With President Trump taking office soon after China-backed actors hacked the US Treasury and several telecommunications companies, cybersecurity is an immediate and pressing national security priority for the new administration.
Despite President Biden’s extensive efforts to bolster America’s digital defenses, the recurring cyber-attacks and intrusions conducted by cybercriminals and nation-state-linked threat groups over the last several years demonstrate that US systems remain highly vulnerable. As geopolitical tensions increase, such attacks will only become more frequent and sophisticated.
However, other than vowing to go on the cyber-offense against Beijing and disbanding the Cyber Safety Review Board (CSRB), which investigates major cyber incidents and makes recommendations to improve cybersecurity across the public and private sectors, the White House has not revealed much else about its plan to address these escalating cyber threats. Also uncertain is which elements of Team Biden’s approach to cybersecurity the new administration will continue to uphold.
One of the Biden administration’s crucial cybersecurity initiatives that President Trump must carry forward is the effort to promote Zero Trust Architecture (ZTA) across the nation. Whereas conventional, “perimeter-based” security models treat communication within a network boundary as inherently trustworthy, zero trust frameworks adhere to the principle of “never trust, always verify” and continuously authenticate, authorize and validate all entities inside and outside of a network environment.
Moving to ZTA can make digital systems significantly more resilient against malicious cyber actors and drastically reduce the severity and cost of cyber incidents. For instance, while the exact details of the recent Treasury Department hacks have not been revealed, the agency disclosed that adversaries were able to gain access to a remote key used to secure a cloud-based service, and then use that key to access unclassified documents and workstations.
Such lateral movement by an adversary is exactly what ZTA is intended to restrict or prevent altogether.
Current Federal Government Zero Trust Implementation Efforts
Under the Biden administration, many federal agencies made considerable progress towards the zero trust deadlines set in the Office of Management and Budget’s (OMB) memorandum M-22-09, and several state and local governments have embraced zero trust models as well. Likewise, organizations in the private sector across various industries have reported increases in their zero trust budgets and continued growth in zero trust initiatives.
Additionally, major software vendors and cloud service providers have endorsed and drawn inspiration from the zero trust guidelines laid out by the Cybersecurity and Infrastructure Security Agency (CISA), National Institute of Standards and Technology (NIST), and other agencies.
Nonetheless, these efforts are far from complete. According to Mike Duffy, the former acting federal CISO, the federal government still needs to undertake “longer-term technology transformation” efforts to build more mature and defensible architectures.
Moreover, according to an analysis by the Center for Strategic and International Studies (CSIS), federal agencies have experienced several barriers to zero trust implementation, such as costs and budgetary constraints, outdated technology and legacy systems, unclear policies and guidance, and lack of urgency and behavioral friction.
Critical infrastructure owners and private companies have also faced similar challenges on their zero trust journeys. Here, President Trump can play a transformative role in making the US digital landscape more resilient and secure by empowering the public and private sectors to overcome these obstacles.
How the Trump Administration Can Boost Zero Trust Uptake
The White House should establish newer and more ambitious ZTA milestones to catalyze agencies’ transition to the next stages of zero trust adoption. Trump’s cybersecurity team should also provide more specific guidance on ZTA implementation and delineate clearer roles for the various entities – CISA, the National Security Agency (NSA), and Office of the National Cyber Directorate (ONCD) – overseeing the federal government’s ZTA migration efforts.
Additionally, by setting deadlines for agencies and departments to replace legacy platforms and migrate applications to the cloud, the administration can expedite government cloud adoption, which is an important prerequisite for leveraging enhanced security frameworks like zero trust.
While Trump 2.0 is expected to reject Biden’s approach of leveraging regulations and liability enforcement on software companies to incentive security, the new administration nonetheless has several other opportunities to positively shape the zero trust trajectories of the private sector.
Expanding public-private cybersecurity collaboration beyond threat intelligence and incident response to also emphasize ZTA adoption is one option in Team Trump’s playbook. Moreover, successful ZTA implementation by the government can serve as a model for businesses. Cybersecurity teams and CISOs in private companies often use the federal government’s zero trust reference architectures and maturity models as North Stars for their cybersecurity roadmaps.
Newer and more diverse partnerships can enable agencies like CISA and NIST to establish additional zero trust blueprints that are more specific to various industries and critical infrastructure sectors, which would help organizations struggling with more ambiguous guidelines.
To be sure, President Trump should still incorporate offensive cyber operations and “defending forward” in its cybersecurity strategy, just as he was successfully able to do against US adversaries during his first term. However, the White House must not operate on the assumption that cyber incidents can be prevented altogether, especially with cybercriminals and state-sponsored APT actors conducting more sophisticated, AI-enabled operations.
Most importantly, while the new administration’s cybersecurity officials are expected to give CISA a narrower focus, they must ensure that federal agencies have sufficient authorities and funding to achieve their ZTA objectives.
By accelerating the country’s progress on zero trust security, President Trump can significantly strengthen America’s resilience against the proliferating threats in the global cyber landscape.
The opinions expressed in the article are solely the author's.
Image credit: Evan El-Amin / Shutterstock.com