Move to Zero-Trust Architecture a Tough Slog for Federal Government: CSIS
Implementing zero-trust architecture (ZTA) in the federal government, per executive order 14028 by President Joe Biden last year (see 2204080039), won’t be easy and will require a different approach in different agencies, said a Center for Strategic and International Studies…
Sign up for a free preview to unlock the rest of this article
Export Compliance Daily combines U.S. export control news, foreign border import regulation and policy developments into a single daily information service that reliably informs its trade professional readers about important current issues affecting their operations.
report released Thursday. “Shifting from perimeter defense to ZTA is not as easy as flipping a switch; it is a complex undertaking,” the paper argues: “It involves more than procuring new hardware and software. Making such a shift requires adopting new policies, processes, and structures.” CSIS said a top barrier is what it calls “tech debt.” The federal government spends about $90 billion each year on IT, with most of the money dedicated to maintaining “legacy, often antiquated systems,” the report said: “Departments and agencies often find it challenging to secure funding and authorization for new large-scale IT modernization efforts and relatively easier to obtain funding for existing systems. This dynamic often motivates agencies to focus on operating and maintaining existing systems rather than pursuing new capital investments.” Another concern is a lack of urgency by government leaders, CSIS said. “The federal government, as a whole, really needs to understand the why and commit to the how,” said Emily Harding, CSIS deputy director, during a webcast. “ZTA can create friction for the user, but that’s OK,” she said. “U.S. government employees need to understand why they should make the effort, why the friction is worth it,” she said. The federal government needs to become “as efficient as a Google or an Amazon” but “we’re a ways from there,” said James Lewis, CSIS senior vice president. New infrastructure relies more on AI, the cloud and other new technologies, he said. “The old approach to cybersecurity isn’t going to work,” he said. Getting the federal government to change won’t be easy, Lewis said. “It’s a huge entity,” he said: “It has thousands, sometimes millions of parts. The parts don’t always want to cooperate.” The attitude can be “I can just wait 18 months and these political appointees will go away, and I can go back to what I've been doing,” he said. Legislative mandates, budget directions and standards can help move the government, he said.