Last week, the White House issued a new cybersecurity strategy outlining a vision of a “zero trust” architecture. The key document was published as a memorandum from the Office of Management and Budget, the administration’s policy arm, and addressed to the heads of all executive departments and agencies. The memo called for a complete inventory of devices and monitored via specifications set by CISA. Agencies have 30 days to designate a lead and 60 days to develop an implementation plan. The implementation deadline is the end of the fiscal year 2024.
Key elements of the new zero trust strategy include improved phishing defense through strong multifactor authentication, consolidation of agency identity systems, encrypting traffic and treating internal networks as untrusted, and strengthening application security to protect data better.
The EU moved as well. The European Systemic Risk Board (ESRB) proposed a new systemic cyber incident coordination framework that would allow EU relevant authorities to coordinate better when responding to major cross-border cyber incidents impacting the Union’s financial sector.
Why do we care?
Security changes are rolling out on both sides of the Atlantic. The federal government is moving at a pretty rapid clip to make changes. The guidance should be leveraged for implementations for private-sector implementations, as much expertise is going into planning. Use that material.