Zero Trust: In Depth

Presented by Fortinet Federal & GDIT

"Zero Trust: In Depth" is a comprehensive exploration of the zero trust security model within the federal government, featuring insights from government and industry leaders across three pivotal segments. Hosted by Francis Rose, the program highlights the significant strides and challenges in implementing zero trust architectures in agencies such as the Department of Homeland Security (DHS), Cybersecurity and Infrastructure Security Agency (CISA), Department of Defense (DoD), and the Department of Labor.

The discussions reveal a collective movement towards embracing zero trust as a fundamental principle for enhancing cybersecurity resilience across government operations. While the journey is marked by progress in areas like identity management and secure access, challenges such as vendor integration and the need for a shift in operational culture towards security-as-a-service remain prevalent.

This program underscores the importance of collaboration, innovation, and strategic planning in advancing zero trust implementations, aiming for a more secure, efficient, and adaptable federal cybersecurity infrastructure. Through the lens of zero trust, "Zero Trust: Depth" offers valuable perspectives on the evolving cybersecurity landscape, emphasizing the need for continuous adaptation and cooperation to safeguard national security and operational efficiency.

Zero Trust Journey at DHS and CISA: A Foundation for Cybersecurity

Featuring:

• Sean Connelly, Senior Cybersecurity Architect & TIC Program Manager, CISA
• Don Yeske, Director, National Security Cyber Division, DHS

In the first segment, host Francis Rose discusses the implementation of zero trust security models at the Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA). Sean Connelly and Don Yeske explore the varied stages of zero trust adoption across DHS's entities, comparing the journey to climbing Mount Everest. They emphasize the progress in identity management, device control, and network segmentation, underlining the executive order's impact on accelerating zero trust initiatives.

Key Takeaways:

1. Varied Adoption Levels: DHS's 23 components are at different stages of adopting zero trust, highlighting the complexity and diversity within the department.
   
   
2. Foundational Progress: Significant advancements in identity management, device control, and network segmentation have set a solid foundation for further zero trust implementation.
   
   
3. Climbing Mount Everest Analogy: The journey towards zero trust is likened to preparing for and climbing Mount Everest, emphasizing the need for acclimatization and continuous effort.
   
   
4. Evolution of the Zero Trust Maturity Model: The transition from version one to version two of the maturity model reflects the government's evolving understanding and implementation of zero trust principles.

Advancing Zero Trust from the Enterprise to the Edge in the DoD: A Collaborative and Innovative Approach

Featuring:

• Randy Resnick, Director, Zero Trust Portfolio Management Office, DoD
• John Sahlin, Vice President, Cyber Solutions, GDIT

The second segment focuses on the Department of Defense's (DoD) goal to implement a zero trust framework by fiscal year 2027. Randy Resnick and John Sahlin discuss moving away from traditional cybersecurity compliance towards outcome-based measures in achieving zero trust. The conversation highlights the importance of vendor collaboration and innovation in integrating diverse cybersecurity products into a coherent zero trust strategy, especially at the tactical edge.

Key Takeaways:

1. Outcome-Based Approach: DoD's shift towards defining desired security outcomes, allowing industry to innovate towards achieving these goals.
   
   
2. Vendor Collaboration: The necessity for vendors to collaborate in integrating their products to deliver comprehensive zero trust solutions.
   
   
3. Challenges at the Tactical Edge: Adapting zero trust principles for various operational settings, including disconnected environments, requires innovative solutions.
4. Broad Industry Engagement: The strategic engagement with federal, allied, and partner nations reflects the DoD's leadership in the zero trust space, encouraging a global approach to cybersecurity.

Zero Trust in Action: Navigating the Shift Towards Secure and Efficient Government IT Infrastructure

Featuring:

• Paul Blahusch, CISO, Dept of Labor
• Jim Richberg, Head of Cyber Policy, Fortinet & Fortinet Federal Board Member

In the final segment, Paul Blahusch and Jim Richberg discuss the Department of Labor's steps towards a zero trust architecture, emphasizing the acceleration post-executive order on cybersecurity. With a strong foundation in identity management, the department focuses on Secure Access Service Edge (SASE) solutions, aiming for full deployment by June 2024. The segment also addresses the broader acceptance and challenges of zero trust across the government and private sector, highlighting integration challenges and the need for industry collaboration.

Key Takeaways:

1. Early Focus on Identity Management: The Department of Labor's early emphasis on consolidating identity sources has provided a strong foundation for advancing towards zero trust.
2. SASE Solutions Deployment: The department's strategy includes deploying SASE solutions to enhance security and operational efficiency, with a significant milestone set for June 2024.
3. Integration Challenges: The anticipated stagnation in zero trust efforts due to vendor integration challenges underscores the need for industry-wide collaboration.
4. Impact of Remote Work: The COVID-19 pandemic and the shift to remote work have accelerated the adoption of zero trust principles, emphasizing the need for secure and efficient operations outside traditional office environments.