The Korea Internet and Security Agency monitors cyber attacks. – Image: © AFP
The Biden administration is releasing for public comment a draft of its strategy for implementing “zero trust” principles in federal networks. The U.S. government sees zero-trust networks as key to its overhaul of decades-old network security, and its new strategy will require a series of actions to lock down software applications, limit user access to data, and protect network traffic from prying eyes.
What does this approach mean for businesses and consumers? James Carder, director of security at LogRhythm, addressed the issue for Digital newspaper.
Carder begins by examining the general context of the White House’s approach: “This year has been a hotbed for hacks and cybersecurity breaches. Criminal organizations and threatening nation-state actors continue to escalate attacks on our government and critical infrastructure entities, as we have seen with the Colonial Pipeline Attack, Solarwinds, JBS, and the attacks on California and Florida water supply systems.
Therefore, the US government’s response is understandable: “This call for public comment follows the Biden administration’s executive order in May that called for direction to federal government agencies to develop a plan to move towards a Zero Trust architecture. “
In a sense, Carder says, this represents a paradigm shift: “While agencies are still defining a more technical and specific implementation process, this is a huge step in modernizing government security defenses. America and the outreach of all federal, state and local agencies. organizations to make safety a top priority.
So what does the approach involve? Carder provides a working definition: “Zero Trust is based on the concept that threats exist inside – as well as outside – network boundaries. A zero trust security model asks whether users and devices can be trusted based on their location on the network.
Carder expands on the benefits: “Zero Trust integrates comprehensive security monitoring in a coordinated fashion across the infrastructure to specifically focus on protecting critical assets and data in real time. This data-centric security model assumes that the concept of least privileged access should be applied for every access decision, where answers to the questions of who, what, when, where and how are needed to allow or deny the access. ‘access. Government entities that adopt a zero trust security model in their infrastructures will protect resources and minimize data breaches when they occur.
Carder adds to the benefits: “A Zero Trust architecture is an ideal way to thwart attacks on federal agencies and critical infrastructure by making them less like fruit at hand. However, as with everything, implementing a zero trust architecture takes time, investment and can initially disrupt these organizations. The Cybersecurity and Infrastructure Security Agency is releasing a maturity model this week that provides a roadmap for federal agencies. A Zero Trust architecture can be applicable to federal agencies, critical infrastructures and the supply chains that support them. “
According to Carder, the actions taken by the US government should be supported: “The Biden administration has already taken steps to combat cybercrime by allocating funds to secure and improve government technology and security, and the latter calls for Comments on its Zero Trust strategy show that the federal government is extremely serious about ensuring that national security is preserved. We will continue to see a push from the US government to create new regulations and strategies that protect our government entities and the general public. “