White House instructs government agencies to beef up cybersecurity, adopt ‘zero trust’ in new memo

Illustration by Alex Castro / The Verge

The White House released a new strategy to reduce the risk of cyberattacks.

The strategy outlines the administration's vision for moving government agencies towards a zero trust architecture for cybersecurity.

The key document was published as a memo from the OMB, the administration's policy arm, and addressed to the heads of all executive departments and agencies.

The implementation of stronger enterprise identity and access controls will be required in order to shift towards a zero trust architecture. Agencies were told to aim for a complete inventory of every device authorized and operated for official business, to be monitored according to specifications set by the Cybersecurity and Infrastructure Security Agency.

In the face of increasingly sophisticated cyber threats, the Administration is taking decisive action to bolster the Federal Government's cyber defenses.

The Log4j security vulnerability was cited by the White House as evidence that adversaries will continue to find new opportunities. Government agencies were told to patch vulnerable assets or take other measures. The FTC warned companies in the private sector to take precautions to avoid legal action for putting consumers at risk.

As our adversaries continue to pursue innovative ways to breach our infrastructure, we must continue to fundamentally transform our approach to federal cybersecurity. As we strive to achieve a shared baseline of maturity, we will continue to provide technical support and operational expertise to agencies.

An initial draft of the strategy was released in September of 2021, and since then has been shaped by input from the cybersecurity industry as well as other fields of the public and private sector.

The final strategy has given government agencies 30 days to designate a strategy implementation lead within their organization and 60 days to submit an implementation plan to the OMB.

Christopher Inglis said that the strategy was a major step in the effort to build a defensible and coherent approach to the federal cyber defense. The administration is taking proactive steps towards a more resilient society in order to reduce the risk to our nation.