The rapid adoption of agile and flexible technologies to support remote work is progressing in full swing. While this move continues unabated, there are a host of cyber security threats, risks and challenges lurking around as well.
With every passing day, cyber attacks are getting stealthier and more frequent. That is just one part of the challenge, because it is the shift in attack patterns that is really causing worries for top decision makers across the US Administration.
Modern cyber attacks don’t seem to be geared much towards operational disruption or extorting ransom, which normally used to be the intent behind such attacks. Now, cyber attacks are targeting the core infrastructures of entire countries, affecting the masses.
Some of the most glaring and recent examples of such cyber attacks include the ones on SolarWinds and Colonial Pipelines. Cyber security experts believe electrical grids, power plants, dams, pipelines and other core infrastructures will remain a top target.
Amidst all this chaos and uncertainty, the recent cyber executive order by the Biden Administration is a welcome step in the right direction. In compliance with the laid down guidelines, the federal US agencies are moving towards Zero Trust Architectures (ZTA).
The move towards Zero Trust Security protocols at the government level was also fuelled by rapid adoption of cloud solutions and remote work policies. However, the path towards effective zero trust architectures has its own set of challenges and limiting factors.
Data – The Bedrock of Zero Trust Security
According to an industry partner of America’s Cybersecurity and Infrastructure Security Agency (CISA), data is one of the most essential and pivotal elements of zero trust. Data, automation and logging services are very essential for a robust security posture.
The collection, processing and analysis of data will be critical in identifying potential areas of vulnerability that can be exploited by malicious actors. On the basis of this data, special measures can then be taken to plug any loopholes in security.
A recent memo by the US Federal Government has asked all federal agencies to submit their implementation plans for Zero Trust Architectures within the next sixty days. However, this is just about the stage that challenges start to emerge.
The foremost challenge that federal agencies are grappling with is funding. Normally, the mandates prescribed by the Federal Government are backed by funding. This apparently does not seem to be the case here, at least in part.
It is expected that the US Technology Modernization Fund will chip in with some funding for the federal agencies. For any shortfall that arises in the implementation of Zero Trust, the agencies are being urged by the Government to “re-prioritize” their budgets.
Funding challenges aside, there are also deep rooted cultural challenges associated with the implementation of Zero Trust Architectures. Cyber security teams at most federal agencies have been focused more on the network perimeter approach, which is obsolete.
So, there will also be the need to usher in a major cultural change in federal agencies. Zero Trust Architectures run contrary to the concept of “un-checked” access to the network, once a user is within its perimeter.
The IT systems and networks of most federal agencies have been built piece by piece, as and when any changes were required. This makes most such existing systems obsolete, as they were not built around the concept of Zero Trust at the very core.
So, in the case of numerous federal agencies, there would also be the need to upgrade legacy IT infrastructures. Such initiatives in turn would require even more financial resources, making this endeavor more challenging than it already is.
The present day cyber threats do not distinguish among federal or private sector institutions. The US private sector is also being urged by the Biden Administration to beef up their cyber security postures through steps like Zero Trust Architectures.
The approach of the current US Federal Government is to lead by personal example, with the private sector following in the footsteps. What makes the involvement of the Private Sector even more important is that the key US infrastructures are managed by it.
In the days to come, let us hope we achieve more clarity on the implementation of Zero Trust Architectures by federal institutions, especially on how such initiatives will be funded, and to which extent.
Regardless of any federal mandates, the private sector will also have to adopt a proactive approach towards implementing robust cyber security protocols across their architectures and networks.
Contact dinCloud, an ATSG Company, for secure Cloud Computing solutions that have stood the test of time.