The recent Binding Operational Directive issued through the Cybersecurity and Infrastructure Security Agency (CISA) requiring Federal agencies to immediately patch hundreds of cybersecurity vulnerabilities affirms the Biden administration’s prioritization on securing Federal government networks and reinforces that improved cyber hygiene is critical to protect against malicious adversaries seeking to infiltrate government systems and compromise data.
Earlier this year, the Senate Committee on Homeland Security and Government Affairs issued a bipartisan report entitled, “Federal Cybersecurity: America’s Data Still at Risk” that outlines the challenge the government has with a mountain of technical debt. The report highlights that seven of the eight agencies audited used unsupported applications and technologies, and in doing so neglected to implement basic cybersecurity standards necessary to protect America’s sensitive data.
Although Federal cybersecurity spending has increased significantly over the past 10 years, the problem of securing our critical information and protecting our employees against adversaries hasn’t gotten any easier. And many would agree that the new, hybrid government workforce presents an additional set of challenges.
Bottom line: the proliferation of telework and the complexities associated with legacy government networks – in conjunction with the enduring shortage of cybersecurity professionals to perform these critical services – illuminates the need for the Federal government to modernize existing network security architectures and leverage cloud-native services for today’s network security functions.
The challenge for many agencies is knowing where to start. To securely connect today’s hybrid Federal employee and alleviate the burden on an already taxed cyber workforce, government agencies should adapt their network and security plans and focus their digital transformation efforts on moving to a Secure Access Service Edged (SASE) platform that provides the fundamental zero trust principles for secure connectivity outlined in NIST S.P. 800-207.
Moving to a SASE platform enables agencies to begin to implement a zero trust model, as required by the Biden administration’s Cybersecurity Executive Order issued in May.
When looking for a SASE platform, agencies should prioritize what networking and security capabilities they require to strengthen their cybersecurity posture and understand the impact their near-term decisions will have on their longer-term goals. Implementing the correct SASE service – one that provides native IPv6 support throughout the entire platform, for example – is critical for the Federal government to achieve its zero trust goals.
Some agencies will also start deploying Zero Trust Network Access (ZTNA), replacing their VPNs as a first step. Having ZTNA as an integrated security microservice within a SASE platform – and not as a standalone product – will help simplify and streamline the end-state architecture.
Insight into the expected end state – not only from a technology perspective, but also including doctrine, people, and process – will allow Federal agencies to achieve the outcomes they’re looking to accomplish through modernization: increased security, reduced cost and complexity, improved performance, ability to deliver on mission, and assured compliance.