Cybersecurity
Labor Department moves toward zero trust
The Department of Labor was forced to go back to the drawing board and develop a new implementation strategy around zero trust after the White House released its cybersecurity executive order in May, according to the agency's Chief Information Security Officer Paul Blahusch.
Blahusch provided details at FCW's cybersecurity workshop on Wednesday about how the Labor Department quickly began reorganizing to accommodate the order's aggressive deadlines, including the goal of developing an agencywide plan for zero-trust architecture and implementation within 60 days.
"We had our work cut out for us," he said. "We couldn't have people just doing it in their spare time. We need a dedicated team."
Blahusch recruited a team to begin assessing the agency's cyber posture and to determine what it would take to ultimately achieve zero trust, enlisting at least six officials from within the Labor Department and its network of contractors to focus on the project.
The team proposed 21 strategic initiatives -- complete with detailed timelines -- after interviewing agency officials who worked on IT, analyzing potential weaknesses and identifying seven zero-trust components: device, network, data, analytics, microsegmentation, penetration testing and workload protection. Its initiatives were all designed with the intention of closing the gap between the agency's current cyber posture around zero trust and the target state the administration outlined in its executive order this summer, Blahusch said.
Many of the Labor's zero-trust cyber initiatives were included in a project proposal it recently submitted to the Technology Modernization Fund. The TMF Board has called for agencies to send in ..
Support the originator by clicking the read the rest link below.
