One Year Post Op - Where Are We Now?

BY ZACH CROSMAN

About a year ago, on May 12, 2021 the President issued an executive order to improve the nation’s cybersecurity standing. The deadline for government agencies to implement these requirements is fiscal year 2024. One of the main reasons for the executive order is a reaction to the increased threat of sophisticated cyberattacks including those from nation state actors. Additionally, in January 2022 a memorandum to the executive order stated that National Security Systems operations have up to 180 days to implement multi-factor authentication, an additional authentication method, for data at rest and data in transit.

One of the main parts of this executive order that is getting a lot of attention is the zero trust implementation. The most basic explanation of zero trust is that all users must be authorized, authenticated, and access must be individually validated for applications and systems. The Cybersecurity and Infrastructure Security Agency (CISA) has created a Zero Trust Maturity Model to assist with setting up zero trust and reaching this deadline. The model breaks down zero trust into five pillars including identity, device, network/environment, application workload, and data. Each pillar is broken down into many functions and are rated from traditional to optimal.

Fast forward 1 year post executive order, government agencies and software vendors continue to have a big target on their back from adversaries. Attacks are becoming more sophisticated and defenses struggle to keep up. The war in Ukraine has led to higher tensions between the United States and Russia and cyber attacks are increasingly likely. While this executive order was signed over a year before Russia's invasion, it may still be effective as agencies are already starting implementation. It is also a prime example of why action was needed.

While the executive order requires implementation by FY 2024, many agencies do not expect to meet the requirements. According to the GDIT study only 63% of respondents expect to meet the requirements on time or early. While there may be a wide array of issues with reaching this deadline, the study found that half of respondents are having issues identifying what technologies they need. Additionally, 48% or respondents don’t think they have the appropriate experience to implement these changes. Replacing legacy hardware is another common issue that slows down the implementation.

If you need help with learning more about zero trust implementation or any other aspect of the executive order, connect our team for assistance at info@sixgen.io.

Last Week in Security - 2024-04-22

Last Week in Security - 2024-04-15

Last Week in Security - 2024-04-08

Last Week in Security - 2024-04-01

Automate Tool Testing with Open Source

Last Week in Security - 2024-03-25

Last Week in Security - 2024-03-18

Last Week in Security - 2024-03-11

Last Week in Security - 2024-03-04

Last Week in Security - 2024-02-26

One Year Post Op - Where Are We Now?

RECENT POSTS

ARCHIVE

FOLLOW US