Cybersecurity
VA Official Highlights Efforts to Adopt Zero Trust Security
The Department of Veterans Affairs has been ramping up its efforts to adopt zero trust cybersecurity principles, according to a top department official.
Royce Allen, director of enterprise security architecture at VA, said the department needs to review what areas it needs to protect amid a changing cyber threat landscape, GovernmentCIO Media and Research reported Tuesday.
“Our boundaries continue to expand and expand beyond that. Now, we’re in a place where we really have to collaborate without vendors so that we can protect that environment,” Allen added.
According to Allen, the department has been developing a zero trust strategy over the past year and is now looking for ways to implement it for critical data.
Allen said VA is prioritizing the use of zero trust for protecting health services and mitigating exploits in supply chains.
VA also plans to launch security awareness programs aimed at training its workforce on relevant technologies and basic cyber hygiene, Allen added.
She added that VA’s data governance committee is currently working on a data management plan that involves plotting the department’s workflows.
Zero trust is one of the key elements of President Joe Biden’s May 12 executive order on government-wide cybersecurity.
The White House is reportedly developing a zero trust strategy in collaboration with the Cybersecurity and Infrastructure Security Agency, the National Institute of Standards and Technology and the National Security Agency, among others.
Zero trust could be particularly helpful in addressing ransomware in the health care sector, a top public health official previously said.
Rob Wood, chief information security officer at the Centers for Medicare and Medicaid Services, said the architecture’s limits on resource access can slow the spread of malware in a compromised network.
Category: Federal Civilian