To maximize cybersecurity dollars, lean on Zero Trust

To maximize cybersecurity dollars, lean on Zero Trust


Since I left government in late 2019, there has been a world of change that I could not have foreseen.

COVID literally rewrote how business was done. As individuals moved from offices to homes or other places, endpoints proliferated, widening the attack surface.

Russia’s recent invasion of Ukraine catapulted cybersecurity to the forefront of public and private agendas. And the target of the attack has shifted from extortion and espionage to destruction. The invasion exposed the threat of cybersecurity and increased the commitment to ensure the security of networks and critical infrastructure.

There are examples that show how those who want to harm our nation are significantly increasing their willingness and ability to launch cyberattacks. The increasing intensity and sophistication of attacks on some of the largest US financial institutions show that cyberspace has blurred the lines between national power instruments.

Coordinated cyberattacks carried out by Russia as part of its strategy to invade Ukraine demonstrate the readiness of opposing state actors to engage in a cyber war against any target that is considered even potentially threatening. A sense of urgency to ensure that measures are taken to protect networks, including operating technology, is paramount. This should be at the top of the “To Do” list of any CIO and CISO.

As a result, the US government’s focus on cybersecurity has increased. In a March 2022 executive statement, President Joe Biden warned of Russia’s potential to engage in malicious cyber activities against the United States and encouraged the private sector to tighten its cyber defenses.

The Biden Administration has taken deliberate action to address these growing threats, including a focus on securing the electricity, oil / oil and water sectors. The Cybersecurity and Infrastructure Security Agency launched the “Shields Up” initiative, which offers recommendations to corporate leaders to thwart ransomware.

CISA’s Binding Operational Directive 22-01 provides a catalog of vulnerabilities that are being actively exploited in nature. In addition, the National Defense Authorization Act of 2022 instructed the Department of Defense to establish basic cybersecurity requirements that can be implemented for OT, emphasizing the need to toughen these devices against cyberattacks.

While at DoD and DHS, I saw Comply-to-Connect and Continuous Diagnostics and Mitigation as a way to enforce the principles of Zero Trust. Protecting access to data resources was a perpetual concern. What compelled me to think this way was the emphasis on C2C policy to assess the security stance of an end point. before granting any access to network resources and then continuously monitoring endpoint security. C2C is a core element of Zero Trust that ensures secure access to data.

C2C and CDM programs offer an opportunity to get out quickly by maximizing existing resources. For example, the DISA-funded C2C program offers the ability to discover, identify, and categorize the six endpoint categories defined by Cyber ​​Command. This includes platform information technology such as ICS, SCAD and medical devices. Leveraging C2C improves the cyber readiness of OT networks and devices, and the NDAA targets for fiscal year 22 can be achieved.

On the civilian side, leveraging existing tools acquired through CDM can help agencies achieve the goals outlined in the Zero Trust Executive Order.

The cyber domain will remain dynamic. Leveraging existing and marketed tools can make the difference more quickly and provide confidence to operational commanders and government leaders that networks and OTs are protected. After all, the availability of relevant information is key to the success of the mission.

Don’t assume confidence. Don’t fall prey to rogue gadgets. Reaching a zero-confidence architecture quickly is more important than ever. The implementation of C2C is a means available now to continuously identify and control access to all endpoints that connect to the network, enabling a complete zero-trust architecture.

John Zangardi is the CEO of Redhorse Corporation and a former CIO in the Department of Homeland Security and the Department of the Navy, and a former CIO in the Department of Defense.

More on Opinions
Closing the federal distance work gap
Bluescape’s John Greenstein describes the steps federal leaders can take to create a more equitable environment in the age of hybrid jobs.
Demilitarize civil cyber defense and you will get deterred
By constantly flexing the cyber muscles of the military to defend the homeland from incoming criminal cyber activity, the public demand for a broad federal response to illegal cyber activity is being met. However, over time, the potential adversary will understand the tactics, techniques, and procedures of our military’s cyber-offensive operations.



Source link

Related post

EDUCAUSE 2022: How Data Collection Can Improve Student and Faculty IT Support

EDUCAUSE 2022: How Data Collection Can Improve Student and…

At Indiana University, Gladdin said, to make life easier for students and faculty, they implemented a course template for the Canvas…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…
UGC, AICTE warn students against online PhD programmes offered by EdTech platforms | Latest News India

UGC, AICTE warn students against online PhD programmes offered…

The University Grants Commission (UGC) and the All India Council for Technical Education (AICTE) on Friday issued a joint advisory against…

Leave a Reply

Your email address will not be published.