Biden’s Executive Order Brings ‘Zero Trust’ Policy To Government Agencies

cybersecurity

President Joe Biden is calling for stepped-up authentication. To be more specific, Biden issued an executive order this week — number 14028, titled “Improving the Nation’s Cybersecurity” — that would modernize cyber defenses, and in effect, mandate continuous authorization through a “Zero Trust” design.

The order, of course, comes against the backdrop where hackers disrupted a major gas and fuel pipeline that serves the East Coast of the United States and demanded (and got) ransomware. And even a cursory scan of headlines reveals just how relentless the waves of attacks have become.

“The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy. The Federal Government must improve its efforts to identify, deter, protect against, detect, and respond to these actions and actors,” reads the Monday (May 17) order.

The narrative states that “incremental improvements” will not be enough — the federal government needs to make “bold changes and significant investments” to modernize infrastructure and protect its infrastructure and data flows.

As part of those efforts, “minimum standards” for testing software code used by government agencies would be developed. And in addition, according to the document, government agencies would have to advance toward “Zero Trust” architecture and a pivot toward secure cloud services.

The Zero Trust approach is governed by a philosophy acknowledging that, according to the document, “threats exist both inside and outside traditional network boundaries” and that a breach is inevitable or has already occurred.

The model eliminates trust in any part of the ecosystem, including nodes or services — and mandates that there is continuous verification of operations and data flows.

Zeroing In On Zero Trust  

“In essence, a Zero Trust Architecture allows users full access but only to the bare minimum they need to perform their jobs. If a device is compromised, zero trust can ensure that the damage is contained,” per the order.

The order also stated that “within 180 days [of the order itself] … agencies shall adopt multi-factor authentication and encryption for data at rest and in transit, to the maximum extent consistent with Federal records laws and other applicable laws.”

The FIDO Alliance said it supported the order, and specifically, multi-factor authentication, declaring in a statement that Biden’s action “marks an important step forward, in that it makes clear the priority is protecting every account with MFA — without mandating any specific technology.”

Recent research from PYMNTS and Entersekt, via the Mobile Banking App Playbook, show that the vulnerabilities and need for modernization are not limited to government agencies. As reported, 70 percent of consumers have embraced digital banking. But along with that digital shift, advanced technologies must be deployed in the battle against hackers. Roughly 49 percent of consumers we surveyed said that authentication control is akin to security, and that such control gives them peace of mind. Roughly 56 percent of respondents think that having more control over authentication procedures would give them “much lower” or “somewhat lower” risk of fraud.

Read More On Cybersecurity: