"Zero Trust Can't Stop at the Federal Level"

The White House's recent requirement for federal agencies to achieve a zero trust architecture is a great first step, but zero trust can't stop there.  The zero trust requirement is part of President Joe Biden's cyber plan and is directed to federal agencies, meaning that local and state leaders might dismiss it as irrelevant.  Security researchers are arguing that government leaders at all levels must implement their own form of zero trust to better protect us all.  Security researchers believe that there are critical steps the federal government needs to take before zero trust has any hope of moving beyond the federal level on a larger scale.  Firstly, the federal government needs to define zero trust and describe why it matters.   It needs to be made clear to local and state officials what zero trust is and why they should care.  This is especially true for those not in an information technology role.   Secondly, the federal government needs to clarify the zero trust implementation process.  The researchers stated that without clear guidance, how are local leaders supposed to know which guidelines and best practices work best for them and where to begin?  Lastly, the federal government needs to address the skills gap.  Security researchers believe that technical expertise and funding gaps at the local and state level need to be addressed.  Some researchers have already questioned whether the federal government can achieve the zero trust goal by the end of fiscal year 2024.  If it is a challenge at the federal level, there will be an even heavier burden on state and local entities, where cybersecurity preparedness varies significantly from jurisdiction to jurisdiction.  Security researchers also stated that local and state governments should move toward zero trust now, but the federal government needs to act to drive progress.

Dark Reading reports: "Zero Trust Can't Stop at the Federal Level"