Cybersecurity mindset

Zero Trust Not a ‘Silver Bullet’ Against Cyberattacks, Experts Warn

Cyber experts from the government and the private sector said zero trust has become the gold standard for cybersecurity and will go a long way to protecting organizations. They cautioned, however, that it is not a “silver bullet” for tackling threats, telling chief information officers that they should not be lulled into complacency, GovernmentCIO reported Wednesday.

In an interview, Don Maclean, chief cyber security technologist at DLT Solutions, and Chris Cleary, the Navy’s principal cyber adviser, discussed the White House’s Executive Order on Improving the Nation’s Cybersecurity and some of the common pitfalls federal agencies might encounter when deploying zero trust. They noted that the elimination of implicit trust and continuously validating every stage of a digital interaction promises to gradually improve cybersecurity overall.

Maclean said that zero trust represents a mindset change but it is “not a matter of fixing everything.” He added that such a mindset provides a “north star” for policy-makers but near-total cybersecurity is unlikely to ever be achieved.

For his part, Cleary also told organizations to treat zero trust like a mindset rather than as a set of rules or tools. He made this comment as he revealed that the Navy will be rolling out a new identity management system in 2022, which will lay the groundwork for zero trust.

Cleary and Maclean both identified culture change as a major hurdle to implementing zero trust across the federal government. For example, the zero trust concept of least privilege, which involves limiting access and privileges to only the ones an employee needs to do his or her job, can be jarring to some organizations, they told GovCIO.