Home STAY CURRENTArticles How ZTA May Have the Answer to Cybersecurity Insider Threats

How ZTA May Have the Answer to Cybersecurity Insider Threats

by CISOCONNECT Bureau

A study on Zero-Trust Architectures (ZTA) found that it may hold the answer to cybersecurity insider threats. Read on to know more…

For years, businesses have taken a defensive “castle-and-moat” approach to cybersecurity, attempting to secure the perimeters of their network in order to keep malicious threat actors out. Individuals with the appropriate credentials were presumed to be trustworthy and were granted access to a network’s systems and data without the need to reauthorize themselves at each access attempt. Organizations are increasingly storing data in the cloud and allowing employees to connect to the network remotely, both of which expose this traditional approach to security vulnerabilities. A “zero-trust architecture,” in which users must authenticate their identity each time they access a network application or data, may be required for a more secure future.

The United States President’s Executive Order on Improving the Nation’s Cybersecurity, signed in May 2021, set a goal for federal agencies to achieve zero-trust security. Since then, the MIT Lincoln Laboratory has been conducting a study on zero-trust architectures with the goal of examining their implementation in government and industry, identifying technical gaps and opportunities, and developing a set of recommendations for the US’ approach to a zero-trust system.

The initial step for the study team was to define the term “zero trust” and understand the common misconceptions about the concept. Some of these misconceptions suggest that implementing a zero-trust architecture necessitates the purchase of entirely new equipment or that it renders systems unusable.

Jeffrey Gottschalk, the assistant head of Lincoln Laboratory’s Cyber Security and Information Sciences Division and study’s co-lead, says that “Part of the reason why there is a lot of confusion about what zero trust is, is because it takes what the cybersecurity world has known about for many years and applies it in a different way,”

“It is a paradigm shift in terms of how to think about security, but holistically it takes a lot of things that we already know how to do — such as multi-factor authentication, encryption, and software-defined networking­ — and combines them in different ways.”

Recent high-profile cybersecurity incidents, including those involving the United States National Security Agency, the United States Office of Personnel Management, Colonial Pipeline, SolarWinds, and Sony Pictures, have highlighted the vulnerability of systems and the need to rethink cybersecurity approach.

Observations of the Study Team
The study team looked at recent, high-profile cybersecurity incidents to identify which security principles were most responsible for the the scale and impact of the attack.

Christopher Roeser, study co-lead and the assistant head of the Homeland Protection and Air Traffic Control Division, said that “We noticed that while a number of these attacks exploited previously unknown implementation vulnerabilities (also known as ‘zero-days’), the vast majority actually were due to the exploitation of operational security principles,”

“that is, the gaining of individuals’ credentials, and the movement within a well-connected network that allows users to gather a significant amount of information or have very widespread effects.”

In other words, the threat actor had “breached the moat” and was now practically an insider.

Zero-trust security principles could protect against this type of insider threats by treating every component, service, and user of a system as continuously exposed to and potentially compromised by a malicious actor. Every time a user requests access to a new resource, their identity is verified, and every access is mediated, logged, and analyzed. Gottschalk compares it to installing trip wires throughout a network system. “So, when an adversary trips over that trip wire, you’ll get a signal and can validate that signal and see what’s going on.”

In reality, a zero-trust approach would entail replacing a single-sign-on system, which allows users to log in once for access to multiple applications, with a known and verified cloud-based identity. “Today, a lot of organizations have different ways that people authenticate and log onto systems, and many of those have been aggregated for expediency into single-sign-on capabilities, just to make it easier for people to log onto their systems. But we envision a future state that embraces zero trust, where identity verification is enabled by cloud-based identity that’s portable and ubiquitous, and very secure itself.”

During their study, the team spoke with about ten organizations and government agencies that have implemented zero-trust implementations either through cloud services, in-house management, or a combination of both. They discovered that the hybrid approach is a good model for government agencies to adopt. They also discovered that implementation could take anywhere between three and five years. Gottschalk says “We talked to organizations that have actually done implementations of zero trust, and all of them have indicated that significant organizational commitment and change was required to be able to implement them,”

The study does, however, show that there is no one-size-fits-all strategy to zero trust. Gottschalk said “It’s why we think that having test-bed and pilot efforts are going to be very important to balance out zero-trust security with the mission needs of those systems,”

The team also recognizes the significance of continuing research and development beyond initial zero-trust implementations, to meet new threats.

Recommended for You

Recommended for You

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Close Read More

See Ads