White House instructs US federal agencies to adopt ‘zero trust’ strategy as part of increased protection against cyberattacks
The White House has ordered all US federal agencies to adopt a ‘Zero Trust’ security model within the next two years.
The new strategy announced today in a memorandum from the Office of Management and Budget (OMB), whose remit is to supervise the implementation of the President’s vision across the US Executive Branch.
It comes after President Joe Biden signed an executive order in May 2021 to improve the nation’s cybersecurity capabilities.
Then last November the Biden administration and CISA ordered all US Federal Agencies to tighten up cybersecurity loopholes by patching hundreds of cybersecurity vulnerabilities that are considered major intrusion risks within a six month period.
And now the White House and OMB have “released a Federal strategy to move the US Government toward a ‘zero trust’ approach to cybersecurity,” in an effort to “reduce the risk of successful cyber attacks against the Federal Government’s digital infrastructure.”
The White House said that sophisticated cyber attacks have underscored that the US federal government can no longer depend on conventional perimeter-based defenses to protect critical systems and data.
“The zero trust strategy will enable agencies to more rapidly detect, isolate, and respond to these types of threats,” said the White House. “By detailing a series of specific security goals for agencies, the new strategy will serve as a comprehensive roadmap for shifting the Federal Government to a new cybersecurity paradigm that will help protect our nation. These goals are directly aligned with and support existing zero trust models.”
“In the face of increasingly sophisticated cyber threats, the Administration is taking decisive action to bolster the Federal Government’s cyber defenses,” said acting OMB Director Shalanda Young. “This zero trust strategy is about ensuring the Federal Government leads by example, and it marks another key milestone in our efforts to repel attacks from those who would do the United States harm.”
“As our adversaries continue to pursue innovative ways to breach our infrastructure, we must continue to fundamentally transform our approach to federal cybersecurity,” said CISA Director Jen Easterly. “Zero trust is a key element of this effort to modernize and strengthen our defenses. CISA will continue to provide technical support and operational expertise to agencies as we strive to achieve a shared baseline of maturity.”
The introduction of the ‘Trust No One’ strategy by the Biden administration has been noted by security experts.
“The White House’s Zero Trust architecture strategy sets forth a detailed roadmap with important requirements for encryption, multi-factor authentication, strong identity management, network segmentation and continuous, dynamic policy enforcement,” said Michael Friedrich, VP at Appgate Federal, which is helping US government organisations achieve Zero Trust status.
“Applying Zero Trust principles is critical in protecting our nation’s IT systems, data and critical infrastructure,” said Friedrich. “We’re thrilled to see a strong focus on rapid action in the final strategy and look forward to continuing to partner with federal agencies as they accelerate their Zero Trust journeys.”