President Biden has directed the Federal government to develop new cybersecurity policies within two months.
The White House released a preliminary set of policies Wednesday which aim to reduce the risk of cyberattacks against critical infrastructures.
These policies assert a “zero trust” architecture and only grants authorization and access to parts of networks only for employees who need to connect to it in order to complete objectives. The architecture requires stronger identity and access controls, authentication and monitored inventory.
“In the face of increasingly sophisticated cyber threats, the Administration is taking decisive action to bolster the Federal Government’s cyber defenses,” expressed acting OMB director Shalanda Young in a statement. “This zero trust strategy is about ensuring the Federal Government leads by example, and it marks another key milestone in our efforts to repel attacks from those who would do the United States harm.”
The announcement at the White House was motivated by the risk and vulnerability of Log4j.
“As our adversaries continue to pursue innovative ways to breach our infrastructure, we must continue to fundamentally transform our approach to federal cybersecurity,” added CISA director Jen Easterly. “Zero trust is a key element of this effort to modernize and strengthen our defenses. CISA will continue to provide technical support and operational expertise to agencies as we strive to achieve a shared baseline of maturity.”