In an interview with MeriTalk, Army CIO Lt. Gen. Bruce Crawford succinctly and effectively explained the challenge that the transition to remote work poses—we now have to “defend the living room.” Traditional cybersecurity methodologies were designed to protect the servicemen and women who worked in known, defensible borders, like the Pentagon.
A recent GCN report found that “89% of cybersecurity professionals surveyed said COVID-19 has been a stress test for every security control and policy within their organizations.”
Unfortunately, but unsurprisingly, hackers are not wasting the opportunity presented by the rapid transition to telework. Allen Hill, acting deputy assistant commissioner at the Federal Acquisition Service at the General Services Administration, has cited attacks at end points of the newly expanded cyber-threat surface.
So the question is, where do we go from here?
On the policy side, Congress is holding hearings on “reinventing the wheel” on telework for federal employees; given that the most recent updates to the federal telework guidelines predates an iPhone 5, this is a much-needed step in the right direction.
On the implementation side, we need to get serious about network governance and Zero-trust networking:
As Maurice Uenuma points out for GCN, monitoring the increasingly vast and more dispersed networks with a multitude of endpoints can get extraordinarily complicated and requires us to have the right tools to understand and assess the changes happening on our network. “When it comes to monitoring for potentially malicious or unauthorized changes, it is essential to be able to identify business-as-usual changes vs. changes that indicate trouble.”
The concept of zero-trust networking is simple—don’t trust, do verify. Nothing comes in without proper authentication. The actuality is much more complicated. Similarly, to the other elements of network oversight, establishing zero-trust requires establishing a basis of “normal” activity, which has to be flexible, because, as we all know, normalcy is a tenuous state at best.
Experts at a recent FCW round table introduced related but relevant topics like “variable trust” and “trust decay” that are essential to understand as we move forward.
Of clear importance is the necessity of system wide shifts and the right technology for implementation—in particular, AI, ML, and automation.
The reality is that we are going to be dealing with the implications of COVID19 on our workforce and our cybersecurity posture for much longer than we might all hope, and, frankly, the net value of this increased, secure flexibility, will extend even beyond that.
multicloud, distributedcloud, cloudengineering, cloudnetworking, securityautomation, cloudsecurity, cloudarchitecture, governance, zerotrust, edgecomputing, automation, innovation, fedit, govcon, internetofthings, identityaccessmanagement, privilegedaccessmanagement, artificialintelligence, aiml, identitycredentialing, accessmanagement stsnews keepitsimple