In late 2020, the U.S. federal government publicly reported a major cyberattack. The incident is widely believed to be committed by Russian-sponsored group Berserk Bear. At the time, Senate Minority Whip Richard Durbin referred to the intrusion as “virtually a declaration of war.” It is considered one of the worst cyber-espionage events targeting the U.S. government. Malicious actors gained access to information pertaining to high profile targets for at least 8 months or longer. Not just affecting the U.S. government, the attack reached hundreds of organizations including universities, governments in Europe, and large private sector companies like Microsoft and Equifax.
Following this incident, the White House issued Executive Order (EO) 14028 in May 2021. The directive required federal agencies to abandon incremental improvements to data security and “make bold changes and significant investments in order to defend the vital institutions that underpin the American way of life.” For the most part, the executive order allowed federal agencies in the U.S. government to chart their own path into zero trust architecture (ZTA) by adhering to best practices within 90 days. EO 14028 set the stage for future requirements that would be more stringent and specific.
On January 26, 2022, the Office of Management and Budget (OMB) issued memorandum M-22-09. Building on the best practices delineated in EO 14028, this executive branch directive outlines requirements for achieving specific ZTA outcomes across the federal government’s agencies by the end of FY 2024. Relying on the zero trust maturity model developed by the Cybersecurity and Infrastructure Security Agency (CISA), the memo bases the overall strategy on CISA’s five complementary pillars of ZTA: Identity, Devices, Networks, Application and Workloads, and Data. Alongside that, the key themes of Visibility and Analytics, Automation and Orchestration, and Governance interconnect the pillars and the strategy.
M-22-09 spurred agencies throughout the federal government to adopt specific ZTA principles in their identity systems for staff, contractors, and even partners in the private sector to prevent future malicious attempts to gain access to their systems and data. Now, leaders and stakeholders in the federal government sphere are grappling with the charge of standing up a modern identity, credential, and access management (ICAM) based on ZTA security goals. In the end, the easiest way for cybersecurity threat actors to penetrate a system’s defenses is to obtain verified credentials and access the network accordingly. And once a threat actor gains access, the damages come with a massive price tag for the organization, its employees, and stakeholders.
Outside of the requirements placed by the federal government, even the private sector is experiencing an explosion in the cost of malicious intrusions. Around the world, the cost of these attacks is increasing every year – and even more so in the U.S. public and private sectors. Large organizations everywhere are dealing with the fallout of these costly incidents.
With the looming federal requirements and ballooning threat of intrusions into protected federal networks, it’s easy to see why most large organizations are moving to harden their ICAM solution for their enterprise system. Much of this concerns making a shift from perimeter-based security to the newer concept of zero trust architecture.
To learn more about what a modern ICAM solution looks like that incorporates ZTA principles, check out our whitepaper Identity, Credential, Access Management, and Zero Trust.
ABOUT IBSS
Since 1992, IBSS, a women-owned small business and Certified B Corporation, has provided transformational consulting services to the Federal defense, civilian, and commercial sectors. Our services include cybersecurity and enterprise information technology, environmental science and engineering (including oceans, coasts, climate, and weather), and professional management services.
Our approach is to serve our employees by investing in their growth and development. As a result, our employees bring greater capabilities and provide an exceptional level of service to our clients. In addition to creating career development opportunities for our employees, IBSS is passionate about giving back to the community and serving the environment. We strive to leave something better behind for the next generation.
We measure our success by the positive impact we have on our employees, clients, partners, and the communities we serve. Our tagline, Powered by Excellence, is a recognition of the employees that make up IBSS and ensures we deliver results with quality, applying industry best practices and certifications. Read more About Us.
