Pentagon taking 'cybersecurity seriously' with new office

By BizClik Admin
Share
The Pentagon is to open a new zero trust cybersecurity office in December spurred by the recent SolarWinds intrusion of federal systems.

The Pentagon has announced it will formally launch a new office dedicated to accelerating the adoption of a new “zero trust” cybersecurity model.

David McKeown, DoD’s chief information security officer, said the office will fall under DoD’s chief information officer and be led by a yet-to-be-named senior executive. The move is part of an acceleration to ongoing zero trust implementation spurred by the Russian-orchestrated SolarWinds intrusion of federal systems.

“We’ve redoubled our efforts, we’ve fought for dollars internally to get after this problem faster,” McKeown said at C4ISRNET’s CyberCon event.

Commenting on the news, Felipe Duarte, Senior Researcher at secure access company Appgate, says by focusing on Zero Trust, "the Pentagon sends a clear message to cyber-criminals that they are taking cybersecurity seriously".

“The SolarWinds' attack revealed how lots of organisations, including government ones, are vulnerable to supply-chain attacks, and that after an initial breach, there aren't enough barriers in current infrastructures to stop the threats from spreading, he said. "The Kaseya attack was another example, where attackers managed to infect lots of Kaseya customers attacking the VSA application. After the attackers get access through any trusted application, they can easily navigate through the network.

"Zero Trust then becomes the natural solution for that. Only by segmenting the networks and assuming all connections can be compromised you can detect an intruder in your network. ZeroTrust needs to be implemented in the core infrastructure, you must profile any device trying to connect in your network, use multi-factor authentication to ensure credentials are not compromised, segment networks creating isolated perimeters, and, most important, only provide access to what a user or a system needs to," he adds. 

"This, along with Biden's memo published earlier this year, should be a wake-up-call to all organisations that haven't adopted Zero Trust yet. The best way to contain the damage from a Ransomware or a Spyware attack is to implement Zero Trust.”

 

 

Share

Featured Articles

Dazz: The Firm that Has Wiz Eyeing an Acquisition

Dazz, an lesser-known cybersecurity firm, has unicron Wiz eyeing and Aquisition

Google's Big Sleep: From Concept to Vulnerability Discovery

Researchers from Google Project Zero and DeepMind have uncovered their first real-world vulnerability using a large language model

Why the UK’s Financial Authority Has Issued a Cyber Decree

The UK’s Financial Conduct Authority (FCA) has issued a cyber directive to financial firms following the CrowdStrike IT outage

Sustainability Secured: SolarEdge Devices Cyber Certified

Cyber Security

Kyndryl and AWS: The Cyber Issues Facing the Energy Sector

Cyber Security

Customer Confidence: Hiscox Reveals Growing Cost of Attacks

Cyber Security