The US Department of Defense will be investing more into cybersecurity measures with the opening of its new Zero Trust office next month. David McKeown, Pentagon CISO, said that the office will report to the CIO until a senior executive is named.
SolarWinds campaign speeds up Zero Trust Office
With leadership buy-in, the authorities adopted the Zero Trust, leading to the opening of the new facility. This decision is partly a response to the SolarWinds campaign in which Russian spies compromised nine federal government departments.
McKeown explained that the agency fought to solve this problem faster. Thus, the management will “rationalize all network environments out there.” Also, it will “prioritize and set each one of them on a path of Zero Trust over the coming five, six, seven years,” he explained.
The White House issued an executive order in May. This requires agencies provide a plan for Zero Trust architecture within 60 days. The plan should come with best practice migration steps from NIST. Also it should mention the steps that the agencies took. Moreover, the plan would have to identify activities that will have the most immediate security impact. Of course, there should also be a schedule for these.
Network segmentation would be the key
In the face of growing cybersecurity threats, companies must adopt a Zero Trust approach to their networks. This way, once an attack has been detected, the intruder cannot move laterally through the network undetected. Felipe Duarte, senior researcher at Appgate, said that there is only one chance to detect intruders. This would be “by segmenting the networks and assuming all connections can be compromised.
He also added that authorities should implement the Zero Trust “in the core infrastructure.” Thus, they can profile any device that would try to connect in the network. Also, a key measure would be multi-factor authentication. Thus, the potential attackers could not compromise credentials. Moreover, they should segment networks and provide access only to what each user or system has to do.