One year after President Joe Biden’s executive order on improving the nation’s cybersecurity, federal agencies are making steady progress toward their zero trust security goals, according to a new study commissioned by General Dynamics Information Technology.
Yet agencies also face several challenges and know there is still more work to do, the researchers found.
The study, “Agency Guide to Zero Trust Maturity,” surveyed 300 federal officials from civilian and defense agencies to understand the progress toward the cyber executive order and Office of Management and Budget’s zero trust standards and objectives.
Of the 300 officials, 60% work in a federal civilian agency and 40% in a defense agency.
The executive order requires government agencies to achieve specific zero trust security goals by the end of fiscal year 2024. According to the study:
- 63% of respondents said their agencies will meet these requirements on time or early.
- 92% are confident in their agency’s ability to defend against cyber threats.
- 76% have a formal zero trust strategy in place, with 52% actively implementing one.
But with such a major undertaking against an ambitious timeline, challenges remain.
- 58% said one of the primary challenges to implementing zero trust architecture is rebuilding or replacing existing legacy infrastructure.
- 50% are having trouble identifying what technologies they need.
- 48% think their agencies lack sufficient IT staff expertise.
“When some agencies still have data on mainframes or legacy systems, it’s a big challenge,” said John Sahlin, GDIT’s cyber solutions director for defense. “Agencies know they can’t bolt on zero trust, so they must decide to rebuild or replace systems. That requires additional spending on top of investing in zero trust. Agencies have to make some hard decisions.”