In January the federal government took two significant steps that will drive a national change in cybersecurity. First, on January 19, the Federal Government ordered a National Security Memorandum that, among several measures, requires the defense, intelligence, and national security communities to move toward Zero Trust architecture and other new cybersecurity standards. A week later, on January 26, the Office of Management and Budget released its plan to move all agencies toward Zero Trust.
Both announcements advance a plan the administration laid out in a May 2021 executive order on cybersecurity that is expected to ripple through the economy, first with contractors that do business with the government and eventually to all businesses. A 2021 study by Microsoft found 76 percent of businesses across a range of industries have begun Zero Trust implementation, and in the United States, businesses’ implementation level leaped from 70 percent to 79 percent in just eight months. A Gartner study found that the finance and healthcare sectors have been early adopters, following the government itself.
The government’s moves come after a record-breaking year for high-profile cyberattacks that directly disrupted critical infrastructure, highlighted by the Colonial Pipeline ransomware attack. The Colonial Pipeline breach caused panic-buying and gas shortages on the east coast. Other attacks targeted hospitals, the Oldsmar water treatment facility in Florida, a southern California water system, U.S. oil and gas pipelines, and U.S. defense and technology firms.
These attacks have become more frequent and successful due to the proliferation of connected devices and the growth of remote and virtual work, which creates millions of network endpoints, each a vulnerability to exploit.
The attacks pose a variety of risks to both public and private-sector companies and their customers, and to government agencies and citizens. Unauthorized access and data breaches expose trade secrets and personal identifiers, allow takeovers of critical systems and infect systems with malware or ransomware. The average data breach now costs almost $4 million to resolve, and 54 percent of manufacturing firms suffered a cyberattack in 2021.
The Zero Trust architecture, at the core of the federal government directives, addresses those vulnerabilities with a revolutionary approach to cybersecurity. Traditional security, such as firewalls and VPNs, erects a wall around the network, and once users are inside that wall, they have access to everything inside. Zero Trust presumes every request for access, at any point in the network, could be unauthorized and requires verification at every access request.
Using cryptographic micro-segmentation to isolate, identify and monitor data packets to determine whether they should have access at each step of the network represents innovation in the Zero Trust approach to security. Essentially, this approach makes the network invisible to unauthorized users, greatly reducing the attack surface and protecting critical information and assets. By applying the Zero Trust framework to the entire network a secure foundation for Secure Access Service Edge (SASE) implementations and critical infrastructure protection is created.
Addressing the challenges faced by government agencies of all levels requires sound planning, budgeting, and execution. With its roots in the U.S. intelligence community and extensive experience with government and private sector clients, Onclave Networks can help organizations of all kinds to be ready to meet the nation’s new cybersecurity standards.
Jim is the CTO and co-founder of Onclave Networks with over 30 years of experience specializing in development and infrastructure engineering. He authored two patents, one around Dynamic Cipher Key Management which is the foundation of Onclave’s Trusted Secure Communications platform and another on Blockchain Performance Enhancement. Before Onclave, Jim co-founded Advanced Paradigms, Inc. which grew from 4 principals to over 280 employees in 4 years. Jim has held positions with Vitro Laboratories, Unisys and Microsoft. He holds a BS in Aeronautical Engineering from San Jose State University and is a commercial pilot, flight instructor and certified Airframe and Powerplant engineer.