The White House announced on Wednesday new measures to boost cybersecurity within federal agencies following increased cyberattacks on private and public U.S. infrastructure.
According to a memo released by Shalanda YoungShalanda YoungOne year on, a critical role needs to be filled by the administrationBiden taps Shalanda Young to lead White House budget officeSenate panels advance Shalanda Young nomination for deputy OMB directorMORE, the acting director for the Office of Management and Budget (OMB), agencies will be transitioning to a “zero trust” approach that assumes no actor, system or network operating outside the security perimeter is to be trusted.
“Instead, we must verify anything and everything attempting to establish access,” the memo reads, calling it a “dramatic paradigm shift in philosophy of how we secure our infrastructure, networks, and data.”
This zero trust strategy is about ensuring the federal government leads by example, and it marks another key milestone in our efforts to repel attacks from those who would do the United States harm,” Young said in a statement.
The strategy is in line with President BidenJoe BidenDeputy AG: DOJ investigating fake Trump electors On The Money Vaccine-or-test mandate for businesses nixedWarner tests positive for breakthrough COVID-19 caseMORE’s executive order on improving the nation’s cybersecurity, which he signed in May after a major cyberattack crippled Colonial Pipelines, which transports nearly half of the fuel up the East Coast. A Russian group known as DarkSide secured a $4.4 million ransom after shutting the company’s operating system down, but the Department of Justice later recouped most of the money.
Others major cyberattacks in the past year include the targeting of meat-packing processor JBS USA and the stock-trading platform Robinhood. Chinese hackers also gained sensitive information from U.S. defense and technology firms in November and December, according to the Center for Strategic and International Studies.
OMB warned that a piece of software called Log4j is being exploited by hackers, creating “sophisticated” new threats to governments and companies. Log4j is commonly used in consumer services but can be exploited to take control of a system, the Cybersecurity and Infrastructure Security Agency says.
The zero trust strategy will give agencies an increased ability to detect and isolate threats, OMB said. According to the memo, agencies will have 30 days from Wednesday to design a zero-trust strategy initiative.
This strategy is a major step in our efforts to build a defensible and coherent approach to our federal cyber defenses, said National Cyber Director Christopher Inglis in a statement.