Survey: Most Agencies Expect to Meet Zero Trust Requirements

More than 6 in 10 federal IT officials believe their agencies will meet zero-trust security requirements laid out last year in President Biden’s cybersecurity executive order, according to a survey commissioned by defense firm General Dynamics Information Technology.

The survey, which polled 300 federal officials from federal civilian and defense agencies, found 63% of respondents felt their agencies would achieve specific zero-trust security goals by the end of fiscal 2024. More than 7 in 10 (76%) have a formal zero-trust strategy in place, with 52% reporting their agencies are “actively implementing” the strategy. Respondents also expressed satisfaction in the security in their agency networks, with 92% “confident in their agency’s ability to defend cyber threats.”

“This zero trust report shows that federal agencies are making great progress to strengthen their cybersecurity defenses,” Dr. Mathew McFadden, GDIT’s vice president of cyber, said in a statement. “Zero trust principles need to be implemented throughout the organization and must be embraced by business and IT stakeholders to establish a successful strategy that drives cyber resiliency and supports the organization’s mission.”

Biden’s executive order followed the Colonial Pipeline ransomware attack that affected fuel prices and caused ripples in the economy and a more widespread attack on government networks through compromised software from IT firm SolarWinds. It sets out numerous directives, including the move to secure cloud services, implement zero-trust architectures and deploy multifactor authentication and encryption.

Despite optimism in meeting timelines from a majority of respondents, the survey indicates significant challenges lay ahead. Half of respondents said they had trouble identifying what technologies they need, and 58% said one of the primary challenges to implementing zero-trust architectures “is rebuilding or replacing existing legacy infrastructure.” In addition, 48% believe their agencies lack sufficient IT staff expertise.

“When some agencies still have data on mainframes or legacy systems, it’s a big challenge,” Dr. John Sahlin, GDIT’s cyber solutions director for defense said in a statement. “Agencies know they can't bolt on zero trust, so they must decide to rebuild or replace systems. That requires additional spending on top of investing in zero trust. Agencies have to make some hard decisions.”

Respondents indicated alignment in compliance-focused priorities in the coming year. More than 9 in 10 reported their top priorities were device protection (92%) and cloud security (90%).