Nearly two years after the White House released its cybersecurity executive order (EO) that homed in on zero trust, Federal agencies are well on their way to completing their zero trust maturity journeys and are using the president’s guidance as an opportunity to modernize their systems.
“I love executive orders because they’re all about guidance and advice, but with very little teeth,” United States Patent and Trademark Office (USPTO) Chief Information Officer (CIO) Jamie Holcombe said this week at ServiceNow’s Federal Forum in Washington, D.C.
“That’s because you should have the ability to operate within any guidance,” Holcombe added.
President Biden’s May 2021 EO, Improving the Nation’s Cybersecurity, assigned marching orders to Federal agencies to move to zero trust architectures (ZTA), and the Office of Management and Budget’s (OMB) Federal ZTA strategy – released shortly after Biden’s EO – gave agencies deadlines to nudge them further along in their zero trust journeys.
“Given these Federal mandates, it’s now widely accepted … that Federal agencies move towards zero trust architecture,” ServiceNow Chief Information Security Officer Ben de Bont said during a panel discussion on March 13. “So, it’s not a matter of if, but when.”
Energy Department (DoE) CIO Ann Dunkin said her agency is working together to implement these mandates and get to a zero trust solution.
“We’re a very diverse environment and we’re not going to have a one-size-fits-all,” Dunkin said. “Our goal is not to define a strategy at headquarters … but to work together to get to a solution.”
The CIO explained that DoE established a zero trust working group that encompasses a wide range of people within the department. The group meets every week to push the agency’s security goals forward.
“We’re working together to, number one, measure the current maturity of zero trust within DoE, and then develop implementation plans,” she said. “It’s an effort to move a really diverse group of people and organizations forward all together … I think it’s a path that’s going to serve us well moving forward.”
Kelly Fletcher, the State Department’s new CIO, said implementing the Federal zero trust mandate has been challenging due to the legacy technology her agency operates with.
“What makes this hard – I think like everyone here – we’re operating with a lot of legacy technology,” Fletcher said.
“We could hit zero trust out of the park if I was in a green field, but I’m not,” the CIO continued. “So, what we’re trying to do is really couple modernization with zero trust.”
All three of the CIOs hit on the point that the key to reaching their zero trust goals is not only that cultural mindset shift, but also working better together across agencies.
“We have to be more cohesive in our enterprise approach,” Holcombe said. “We need to open up, and we need to have an open cultural incrementalism.”