-
中国政府正在测试绕过美国政府 "零信任 "网络安全模式的能力,该模式是国防部和白宫的一个优先事项。一份泄露的机密文件指出,中国人民解放军有可能在未来五年内进入受该模式保护的一些网络。该文件被标记为最高机密,来自敏感的信号情报。
-
零信任模式要求用户身份验证,限制访问,并假设攻击者已经攻破了一个网络。拜登总统提出的2024年预算没有明确规定该模式的支出金额,但它将花费数十亿美元。目前还不清楚中国将如何具体测试网络能力以突破防御系统。国防部正在不断测试防御系统,到目前为止,这些防御系统保持得很好。
-
国防部在11月公布了其第一个零信任战略,为在2027年之前实现目标水平提供了切实的指导。SolarWinds的违规事件凸显了该模式的重要性,该模式为应对高级持续性威胁和内部威胁做好了准备。
-
国防部已在未来五年内拨款15亿至20亿美元用于实施零信任安全战略。仅陆军2024财年的要求就是4.39亿美元,并且已经成立了一个零信任组合管理办公室来管理预算。自动化是一个重点领域,目标是将人从方程式中剔除,训练环境寻找异常行为并自动做出反应。
-
拜登总统在2021年签署了一项行政命令,开始在联邦机构实施零信任,OMB在2022年1月发布了一项战略。网络安全和基础设施安全局在2021年5月为各机构发布了一份关于零信任的路线图。政府问责局指出了将各种工具整合到现有系统中的挑战以及绕过安全措施的风险。
-
网络安全公司Illumio的联邦领域首席技术官Gary Barlet指出,没有安全系统是完美的。虽然零信任的实施正在进行中,但国防部和各机构正在寻求加快这一进程,以确保安全环境"。
-
China’s government is testing capabilities to get around the U.S. government’s “zero trust” cybersecurity model, which is a priority for the Defense Department and White House. A leaked classified document states that the People’s Liberation Army is likely to access some of the networks protected by the model within the next five years. The document is marked as top-secret and came from sensitive signals intelligence.
-
The zero trust model requires user identity verification, limits access, and assumes attackers have already breached a network. President Biden’s proposed 2024 budget does not specify a spending amount for the model, but it will cost billions of dollars. It is not clear how China will specifically test cyber capabilities to breach the defenses. The Defense Department is constantly testing the defenses, which have held up well so far.
-
The Defense Department published its first zero-trust strategy in November, which provides tangible guidance for achieving the target level by 2027. The breach of SolarWinds has highlighted the importance of the model, which is well-postured to tackle advanced persistent threats and insider threats.
-
The Department of Defense has allocated between $1.5 billion and $2 billion over the next five years to implement a zero-trust security strategy. The Army’s fiscal year 2024 request alone is $439 million and a Zero Trust Portfolio Management Office has been set up to manage the budget. Automation is an area of focus, with the goal of taking the human out of the equation and training the environment to look for anomalous behavior and react automatically.
-
President Biden signed an executive order in 2021 to begin implementing zero trust in federal agencies and the OMB published a strategy in January 2022. The Cybersecurity and Infrastructure Security Agency published a road map for agencies on zero trust in May 2021. The Government Accountability Office identified the challenge of integrating various tools into an existing system and the risk of bypassing security measures.
-
Gary Barlet, federal field chief technology officer for cybersecurity company Illumio, noted that no security system is perfect. While the implementation of zero trust is on track, the DOD and agencies are looking to speed up the process to ensure a secure environment."