Chris DeRusha, the federal chief information security officer, said agencies largely have the tools they need to adopt zero trust security protocols but making a change will "require a shift in mindset."
Chris DeRusha, the federal chief information security officer, on Thursday in hearing with senators said the White House will push federal agencies to start moving toward a new "zero trust paradigm."
"In this new model, real-time authentication tests users, blocks suspicious activity and prevents adversaries from the kind of privilege escalation that was demonstrated in the SolarWinds incident," he told lawmakers on the Homeland Security and Government Affairs Committee.
"Many of the tools we need to implement this model already exist within industry and agency environments, but successful implementation will require a shift in mindset and focus at all levels within federal agencies," he continued.
Zero trust, which dictates organizations should manage their network security under the assumption they are already compromised, is not new, but it has become a popular topic for cybersecurity analysts since the breach involving SolarWinds was discovered. This is because the hackers behind the campaign attacking SolarWinds have moved laterally across government networks even after their initial entry, according to the Cybersecurity and Infrastructure Security Agency.
DeRusha's comments are significant because the Office of Management and Budget, where the federal CISO office is housed, has a key role in shaping IT and cybersecurity policy across the federal enterprise.
Brandon Wales, CISA's acting director, who testified alongside DeRusha, also suggested at the hearing the government's failure to catch the intrusion had to do with an over emphasis on network perimeter security and a lack of internal detection methods.
"Part of the challenge is that you can only secure what you can see and over the past decade our system of protection that has largely relied upon sensors deployed at the perimeters of networks that is designed to be fed by intelligence," about known threats, Wales said. "Our adversaries have advanced, they are no longer using the same infrastructure to target us repeatedly."
He also said CISA will use funding from the American Rescue Act to invest in new tools for endpoint detection tools but that ultimately agencies need to find a balance between both forms of security.
"That balance was too far out of whack in the past it is too focused on the network and not enough inside of networks at the host," he said.