Clay Goldwein, senior vice president of national security and justice at CGI Federal, recently spoke with ExecutiveBiz about the difficulties of implementing zero-trust architectures as well as the challenges of data security and cyber hygiene as artificial intelligence and other emerging technologies continue to impact the federal sector during the latest Executive Spotlight interview.
You can read the full Executive Spotlight interview with Clay Goldwein below:
ExecutiveBiz: With zero-trust technology becoming a major focal point, what can you tell us about the difficulties of implementing zero-trust architectures in the federal government focused on data security?
Clay Goldwein: “First, there’s no single technology that’s going to provide an agency with zero trust. A zero trust framework requires a combination of integrated technologies and processes.
In order to implement this framework effectively and without roadblocks, agencies need to understand the way that their resources are used. Specifically, they need to identify what access is appropriate and what is not appropriate. Once the access patterns are defined, then those policies become the basis for implementing zero trust.
The implementation is a big undertaking and best seen as a journey. It is recommended that the agency start with the data that is most important to protect, such as high value assets. As a zero trust model is built around these high value assets, the implementation can be expanded. This process continues until all assets are covered.
As a services provider, one of the challenges we face is that agencies can be apprehensive about starting the process. They are concerned that implementing a zero trust architecture will be disruptive to their day-to-day operations, impacting productivity.
Agencies can minimize the potential for disruption by taking an incremental approach to implementing a Zero Trust Architecture. For example, a schedule can be designed to pause between initiatives, allowing for confirmation that the intended outcome was delivered before planning the next phase.”
ExecutiveBiz: What do you see as the most critical challenges facing those in the federal sector as cybersecurity breaches continue to increase and cyber hygiene becomes even more of a necessity in securing federal assets?
Clay Goldwein: “Cyber hygiene has always been a necessity at the federal government. But if it is not a funded priority at an agency, then the critical challenge comes down to balancing the budget with the ability to effectively support and enhance cyber hygiene programs.
Federal mandates are constantly evolving. Most agencies will tell you that they don’t receive enough funds to support these mandates. Similarly, their employees are juggling a number of priorities, so they are forced to make decisions on how to spend their time, not just their funding.
Having proper security hygiene prevents a lot of problems. For example, everyone has a front door to their home. And if you don’t do anything, if you don’t lock it, the door will still keep out wind and rain. But if you lock the door when you leave, that will keep out people that shouldn’t be there. If you install an alarm, you can let people who you know into the house, or be alerted if your house is broken into and immediately engage the police.
Doors, locks and alarms don’t necessarily prevent everything bad from happening, but they prevent a lot of bad things from occurring. Cyber hygiene is the same way.
If every agency followed every recommended security requirement, they would all be much more secure than agencies are today. However, the reality is that there’s only so much time, so much effort, and so much money available to effectively implement all of these measures. Additionally, some of the activities can be much more complex than they would first appear.
For example, sometimes an agency can’t apply patches to certain computers because the patches would break an application. Typically, this application is older and needs to be upgraded or replaced in order to fully address the security mandates, but modernization is a big effort and requires scarce resources.
One of our customers’ senior engineers has a tagline in his email that says, “Don’t let perfect be the enemy of good.” A lot of agencies want to have the perfect strategy, the perfect approach and the perfect set of tools. But, you have to start somewhere. Because once you do, everything becomes more secure incrementally.”
ExecutiveBiz: With the federal government embracing artificial intelligence and machine learning, what has impressed you the most about the technology’s capabilities to improve decision making in the federal sector? How can AI be used to address some of the biggest challenges you’re facing with the federal government?
Clay Goldwein: “AI and ML have certainly come a long way and right now I think of the advancements as making major improvements in cybersecurity. For example, in the past, security analysts looked for traditional breaches through observance of standard signatures in exploits.
But now with AI and ML, we have tools that are proactively looking for the characteristic behavior of risks such as zero-day malware. Instead of waiting for traditional antivirus tools to be updated to scan for specific exploits and vulnerabilities, AI/ML can watch and adapt to identify the actual end result of that behavior, and take appropriate actions before the malware can further spread or damage systems and networks.
People tend to talk about ML as if it’s really fancy, but it can be quite practical. It is used to automate repetitive tasks to maximize productivity and reduce the chance of human error. For example, in a managed security environment, ML can automate the categorization and escalation of incoming alerts to reduce the time to response for security analysts, who might have been monitoring six screens for 12 hours.
At least in the shorter term, that’s the kind of ML that will have the biggest impact.
At the beginning of an ML implementation, it is necessary to put in extra effort to tune the ML to filter out the “noise,” identify what to look for, what to accomplish. Ultimately ML will save work and increase the effectiveness of the operational support processes.
ExecutiveBiz: In recent years, what are some of the biggest improvements you’ve seen in the way we talk and think about innovation across the federal sector since the rise of cybersecurity and other emerging technologies?
Clay Goldwein: “A recent major impetus for innovation in the federal sector has been COVID-19 and how it really has changed the way we think about the workplace. The different workplace has caused us to rethink what needs to be secured from a cyber-perspective.
The pandemic has completely upended the traditional definition of the “enterprise network” as it has expanded into our homes, into coffee shops, etc. With 5G networks, it just becomes even easier to work remotely, and these remote workplaces all introduce new vectors of attack that need to be considered when protecting the enterprise.
We’re now seeing major improvements and innovations in infrastructure and technologies to ensure that we can be productive in this new environment, but also a whole new set of assets and a whole new set of locations that need to be secured.
For example, CGI manages a shared services security platform for over 50 federal agencies. The traditional method for securing the agencies’ access to the platform is to lock down access to specific locations and devices.
With the new work locations now being dispersed and government employees working remotely, we have to consider a different ecosystem. We have implemented advanced dynamic firewall and filtering technologies, as well as continuous authorization models in a zero trust model to enable continuous access through remote locations through a diverse array of devices.
In particular, for mobile devices, it is important to ensure that security tools are requiring zero trust policies to continuously validate the authentication and authorization of both the devices and the users.
5G unlocks the possibilities of remote sensors, IoT devices, and mobile devices, vastly increasing the threat vectors, the amount of data and the asset information to be monitored and managed. With the pandemic, we’ve seen a major increase in the adoption of cloud-based SaaS cybersecurity providers, who have rapidly enhanced their capabilities around asset management, endpoint protection and zero trust enforcement.
With all of the new methods and mechanisms for accessing sensitive data and systems, the risk of an exploit or an insider threat increases exponentially, and it becomes more difficult to sift through the “noise” generated by these SaaS tools to identify and block active attacks.
Applying AI/ML to automate the identification and escalation of incidents allows us for ingestion and processing of vast amounts of data intelligently and much more quickly than via traditional methods.”