Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

The ‘new normal’ marks the best time to implement zero trust security

Wednesday, June 17, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

Who can be trusted in a global pandemic? The safe answer is no one.

A dramatic culture change has altered the way nearly everyone on the planet is working, as nations seek to institute social distancing policies and massive organizations look to implement remote-friendly environments. Government employees and contractors are now logging into systems and accessing sensitive data from personal devices. As such, a critical question has arisen: are all endpoints secure to mitigate these new access patterns?

Adversaries around the world are keenly aware of these challenges and are already acting to take advantage of the strain. Further, we have determined with high confidence that phishing campaigns will likely make use of lures aligned with health guidance, containment and infection-rate news.

Government agencies face a surge of threats perpetrated against an unplanned remote workforce. It’s a “new normal” that could last for months or even until 2021 and requires swift action. Previously, many in the public sector might have believed that the idea of implementing “zero trust authority” was simply a new buzz phrase to be implemented sometime in the future, but with a changing cyber landscape, implementation should be an immediate priority.

What is Zero Trust?

Zero Trust Architectures (ZTA) are a holistic approach to a contextual-based security architecture for protecting all customers’ computer assets, applications and data, regardless of who or where the user is, or where assets are located. The fundamental concept is “don’t trust anybody or anything operating inside or outside your network at any time.''

To use Zero Trust successfully, organizations must be able to continuously validate, with confidence, that both the user and the endpoint/mobile/cloud workloads have the right identity, privileges and attributes for access. Zero Trust takes into account continuous, real-time attributes encompassing user identity, organizations’ associations, endpoints, networks and more before allowing or maintaining user access to an organization’s networks, applications and data. In the Zero Trust world, the concept of inside or outside of the customer’s network does not exist. Since threats and security posture attributes are temporal by nature, attribute collection and selection of who gets access to what must be a continuous, near real-time process.

Government and Zero Trust

Adoption of such transformative technology can be intimidating, but crucial initial steps are already being made in government.

Since 2018, the National Institute of Standards and Technology and the National Cybersecurity Center of Excellence have been working closely with the Federal Chief Information Officer Council and other federal agencies to address the need for Zero Trust Architectures. Events, such as the Zero Trust Architecture Technical Exchange Meeting, hosted by these organizations with the purpose of bringing together industry and government to discuss Zero Trust, are imperative to the acceptance and adoption of the model throughout the federal space.

Due in part to these events and actions taken by organizations such as NIST, an increasing number of government agencies have begun to adopt the Zero Trust security model in an effort to better protect their sensitive networks and move away from outdated processes. I expect — and hope — to see increased adoption in this critical time our government’s data are as vulnerable as ever.

The right implementation

All security frameworks trusted by the government - from the U.S. NIST CyberSecurity Framework to the more global in nature U.S. DOD Cybersecurity Maturity Model Certification or the U.S. NIST Zero Trust Architectures Frameworks - start with identifying the computer assets you are protecting (remote, local, or in the cloud) and protecting what they are connected to. Smart agencies will consider these four steps when rapidly implementing an iterative ZTA roll out to support the reality of the New Normal:

1. Leverage cloud native solutions to support the surge and continued remote workload growth and an API-first approach to enable easier integration and for automation to be more cost-effective.

2. Know who or what is remotely or locally connecting to your business assets. These are typically endpoints (mobile, laptops, desktops, cloud) that require continuous understanding of their security posture (prevention, detection), and having the ability to perform remote surgical incident response and support as needed.

3. Use a common multi factor identity management and access solutions integrated into your DevOps and on board / off boarding human resources process.

4. Actively hunt across all your workloads, endpoints and networks as adversaries will continue to evolve.

While the COVID-19 pandemic has presented an immediate need for swift action, government agencies should always be prepared for the unexpected and do everything in their power to protect their critical networks, data and endpoints. As adversaries will continue to evolve and adapt to benefit from any circumstance, the public sector in response must adopt secure and modern practices to stay one step ahead and protect the nation’s most secure information.

Let’s make the “new normal” a more secure environment - and rebuild trust from the ground up.

Photo: As adversaries will continue to evolve and adapt to benefit from any circumstance, including telework, the public sector in response must adopt secure and modern practices to stay one step ahead and protect the nation’s most secure information. (eclipse_images/Getty Images)

Link: https://www.fifthdomain.com/opinion/2020/06/08/the-new-normal-is-the-best-time-to-implement-zero-trust-security/?utm_source=Sailthru&utm_medium=email&utm_campaign=Fifth%20Daily%206.17&utm_term=Editorial%20-%20Daily%20Brief

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.