U.S. Marine Corps Lance Cpl. Alex Oley, a field radio operator with Charlie Company, 8th Communication Battalion, conducts a radio communication check during Exercise Cyber Fury 21, at Camp Lejeune, North Carolina, July 26, 2021. Cyber Fury 21 is the third iteration of this exercise designed to enhance the capabilities of Delta Company by simulating a series of cyberspace attacks in order to sharpen and hone cyberspace defensive countermeasures. (U.S. Marine Corps photo by Cpl. Armando Elizalde)
The need to secure networks and data is an imperative for Defense Department organizations. While the DoD often leads the federal government in innovation, when it comes to implementing a Zero Trust methodology for cybersecurity, however, it is federal agencies that have progressed farther and begun to realize measurable results.
As it embarks on its own Zero Trust implementations, the DoD can benefit greatly from lessons learned and best practices already proven out by forward-thinking federal agencies — especially in addressing three of the most important cybersecurity threats: 1) expanding attack surfaces and loss of the perimeter due to use of mobile devices and cloud platforms; 2) privileged accounts with access to more sensitive data than ever before; and 3) the proliferation of unstructured data that can be stored and shared.
By taking a never-trust-always-verify philosophy, Zero Trust also addresses one of the DoD’s most vulnerable attack vectors — third-party vendors in the supply chain. Breaches from this group were the source of many significant attacks in recent years, and we can expect the volume, velocity, and intensity of attacks to increase.
Fortunately, the Zero Trust approach to cybersecurity doesn’t rely on new technology to secure against those threats. Instead, it packages together a set of existing technologies in a holistic way that makes the whole greater than the sum of its parts.
The US Department of Homeland Security (DHS) and its agency US Citizenship and Immigration Services (USCIS) both have advanced Zero Trust implementations, and two of their senior cybersecurity leaders joined Breaking Defense for an hour-long podcast on what they’ve learned.
They are: Brian Forsythe, director, Technical Architecture & Engineering Division for DHS, who served 21 years in the US Air Force; and Shane Barney, chief information security officer for USCIS.
During the podcast, they discuss the following questions and many more.
- What are the military and federal specific challenges associated with cybersecurity and how does Zero Trust fit in?
- How can Zero Trust help to secure third parties in the supply chain?
- What is the connection between identity and Zero Trust? What is the connection between Zero Trust and the cloud?
- What are the full ecosystem of controls that DHS and USCIS rely upon for protection?
- What current set of controls can be implemented using the security tools that the DoD and federal agencies already have in place today?
