Officials from the Department of Education (DOE) and the Cybersecurity and Infrastructure Security Agency (CISA) discussed their agencies’ progress on the migration to zero trust security architectures at MeriTalk’s Cyber Central in Washington, D.C.
Wayne Rodgers, zero trust lead at the Education Department, discussed the roadmap that the agency has adopted, and how they have been making progress to achieve goals.
“The roadmap that we developed when I first came into the agency last year really mapped out the new capabilities that we’ve now since deployed,” Rodgers said. “So all systems are behind the policy enforcement at SASE [and], all users have SASE agents in order to get to the systems.”
He also said the Education Department has ramping up its use of multifactor authentication (MFA) on the agency’s systems. “If you don’t have strong phishing-resistant MFA, that’s probably the place to start,” he advised. “For us, we’re looking to achieve a minimum 90 percent of all systems to be efficiently MFA.”
And Rodgers talked about efforts to boost some of the fundamentals of good cyber hygiene like requiring stronger passwords. “You cannot achieve zero trust now without basic cyber hygiene – 90 percent of attacks were on users with older passwords like I said before,” he said.
During the same panel discussion Matt House, program manager for CISA’s Continuous Diagnostics and Mitigation (CDM) program, discussed how CISA has been working to help Federal agencies on their zero trust journeys with technology upgrades.
“One of the things that we’re keenly interested in is working with agencies on how they can integrate some of those modernization plans into their zero trust journey,” House said.