The sharp uptick in successful cyber attacks during the COVID-19 pandemic serves as a stark reminder to government leaders that their existing security strategies still leave adversaries plenty of vulnerabilities to exploit.
According to former White House security advisor Dan Prieto, cyber attackers continue to find new ways to capitalize on weak points in legacy infrastructure and virtual private networks (VPN), compromise email and insert malicious code into software supply chains.
The increased pace and boldness of these attacks raises critical questions “about the metrics of what constitutes successful cyber security,” says Prieto, head of cybersecurity strategy for Google Cloud Public Sector.
“Every agency already has many of the ingredients [for zero trust],” says Prieto, including network security, endpoint and application security, malware protection, identity protection and more.
“The executive order is really an inflection point” he says in a new podcast, produced by Scoop News Group and underwritten by Google Cloud. “What zero trust demands is coordinating, integrating and orchestrating those [siloed] solutions to really drive [better outcomes].”
For agency leaders who are looking for ways to improve on the mission and citizen experience, Prieto suggests they start by looking at the core relationships between IT and their business-mission. With a more integrated security strategy, agencies will be able to better prioritize the applications and data that are most important to the mission, and which would have the largest impact if disrupted.
“There’s actually a lot of guidance out there already that can help organizations prioritize the applications and data that are most important to their mission. There’s guidance, for example, on the federal civilian side out of the Office of Management and Budget — and that’s guidance that I worked on when I was in the White House, regarding high value assets. And on the national security and DOD side, there’s similar guidance to think about what high value assets are,” Prieto says.
Additionally, Prieto stresses the importance of leveraging the native security capabilities from cloud providers with proven experience implementing zero trust as a way to accelerate government’s journey to zero trust.
Listen to the podcast for the full conversation on zero-trust strategies for government. You can hear more coverage of “IT Security in Government” on our FedScoop and StateScoop radio channels on Apple Podcasts, Spotify, Google Play, Stitcher and TuneIn.
This podcast was produced by Scoop News Group and underwritten by Google Cloud.
Daniel B. Prieto formerly served as Chief Technology Officer in the Department of Defense Office of the CIO and then as Director for Cybersecurity Policy on the staff of the National Security Council in the White House. He has held senior executive, advisory or research roles at IBM, the Council on Foreign Relations and the Center for Strategic and International Studies at McKinsey, before joining Google Cloud three years ago.