The nation’s increasingly complex computing environment constantly withstands ever-evolving attempts to hijack data resources, compromising sensitive information. In 2020 and 2021, ransomware attacks on SolarWinds’s Orion software and Colonial Pipeline’s billing infrastructure exposed significant security weaknesses in the government’s software supply chain, impacting private and federal computer systems.
To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order 14028, Improving the Nation’s Cybersecurity, “to ensure baseline security practices are in place, to migrate the federal government to a ‘Zero Trust Architecture,’ and to realize the security benefits of cloud-based infrastructure while mitigating associated risks.”
Guarding VA’s network is a priority for the Office of Information and Technology, and we are establishing a clear Zero Trust Architecture security strategy. We are identifying and executing a strong, risk-based roadmap to implement the critical pillars of this strategy by:
- Enforcing strong verification of users.
- Ensuring all connecting devices are healthy.
- Using rich telemetry and advanced algorithms to detect attacks, and to isolate and remediate potentially impacted resources.
- Enforcing least-privileged access.
- Protecting sensitive VA data as an alternative line of defense.
- Assuring the health of our IT supply chain by enforcing strict security requirements on our third-party software and service providers.
- Assuming and planning for VA network breaches… Read the full article here.