Zero Trust: the Evolution Toward Enhanced Cybersecurity
Defense technology leaders underscored the critical role of zero-trust principles, culture and strategic cloud migration in fortifying cybersecurity during a panel dicussion among senior cyber leaders at AFCEA's TechNet Augusta conference.
For the Army, there are two guiding principles in implementing increased levels of security.
“We're going to talk about what we're doing towards zero trust, the unified network plan, to improve the user experience, as well as the improving the cybersecurity posture,” said Brig. Gen Jacqueline Brown, U.S. Army director of Network Command, Control, Communications and Computer Services and Integration.
One speaker offered a perspective on the importance of securing data in defense networks.
“The data that flows and interconnects, and the information exchanges are the lifeblood of a mission,” explained CW5 Angel L. Rivera, USA, command chief warrant officer, White House Communications Agency.
If you lift and shift your environment into the cloud, all you did was migrate your problem.
As the Department of Defense improves network security, the National Guard must adapt to improve its cyber posture as well as work with those individuals whose behavior may put information at risk.
“We really are changing the culture and really doing hands on with those partners that we work with every day,” said Kenneth McNeill, chief information officer and director, Command, Control, Communications & Computers Systems Directorate, National Guard Bureau.
McNeill stressed how personnel and partners from the private sector required more attention in this shift over government agencies, including civilian ones. This includes the aftermath of the deadly wildfires in Hawaii’s Maui.
“An example of that is we're supporting Hawaii right now, so with their local state agencies, and nongovernment agencies that we have to communicate with, we have to share data with them and we have to make sure that even though you have the common mission with them, that you're doing it in a secure way,” McNeill told the audience at AFCEA’s TechNet conference on Wednesday.
“What we've seen from a commercial standpoint is that there are people, process and technology; all three are equally important,” said Taylor Hathorn, managing consultant at Guidehouse.
A fool with a tool is still a fool.
Hathorn alerted attendees about the importance of culture, in line with McNeill’s comments.
“A fool with a tool is still a fool, so you can get the sexiest zero-trust, highest, most expensive thing and it's not going to matter if your stakeholders aren't engaged,” Hathorn said.
Along this line Hathorn stressed that improving security is also a communication challenge, getting the technical knowledge and the awareness to all those with access.
Another aspect of the current Department of Defense migration to the cloud that touches on culture is around any problems these changes create, especially when security is overlooked.
“We need to think about how we're migrating to the cloud, so we don't want to migrate our problems … if you lift and shift your environment into the cloud, all you did was migrate your problem,” CW5 Riviera said.
The speakers addressed the audience during the AFCEA IDEA Panel: Senior Cyber Leaders Discussion, Moving Toward Zero-Trust Cybersecurity Principles panel. Col Michael B. Black, USAF (Ret.), vice president for defense, AFCEA International, moderated and Travis Rosiek, public sector CTO at Rubrik, also served as a panelist.