Staff training a key challenge for agencies adopting zero trust, USDA CISO says
Ensuring IT staff receive sufficient training to use the latest security tools is a key challenge facing federal agencies as they move to zero trust, according to the Department of Agriculture CISO.
Responding to a question at the 2022 Zero Trust Summit on Wednesday, presented by CyberScoop, USDA CISO Ja’Nelle Devore underscored how federal IT shops are using myriad tools to keep up with fast-evolving threats.
“We have enough people, the issue is training. When you have several tools that will be part of your zero trust utilization, you have to re-integrate how they work,” Devore said.
She added that zero trust implementation for USDA has been relatively painless because the cybersecurity approach relies on tenets such as regular hardware inventories and maintaining patches, which the agency has undertaken since at least 2017.
“In a way that makes it easier for the folks that have to implement zero trust to look at what we have and understand how [that fits into zero trust],” Devore said.
According to the final version of a zero-trust architecture strategy issued by the White House in January, federal agencies have until 2024 to implement security measures such as multi-factor authentication and encryption of network traffic.
The memo required that agencies within 60 days of the memo being issued submit an implementation plan to OMB and CISA for review and also stipulated within 120 days agency chief data officers work with staff to develop a set of initial categorizations for sensitive electronic documents.