The Federal government has come a long way with implementing zero trust security architectures, but Federal chief information officers (CIOs) and chief information security officers (CISOs) hope the future of zero trust is “instinctive,” and something that is naturally baked into agencies’ programming.
During an August 16 event hosted by Federal News Network, Gerald Caron, CIO for the Department of Health and Human Services (HHS) Office of the Inspector General, explained that when he first introduced zero trust to the HHS staff it was “an education to be had.”
Nevertheless, agencies now have zero trust guidance documents at their fingertips, including the Federal Zero Trust Strategy drafted by the Office of Management and Budget, the Zero Trust Maturity Model drafted by the Cybersecurity and Infrastructure Security Agency (CISA), and the Cloud Security Technical Reference Architecture also drafted by CISA.
These documents provide agencies with roadmaps and resources for their security migration. However, Caron said he finds that “across the Federal government, there’s still education to be had around zero trust.”
For this reason, Matt Conner, CISO at the Office of the Director of National Intelligence, said he would “love for zero trust not to be special” in the future.
“What I mean by that is, it’s just instinctive. We do it as a natural course of our business,” Conner said. “I’d love to be at the place where zero trust is just naturally part of our programming – it’s part of how we approach program management and program management reviews; it’s how we approach accountability; it’s part of our conversation with leadership; and it’s just another discipline of information technology that we instinctively know.”
“I’d love for zero trust to be the thing that we just do, and it’s not the kind of thing we convene panels about, because we all know it cold,” he added.
Tonya Manning, director and CISO at the Environmental Protection Agency (EPA), predicted a similar future for zero trust.
Manning explained that in two or three years, she predicts zero trust will be baked into agencies’ culture, enabling “true transformation across the Federal government.”
“I see zero trust being a term that is endearing to everyone,” Manning said. “Everyone recognizes and knows what it is, but it’s also the culture shift to understanding it’s not something that’s temporary but the methodologies underneath it. It’s here to stay.”