Agency hacks could accelerate push to zero trust security model

zero trust network 

Chris DeRusha, the federal chief information security officer, on Thursday in hearing with senators said the White House will push federal agencies to start moving toward a new "zero trust paradigm."

"In this new model, real-time authentication tests users, blocks suspicious activity and prevents adversaries from the kind of privilege escalation that was demonstrated in the SolarWinds incident," he told lawmakers on the Homeland Security and Government Affairs Committee.

"Many of the tools we need to implement this model already exist within industry and agency environments, but successful implementation will require a shift in mindset and focus at all levels within federal agencies," he continued.

Zero trust, which dictates organizations should manage their network security under the assumption they are already compromised, is not new, but it has become a popular topic for cybersecurity analysts since the breach involving SolarWinds was discovered. This is because the hackers behind the campaign attacking SolarWinds have moved laterally across government networks even after their initial entry, according to the Cybersecurity and Infrastructure Security Agency.

DeRusha's comments are significant because the Office of Management and Budget, where the federal CISO office is housed, has a key role in shaping IT and cybersecurity policy across the federal enterprise.

Brandon Wales, CISA's acting director, who testified alongside DeRusha, also suggested at the hearing the government's failure to catch the intrusion had to do with an over emphasis on network perimeter security and a lack of internal detection methods.

"Part of the challenge is that you can only secure what you can see and over the past decade our system of protection that has largely relied upon sensors deployed at the perimeters of networks that is designed to be fed by intelligence," about known threats, Wales said. "Our adversaries have advanced, they are no longer using the same infrastructure to target us repeatedly."

He also said CISA will use funding from the American Rescue Act to invest in new tools for endpoint detection tools but that ultimately agencies need to find a balance between both forms of security.

"That balance was too far out of whack in the past it is too focused on the network and not enough inside of networks at the host," he said.

About the Author

Justin Katz covers cybersecurity for FCW. Previously he covered the Navy and Marine Corps for Inside Defense, focusing on weapons, vehicle acquisition and congressional oversight of the Pentagon. Prior to reporting for Inside Defense, Katz covered community news in the Baltimore and Washington D.C. areas. Connect with him on Twitter at @JustinSKatz.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected