Zero-Trust Adoption Across Government
Fortinet News, Wednesday, April 24th, 2024
At federal agencies, the COVID-19 pandemic and the shift to remote work in conjunction with Executive Order (EO) 14028 in 2021 accelerated the adoption of zero-trust principles, emphasizing the need for secure and efficient operations outside traditional office environments. Although the zero-trust security paradigm had been discussed and partially implemented in organizations before 2021, the EO was the catalyst for agencies to take systematic action.
While the government had been aware of the various risks to the integrity of the software supply chain for many years, the massive SolarWinds compromise in late 2020 was a wake-up call. A Remote Access Trojan attributed to a nation-state advanced persistent threat actor infected source code in a popular IT management product and compromised fewer than 100 networks in both the federal government and private sector companies, including critical infrastructure providers. At many agencies, people started looking at zero-trust architectural philosophies more seriously, realizing that the traditional 'castle and moat' approach of keeping malicious actors out and implicitly trusting everyone inside the network perimeter was a fallacy.