The Biden administration’s recent announcement of Executive Order 14028 outlined a series of cybersecurity-related guidelines for federal civilian agencies and technology partners. The EO called for “bold changes and significant investments” to bolster the nation’s cybersecurity posture in the wake of recent cyber attacks targeting Microsoft Exchange Server users, SolarWinds, Colonial Pipeline, and other entities.
Following the announcement of the EO, Virtru jointly hosted an executive roundtable and webinar with the Atlantic Council’s GeoTech Center to provide insights and practical recommendations for federal cybersecurity leaders, as well as state and local government entities. Below are highlights from the two-hour event: Part 1, the Executive Roundtable, and Part 2, the Zero Trust webinar.
Part 1: Executive Roundtable
The executive panel featured experts with extensive experience in managing cybersecurity for federal government, including:
- Matthew T. Cornelius, Executive Director, Alliance for Digital Innovation
- Joseph Klimavicz, Managing Director, KPMG US
- Essye Miller, CEO, Executive Business Management LL; Principal, Pallas Advisors
- Renee Wynn, CEO, RP Wynn Consulting LLC; Cybersecurity and Leadership Consultant, The Charles F. Bolden Group
Virtru’s Co-Founder and CEO, John Ackerly, opened the panel, and David Bray, PhD, Director of Atlantic Council’s GeoTech Center, moderated the discussion.
The discussion emphasized the importance of the public and private sectors working closely together to advance cybersecurity initiatives and protect data across government entities. “This is really about making sure information that should have confidentiality, integrity, and availability is done so appropriately, for the right purposes, in both the public and the private sectors,” Bray said as he opened the panel.
The Opportunities and Challenges of the EO
The panel first addressed the landscape that sparked the need for the EO. “Hackers, [with] every ransom payment, get better technology and launch more attacks. They only need to find one or two critical vulnerabilities in our defenses, and they’re in. We’ve got to protect this incredibly large attack surface,” said Klimavicz.
“I think it’s beneficial that this builds upon the previous EOs that were released, so it’s not as if we’re starting something new,” said Miller. “The big takeaway for me is that it recognizes that protecting the nation requires more than just government input. This has to be a partnership between government and industry, and I think the EO shines a light on the need for that partnership and information sharing.”
“Why should we set the bar higher for working with the federal government? Because, in the end, the federal government is supposed to work for you and, in its way, protect democracy, and certainly the first ten amendments called the Bill of Rights,” said Wynn. One of the things Wynn appreciated about the EO is that it included dates, responsible parties, and a phased approach that builds on previous actions. “It showed the progression of what needs to happen in order to convert an executive order into action.”
Cornelius, formerly a senior advisor at the Office of Management and Budget, noted that, while the EO creates many opportunities for advancing public- and private-sector collaboration, there will likely be resource challenges in supporting such a broad range of initiatives. “There are no additional resources for doing any of this,” he noted. “This is a mountain of commitments and requirements for agencies, both operationally… as well as all the other agencies that are going to be downstream of all these near-term 30-, 60-, 90-day deadlines to implement new guidance, new directives, new architectures, taking those plans for Zero Trust… and making those a reality within the constraints of the normal budget and appropriations cycle.”
Watch the full panel discussion below to gain insights from this executive discussion.
Part 2: Zero Trust Webinar
In the second half of the event, Virtru’s Manager of Federal Customer Success, Connie LaSalle, presented the key elements of Zero Trust architecture, including why Zero Trust solutions are necessary in today’s cybersecurity environment, the key elements of Zero Trust strategy, and how those principles can be implemented.
Why Zero Trust is the Path Forward
LaSalle illustrated the problems surrounding perimeter-based security, the data lifecycle, traditional file-level data labeling and classification methods, and data silos. She explained why previous efforts to solve many of these challenges—while generating incremental progress—have not been wholly successful.
Moving forward, several recent government-issued documents have made it clear that Zero Trust methodologies create a stronger security posture that more effectively addresses these problems. “EO 14028 is the latest, but not the only, guiding document of a series of documents that have been released in the last six months indicating a unified, or at least common, path for U.S. federal government,” LaSalle said. “A data-centric approach to enterprise operations and risk management, predicated on Zero Trust and strong identity, has to be the way forward.”
Zero Trust in Action
Virtru’s Co-Founder and CTO, Will Ackerly, provided insights into what Zero Trust looks like in practice, beginning with a focus on the full data life cycle. By protecting the data itself, and ensuring Zero Trust investments follow the data wherever it’s shared, government entities can amplify productivity and increase mission success while ensuring data is safeguarded, only accessible to the intended recipients.
“How do we slow the friction and increase the fidelity of data sharing to produce better mission outcomes, more effectiveness, efficiency, and security? As it’s externally stored, are those Zero Trust investments going to be following with the data?” asked Ackerly. “If the answer is ‘yes,’ we make the argument that you can reduce the risks associated with externally sharing. You may then see increased data sharing and increased mission effectiveness. Part of the lifecycle and closing that loop and creating a virtuous cycle is not just being able to share that information, but being able to govern the way that data is used and analyzed. You’re going to be deriving new insights, and you’re going to be taking action based on those insights.”
Ackerly provided demonstrations of data-centric Zero Trust workflows in action, including a walk-through of cloud-based email encryption and persistent file protection, a proof-of-concept on multi-level document redaction leveraging Virtru’s Trusted Data Format, and sharing and analyzing sensitive data across organizations.
You can watch the full Zero Trust webinar and demonstration here.
If your organization or government agency is examining how to advance its Zero Trust cybersecurity and data protection strategy, Virtru can help you achieve your objectives. Contact Virtru’s Federal Team to start the conversation today.