Zero Trust is a buzzword in the US federal government, which has been growing for several years. Models and guidance from the National Institute of Standards and Technology (NIST), the Department of Defense (DoD), and the Cybersecurity and Infrastructure Security Agency (CISA) helped to clarify what Zero Trust is and how the federal government should approach implementation. To further emphasize the significance of Zero Trust to the US federal government, earlier this year, OMB M-22-09 mandated that agencies take a Zero Trust approach to transform their cybersecurity and reach several significant Zero Trust milestones by 2024.
The aggressive 2024 deadline set by OMB will be challenging as agencies face funding issues, technological complexities, and a significant cultural shift in how they approach cybersecurity and attempt to balance existing infrastructure to enable Zero Trust capabilities. Recent studies have emphasized the significance of a cultural change in thinking and communication to support Zero Trust. For example, the research firm Gartner Inc. published eight cybersecurity predictions for the coming years, suggesting that wide Zero Trust adoption will occur; however, most organizations won't realize full benefits without adopting new mindsets to support the framework.
In the recent report entitled "The Quest for Zero Trust," presented by Fedscoop and sponsored by Forcepoint, researchers examined where agencies believe they stand today and what challenges still exist for agencies adopting Zero trust. The report found that despite significant breaches in past years, such as the SolarWinds supply chain attack, over half of the respondents considered their agency strong or very strong across all five pillars of zero trust. This finding raises the question of whether Zero Trust will be yet another compliance exercise or if agencies will take this as an opportunity to make a cultural shift to Zero Trust principles and truly transform.
In addition to the cultural shift, as agencies grapple with security events throughout their systems and cloud infrastructure, automation of security monitoring and enforcement across the zero trust pillars will be critical for adequate Zero Trust security. Agencies must also maintain and fortify existing security to protect against rising cyberattacks as they implement Zero Trust and rethink their frameworks to protect against increasing cyberattacks.
Time will tell what agencies will be able to accomplish the cultural and technological shift essential to meet the required Zero Trust milestones by the 2024 deadline. In the meantime, download the latest report to learn more about the challenges and road ahead for agencies moving toward Zero Trust.