Identity management is one of the main pillars of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model, but CISA’s program lead for the Trusted Internet Connection (TIC) program office Sean Connelly said that while identity is an important pillar, it should not be the only pillar agencies focus on.
Connelly said a hyper-focus on the identity pillar without building the other pillars of the zero trust model – networking, devices, applications, and data – there was still potential for intrusion and exploitation.
“When it comes to zero trust, it’s important to not neglect the other pillars, Connelly warned. “When only focused on identity, agencies will still be vulnerable to threats, which is called SAML (Security Assertion Markup Language) attack. Users must also focus on the network, device, [and] other pillars to achieve optimal security environments.”
Specifically, Connelly warned of a tactic called the Golden SAML attack, which he said was one of the tactics used in last year’s SolarWinds campaign. The tactic sees the threat actor taking over the server that deals with authentication certificates and gives itself a forged certificate. When the server questions the attacker’s identity, they then produce the forged certificates and are potentially seen as legitimate.
This is one of the pitfalls of focusing entirely on the identity pillar of CISA’s Zero Trust Maturity Model, according to Connelly. To help protect agencies and their networks, Connelly stated that the Protected Domain Name Service (PDNS) platform CISA is rolling out next year should help protect agencies’ networks. The PDNS will be provided at no cost to agencies.
“It’s important that when talking about zero trust is talking about situational awareness,” Connelly said. “We want to make sure that when we provide zero trust solutions and when agencies deploy these that we aren’t blinding ourselves in different ways, and to remind everyone one of CISA’s primary missions is to have that persistent situational awareness to build and maintain that panoramic visibility across the Federal enterprise.”
“So, in order for CISA to maintain that visibility and situational awareness, both agencies and CISA need to reconsider current visibility strategies and tools,” he added. “We need to understand what new possibilities are there. So, each of these different steps … we need to reconsider now in a zero trust environment.”