White House Releases Zero Trust Strategy for Federal Government
The White House has unveiled its strategy to embed a zero trust approach to cybersecurity across the federal government.
The memorandum, published by the Office of Management and Budget (OMB), sets out a series of specific security goals for agencies to establish a ‘never trusted, always verified’ model. This includes introducing stronger enterprise identity and access controls, such as multi-factor authentication (MFA). It also wants federal agencies to have a complete inventory of every device it operates and authorizes for government use and encrypt all DNS requests and HTTP traffic within their environment.
The strategy represents a key component of delivering President Joe Biden’s Executive Order last year, which mandated a drive to secure cloud services and zero trust across federal government departments and their suppliers.
Federal agencies must incorporate the additional requirements identified in the new memorandum into their plans to develop zero trust architecture within 60 days. In addition, they need to designate and identify a zero trust strategy implementation lead for their organization.
The latest requirements were developed in response to increasingly sophisticated cyber-attacks, including the Log4j vulnerability. The OMB said such incidents have demonstrated that the federal government can no longer depend on conventional perimeter-based defenses to protect critical systems and data.
Federal chief information officer Clare Martorana commented: “Security is the cornerstone of our efforts to build exceptional digital experiences for the American public.
“Federal agency CIOs and IT leadership are leaning into this challenge, and the zero trust strategy provides a clear roadmap for deploying technology that is secure by design and responsive to the needs of our workforce so they can better deliver for the American public.”
Responding to the memorandum, Vats Srivatsan COO of ColorTokens, pondered whether the UK will take a similar approach to mandating zero trust principles across the government. “This week the United States took a proactive step towards safeguarding the nation with resilient security. Government-wide zero trust mission completion will be a journey, and the path has been laid out in a set of goals and implementation efforts outlined in the OMB’s strategy. This undoubtedly sets a precedent for other countries and is a well laid-out model of implementation that the UK can and should borrow from.
“Zero trust is widely recognized as a highly effective, long-term approach to breach resilience; however, zero trust architecture can’t be achieved overnight. The sooner any institution embarks on a zero trust journey to modernize its cyber-defenses, the sooner zero trust maturity and breach resilience can be achieved. Boris Johnson is known to keep his eye on modern technology, so it is a surprise that the UK appears to be kicking the zero trust can down the road. That being said, the UK frequently follows suit on US policy, oftentimes with some initial hesitation. If the UK plans to stay ahead of the threat environment, it will certainly want to follow the US’s lead.”
Earlier this week, the UK government announced a new cybersecurity strategy designed to protect essential public sector services from being shut down by hostile actors.
More Stories
Indian Fishermen Are Catching Less Squid
Fishermen in Tamil Nadu are reporting smaller catches of squid. Blog moderation policy. Read More
More on My AI and Democracy Book
In July, I wrote about my new book project on AI and democracy, to be published by MIT Press in...
NHS England Warns of Critical Veeam Vulnerability Under Active Exploitation
NHS England has issued an alert regarding a critical Veeam Backup & Replication vulnerability that is being actively exploited, potentially...
US Border Agency Under Fire for App’s Handling of Personal Data
Access Now announced that the US Customs and Border Protection agency released records on its app following the NGO’s lawsuit...
IronNet Has Shut Down
After retiring in 2014 from an uncharacteristically long tenure running the NSA (and US CyberCommand), Keith Alexander founded a cybersecurity...
Sonatype Reports 156% Increase in OSS Malicious Packages
A new Sonatype report reveals a 156% surge in open source malware, with over 704,102 malicious packages identified since 2019,...