Cybersecurity Awareness Month: Zero Trust Security and Insider Threats

From a cybersecurity standpoint treating every user like a potential threat, continually verifying their identity as they move through a network, and restricting their privileges to access any resources that aren’t essential to their role.

Following the SolarWinds attack in December of 2020  – and the Colonial Pipeline attack 5 months later – the government has been working overtime to stem the tide of threats to America’s national security. In May 2021, the White House issued Executive Order (EO) 14028, with a long list of reforms intended to strengthen cybersecurity across federal agencies.

Now, some of those reforms are well underway: in September, the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) released documents outlining a “zero trust security architecture,” and agencies have until 2024 to comply. But will it have any impact on facility security officers (FSOs)?

For Cybersecurity Awareness Month, we’re taking a look at the government’s new zero trust security initiative, and its promising potential to help FSOs fight a major risk to cleared facilities: insider threats.

Explaining Zero Trust Security

The basic philosophy of “zero trust” is summed up by Federal Chief Information Officer (CIO) Clare Martorana: “never trust, always verify”. From a cybersecurity standpoint, this means treating every user like a potential threat, continually verifying their identity as they move through a network, and restricting their privileges to access any resources that aren’t essential to their role.

FSOs can easily understand the concept of zero trust – they apply it every time they check in a visitor, process an incident report for cleared personnel, or collect the travel itinerary for employees going overseas. But today, most organizations do not apply this principle to cybersecurity: not even federal agencies.

That’s about to change, thanks to a draft published by the OMB in September 2021 which requires all federal agencies to meet certain zero trust security goals by 2024. Among other things, these goals include:

  • Issue an agency-wide identity to access work applications
  • Apply a phishing-resistant, multifactor authentication standard
  • Continually monitor and maintain a complete inventory of all authorized devices
  • Encrypt all DNS requests and HTTP traffic originating within their network environment
  • Treat all applications as Internet-connect and regularly subject them to rigorous testing

For guidance, CISA has released two additional documents: a draft technical reference architecture and Zero-Trust Maturity Model (ZTMM). But while this model is intended for federal agencies, it could be useful to contractors and private organizations as well.

Zero Trust and Insider Threats

Insider threats have been a major risk to cleared facilities for many years: FSOs are required to maintain an Insider Threat Program (ITP), and monitor cleared personnel for foreign or suspicious contacts under SEAD 3. Ultimately, insiders are in a position to harm their organization, and – whether on purpose or on accident – they often do.

From 2018 to 2020, the number of insider incidents increased by 47%, impacting 34% of businesses every year. That number is likely higher for federal contractors, who are often targeted by foreign actors seeking access to sensitive information: either way, the problem is growing worse with time.

Zero trust models can help to prevent insider threats in obvious ways: continual validation prevents non-trusted insiders from accessing protected devices, while restricted privileges prevent trusted users from accessing resources that they shouldn’t. In addition to these basic benefits, there are three others:

  1. Advanced insider threat detection: the device inventory and monitoring required by ZTMM provides constant data on usage which can be analyzed to reveal compromising patterns of behavior.
  2. Prevent recruitment: an increasing number of malicious insiders are targeted and groomed from the outside, which may begin with cyber activity aimed at reconnaissance and employee profiling. Zero trust security makes it harder for attackers to penetrate your organization.
  3. Avert negligent behavior: continual validation and multifactor authentication make it harder to commit disastrous user errors that account for a significant portion of insider threats (i.e, “negligent” insiders).

Ultimately, by shifting the focus of cybersecurity from the perimeter of an organization to its own internal networks and applications, zero trust models reduce the chance of compromise from both the inside and outside. In many ways, it is the ideal cybersecurity paradigm for cleared facilities.

The Need for Collaboration

In a past blog post, we talked about the shrinking boundaries between physical and digital security. As in so many other cases, these two domains – which are completely separate in theory – are increasingly intersecting. Today, cybersecurity supports facility security and vice versa.

As federal contractors face rising threats on both the inside and outside, FSOs have a chance to collaborate with the CSOs, CISOs, and other cybersecurity personnel in their organization on a shared mission. While zero trust security is neither a magical cure for cybersecurity nor facility security threats, it does provide a crucial bridge between them.

In 2021, the DCSA advanced the Trusted Workforce 2.0 program, implementing a new system of record for security clearances (DISS) and a continuous evaluation (CE) program that monitors cleared personnel for signs of compromise. Together with zero trust security, CE embodies the philosophy of “never trust, always verify,” ensuring that both federal employees and networks are always protected.

Choose MathCraft

The latest version of Access Commander includes critical functionality to help FSOs collaborate with other executives, prevent threat incidents and promote a culture of cybersecurity from the top-down.

  • Understand and identify insider threats with the Advanced Insider Threat Analysis
  • Share information through role-based dashboards and integration with Portal Commander
  • Implement training programs and track progress with the Training and Conference Management module
  • Track security incidents, suspicious contacts, foreign travel, and more

Want to learn more? Contact us today for a free demo!