On Wednesday, the White House released a memo outlining a new strategy to bolster the government’s cybersecurity, instructing federal agencies to adopt the practices by the end of 2024. The new strategy comes after other recent moves by the White House to beef up US cybersecurity.
Known as a “zero trust” cybersecurity strategy, this new paradigm holds that “no actor, system, network or service operating outside or within the security perimeter is trusted,” according to Department of Defense Zero Trust Reference Architecture.
This strategy stipulates a stronger emphasis on enterprise identity and access controls, including multifactor authentication. Federal agencies will need to verify everything that is attempting to establish access, and they’ll need to track and verify each user, device, application and transaction in order to block unauthorized access to sensitive information.
The US government has been grappling with cybersecurity threats and vulnerabilities. Two of the most recent examples include last year’s Colonial Pipeline incident, in which a ransomware attack forced the shutdown of a major US petroleum pipeline, and the discovery of Log4j, a security flaw that left tens of millions of web-connected devices vulnerable.
Federal agencies will have two months to present an implementation plan to the Office of Management and Budget and the Cybersecurity and Infrastructure Security Agency.
With zero-trust architecture, the US government looks to continuously adapt to and adopt new technologies that will enhance the work at federal agencies, realizing “the security benefits of cloud-based infrastructure while mitigating associated risks.”