As Federal agencies continue on their zero trust journeys, Federal officials on Thursday stressed the importance of being intentional with their cybersecurity tools and budgets in order to remain a step ahead of adversaries.
At the Visualyze Zero Trust Security Summit hosted by MeriTalk and Gigamon on Feb. 29 in Washington, D.C., Office of Personnel Management (OPM) Chief Information Officer (CIO) Guy Cavallo explained how a defense in depth strategy is no longer enough to defeat adversaries.
“What I love about zero trust is that it forces you to really look at every individual and what resources do they need in your agency. The defense in depth world will not survive today’s AI attacks – period. You will lose every time,” Cavallo said.
To further explain his point, the CIO compared defense in depth to going to a baseball game at D.C.’s Nationals Park. For instance, he said defense in depth is like having a ticket to the game and gaining access through the gate, but once you’re in, you can go on the field or in the dugout.
“With zero trust, what we’re saying is, ‘Guy Cavallo uses these four applications, once he’s in the OPM network, those are the only things he can get to,’” he explained. “So, that level of granularity is really important.”
Cavallo also recommended that Federal agencies keep their cybersecurity tools “as simple as possible,” noting that using “two or three tools at 100 percent” is better than buying 25 cybersecurity tools and having a false sense of security.
Going forward, OPM’s CIO also stressed the importance of moving those cybersecurity tools to AI.
“If you don’t move your cybersecurity to AI, you will be defeated,” Cavallo warned. “The Russians, the Chinese, all the adversaries out there, a 15-year-old in Iowa, they will use AI to find your weaknesses. So, you have to factor that in.”
“If you really want to use AI, I think you need to have your data in the cloud,” he added. “We’re already on a two-year sprint for the cloud and most of our applications are moving there so that we’re going to be well positioned for AI.”
At the Department of Homeland Security (DHS), Deputy CIO Beth Cappello said that her agency just shut down its last mainframe a couple of weeks ago.
As DHS celebrates that success and looks to the future of cloud and AI, Cappello said she is stressing the importance of a “continuous change management model.”
“If we’re making decisions about how we’re spending money to secure our environments, we don’t have unlimited budget,” Cappello said.
“Whatever technologies we’re using, we’re going to have to be really intentional about the return on the investment because, I think we’ve all witnessed over the last few decades, the threats and the attackers and our adversaries, in many cases, their budgets are unlimited,” she added. “We don’t have that luxury. So, continuous assessment of your environment is where I see us going.”
After over 30 years of government service, Cappello is retiring from her role as deputy CIO on Tuesday. Rear Adm. Christopher Bartz will be stepping in as DHS’s new deputy CIO.