The Keys to Implementing Zero Trust are People, Process, Tech
Partnerships with private sectors and user-centric frameworks are key to defending against cyber adversaries.
Agencies must holistically invest in a strategic model, like the “people, process, technology” framework when implementing asset management and zero-trust architecture to successfully defend against cyberthreats and enhance overall resilience, government leaders said during a FedInsider webinar.
“I always use the framework because change adoption and user acceptance are very important when cybersecurity fields are implementing a change,” said Bureau of Engraving and Printing (BEP) Acting Deputy Director and Chief Administrative Officer Harry Singh. “We’re in the process of implementing zero trust excellence, so as we deploy tools, it’s always going to be user-centric planning with feedback mechanisms.”
Singh said it’s imperative to educate users, instruct the impact of the change, gather feedback and embrace emerging challenges as opportunities instead of setbacks. He added that creating a situational awareness program will always result in positive output.
As agencies integrate cyber asset management practices, federal government partnerships with the private sector can be instrumental in establishing security standards for software development.
“It’s quite a challenge, but whether it’d be with public or private corporations, we must look at how we can all buy into the same policies and concepts to reduce risks,” said Government Accountability Officer CISO Mark Canter. “It’s a group effort and it goes into the ‘see something, say something’ slogan. As we move forward, everyone must understand risks, not just for their specific responsibilities, but for the larger risk of the organization.”
“When establishing security standards for software development, maybe we can have a software-secure label, just like we have an FDA-approved drug label,” Singh added.
According to the Cybersecurity and Infrastructure Security Agency (CISA), the five pillars of zero trust architectures are identity, device, application workload and data. Singh emphasized that neglecting any one of these pillars may likely result in an incomplete model.
The core of BEP’s approach to maintain visibility across their network and improve threat detection and response is leveraging the three W’s of zero trust: who’s accessing the network, what actions are they performing, and where on the network can they be found, Singh said.
“Our primary strategies focus on the management of identity and data, but answering all of these questions in real time is crucial and represents your agency’s current stage,” Singh said. “I’ve learned in this zero-trust journey that it’s very important to choose tools that integrate well with our existing architecture.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Energy Exploring AI in Clean Energy, Supercomputing
Jennifer Granholm outlines how DOE is training AI models to use data sets, enhance super computers and power electrical grids.
5m read -
Opinion: How the Election May Impact Federal Contracting Businesses
Government contractors should prepare for changes in the federal acquisition landscape following presidential election results.
6m read -
CISA Cyber Campaign Emphasizes Resiliency Around Threats
CISA’s David Mussington highlights an initiative urging organizations to take steps to ensure critical systems are more resilient to threats.
5m read -
Navy Deputy CIO: Zero Trust Boosts Navy Cyber Defenses
Barry Tanner shares how the department is tackling zero trust amid evolving threats around supply chain disruptions and quantum.
5m read