State’s cyber overhaul bets big on zero trust to tackle emerging threats

Mark Wilson/Getty Images

The State Department started at the “bottom of the barrel” when the White House’s 2021 cybersecurity executive order was released, according to the agency’s chief information security officer.

The State Department has overhauled its cybersecurity posture to meet the various federal mandates and best practices disseminated from the White House and the Cybersecurity and Infrastructure Security Agency, emphasizing a meticulous migration to a zero-trust security architecture. 

Speaking during a Billington CyberSecurity event, State’s Chief Information Security Officer Donna Bennett discussed the approach her office is overseeing to fortify the agency’s digital networks, particularly following the White House’s 2021 cybersecurity executive order. 

“When we started this journey when the executive order was released, you know, we were…bottom of the barrel,” Bennett said. “We…have worked tremendously with all of our system owners and all of the bureaus within the department to ensure that we are meeting the required mandates.”

She added that implementing a strong zero trust network architecture has helped guide the agency’s cyber strategy, along with taking cues from CISA’s key performance indicators and guidance from the Office of Management and Budget. 

“I would say that zero trust is a journey,” Bennett said. “It is a mindset, it's a culture, you know, that has to change within the environment.”

These cultural shifts within State included evaluating the digital assets the agency relies on to process and store important information. Bennett said that understanding which systems are deemed high-value assets –– a protocol recommended by other federal officials when modernizing network security –– informs them of which systems to prioritize securing. 

Bennett also said that improving communication with vendors and service providers to better flag threats has proven another important tactic in the agency’s cybersecurity posture.

“You have to have communication, you have to be open and you have to be able to share a lot of the data and a lot of the threats that are happening,” she said. 

Amid the rise of more advanced technologies like artificial intelligence, Bennett said that the zero-trust journey will likely be steadily modernized over time. 

“It's a continuous thing that we're going to continue doing over time as technology advances, new threats come about, that's how we're going to be able to defend our net,” she said.