A top NASA official on Feb. 29 used a catastrophic visual to capture the challenge of securing both operational technology (OT) devices and IT in the push for zero trust.
“Just to put a fine point on it, keep in mind that we’re NASA. Some of our OT is in space,” Mark Stanley, the agency’s enterprise security architect and zero trust lead, said at the Visualyze Zero Trust Security Summit hosted by MeriTalk and Gigamon. “If we fail to calculate a risk here, and we cause a problem there, we’re likely to suffer a mission failure, and we simply don’t want to.”
Stanley made his apparent allusion to an accident in space at a summit session focusing on how the necessary intersection of IT and OT as organizations work to implement zero trust security can introduce complexity and opportunity.
In his remarks, Stanley said NASA faces a number of challenges as it pursues zero trust – especially identity management – given the need to share scientific findings with national and international partners.
“There are some challenges from an identity perspective, as you might imagine,” Stanley said. “So, one of the things we’re looking at, in terms of zero trust is how we improve our identity capabilities across the NASA infrastructure.”
With “tons and tons of structured and unstructured data,” he said, NASA has to “make sure that we are properly categorizing, classifying, tagging that information so we can use those zero trust capabilities to not only protect, but also to share that information.”
“Those two things pose a significant challenge for us on the information technology side,” Stanley added. “While we take this over to OT, we have similar challenges there as well.”
His words echoed NASA’s IT strategic plan for fiscal years 2022 to 2026, in which agency officials said they are “transforming NASA’s operations” and vowed to “improve data accessibility for our stakeholders while continuing to implement a zero trust approach to combat ever-changing cyber threats.”
The U.S. Postal Service is also implementing a zero trust strategy, and a key official overseeing it said at the panel discussion that the service faces similar challenges.
“We are heavily focused on identity,” said Heather Dyer, the postal service’s vice president and chief information security officer. “We’re heavily focused on segmenting our network.”
“It’s a journey and it’s one that has to be very thoughtful and laid out in a very concise strategic approach, and we’ve been on [the] journey for several years,” Dyer said.
Some of that approach, Dyer said, involves tightening security for postal service customers while maintaining customer experience. She put the need to maintain that balance in stark terms.
“I don’t want to be the one who is responsible for stopping mail processing across the United States,” Dyer said.