Network security

Cyber Officials Discuss Zero Trust Concept at Billington Cybersecurity Defense Summit

Current and former federal officials dissected the concept of zero trust and how it applies to the federal government during the recently concluded Billington Cybersecurity Defense Summit.

For Federal Chief Information Security Officer Chris DeRusha, zero trust revolves around three core principles: verifying users, validating devices and limiting network access, Nextgov reported.

“This is obviously a shift away from the prior trust model that assumed if a user is behind a firewall, then you know they can be trusted,” DeRusha said.

Former federal CISO Gregory Touhill added that zero trust is more of a strategy and does not refer to a singular technology that agencies can purchase.

The federal government’s zero trust efforts are guided by the National Institute of Standards and Technology’s Special Publication 800-207. The document factored in input from members of the industry who coined the term and other early adopters.

Over the past few years, DeRusha said agencies have started building foundations around identity and credential access management.

During the summit, federal officials also emphasized the need to move away from siloed cybersecurity budgeting, wherein each agency forms its own budget request to address specific needs.

Tonya Ugoretz, deputy assistant director for the FBI’s cyber division, said the government should fund cyber efforts in a more collaborative way since the current cyber environment requires interoperability between agencies.

Ugoretz’s statement was echoed by Chris Inglis, President Joe Biden’s nominee to be the first national cyber director.

According to Inglis, creating more integrated and collaborative relationships would make immediate impacts, considering the varying capabilities, authorities and levels of willingness in today’s society.