoint detection and response capabilities.
Hartman said CISA in the fourth quarter of fiscal 2021 is focused on purchasing capacity for agencies related to identity and access management. Deploy these capabilities via CDM and continue to work on an improved version of EINSTEIN One, which will provide a richer set of threat indicators.
“Speed up some of these capabilities through CDM, which could have been useful in helping agencies detect accounts created that were not created by users in an appropriate manner,” Hartman said, referring to the detection of the breach. by SolarWinds.
Amid a growing array of cyber threats, Hartman said the CISA is well positioned to use its newfound authority to hunt down threats on agency networks. Congress authorized this capability in the National Defense Authorization Act last year.
“It’s CISA’s job and our responsibility to be able to bridge the gap between sectors and prevent threats from reaching their goals, or at least minimize the impact associated with those threats. So without the ability to detect threats at the host level, we just can’t do our jobs effectively, ”Hartman said.