With many of us using our faces to "open" our phones, biometric technology has become an everyday consumer technology. Capitalizing on the comfort and ease of use of facial recognition, government agencies are looking to incorporate it (and other biometric methods) into their modern cybersecurity plans and approaches but are realizing implementation in a government setting raises a host of complications.
Remote work, necessitated by the pandemic, accelerated many agencies' move to cloud computing. With remote and dispersed teams here to stay, cloud is a critical, if not primary, infrastructure for a number of organizations. With this wide reliance on cloud, the Cybersecurity and Infrastructure Security Agency (CISA) has been releasing Trusted Internet Connections 3.0 Use Cases, which give federal agencies guidance on applying network and multi-boundary security for remote users.
Similarly, the Defense Information Systems Agency (DISA) recently combined its Cloud Computing Program Office (CCPO) with its services directorate and ecosystem. This move, creating the Hosting and Compute Center (HaCC), recognizes the long-term reality of cloud and the role it plays in delivering services and powering everyday work for the agency. The HaCC will be "responsible for providing the warfighter with critical hosting and compute functions using modern data center and cloud capabilities." This functionality supports a number of Defense Department initiatives including Joint All Domain Command and Control.Continue reading →
Each October, the Cybersecurity & Infrastructure Security Agency and theNational Cybersecurity Alliance lead the cybersecurity community in an educational campaign around the impact of cybersecurity breaches and best practices to prevent them. Cybersecurity Awareness Month was created to raise awareness about the importance of cybersecurity among individual citizens and companies alike. As exemplified by the theme, "Do Your Part. #BeCyberSmart," the campaign serves to remind us that everyone has a role in ensuring the security of data and systems.
Events, educational materials, videos, blogs, and more will be produced throughout the month by a variety of government entities, non-profits, and commercial organizations to illustrate this shared responsibility. To organize the vast amounts of information, the month is divided into themed weeks with a focus on the threat of phishing and a push to increase interest in cybersecurity careers:
Recent security breaches via software have made supply chain security a priority across government. No longer is it enough to build security into a solution; now every product that is part of that solution is being examined for its security and risk. In response, the Biden Administration issued a Cybersecurity Executive Order that aims to provide more control over the content of code that comes in contact with government systems and infrastructure.
With so many high-profile hacks this year, it's easy to want to throw up your hands and say, "Is there nothing that can be trusted?!" Interestingly, that lament is what is driving the latest approach to cybersecurity -- zero trust. Zero trust is what it sounds like, a security approach centered on the belief that organizations should not automatically trust anything accessing their systems either inside or outside their perimeters. Instead, all people and devices must be verified before access is granted. To the untrained eye, this seems untenable. How, in this day and age, when we depend on digital information and connection to do most anything, can we use a process where we have to constantly verify identity and access permissions? Luckily, the practice of zero trust is more sophisticated than its premise.