The new paradigm emerging for cybersecurity is to never trust anyone at any time, at least for some federal agencies.
“We’re in the process of implementing zero trust or near-zero trust,” said Andrew Orndorff, CISO and associate CIO for cybersecurity, Department of Transportation, during a panel at MeriTalk’s Zero Trust Cyber conference in June. “In the process we learned a lot of things.”
Orndorff said the department learned “to trust our data even less than we thought.” When his office started mapping its networks, they learned there were 50 percent more assets on the network than they thought, which meant there were a lot of devices that were less secure than expected.