An article in the most recent IT Talk, an official publication of the Office of the Chief Information Officer of the National Aeronautics and Space Administration (NASA), highlighted NASA’s cybersecurity goals and several important components of NASA’s Zero Trust journey that are key to the successful implementation of the cybersecurity and zero trust mandates, directives, and guidance issued by the President, Office of Management and Budget, Cybersecurity and Infrastructure Security Agency (CISA), and National Institute of Standards and Technology (NIST).
- Improve NASA’s cybersecurity and network protection; and
- Deliver an end-to-end, zero-trust/least-privilege architecture across NASA with continuous monitoring, analysis, and real-time enforcement for local area networks, data centers, and cloud environments.
Achievement of these goals is supported by reaching key outcomes, including:
- Delivering continuous monitoring, analysis, and real-time Zero Trust microsegmentation enforcement within government networks;
- Providing agency-wide network traffic visibility and advanced network flow monitoring and analysis to identify anomalous, threat-driven activity
- Enabling the most granular security access control enforcement possible to limit malicious actor activity and lateral movement.
To help deliver these outcomes, NASA is leveraging several Cisco solutions including Secure Network Analytics (previously known as Stealthwatch) and Identity Services Engine (ISE), as well as Cisco’s network switching and routing infrastructure fabric powered by Cisco’s Software Defined Access policy-based automation and orchestration.
Visibility is Critical to Both Security and Operational Outcomes
Cisco’s integrated security and networking solutions are powerful tools in enabling government Zero Trust security by helping to provide enterprise visibility and analytics that deliver automation and orchestration across networks, data centers, cloud, and edge ecosystems, as well as delivering the most granular, real-time, end-to-end microsegmentation available.
These same integrated solutions are critical to ensuring optimal user and workforce network performance experiences since not all anomalous activity is hostile in nature and could merely be artifacts that identify network issues that need to be addressed to proactively enhance user experiences. In addition, Cisco networking security solutions also help ensure operational network visibility and resiliency across both Information Technology (IT) and Operational Technology (OT) Agency environments.
IT and OT Cybersecurity Alignment is Mission Essential
This last point, regarding IT and OT infrastructure resiliency, is especially important given CISA’s recently released Binding Operational Directive 23-01 (BOD 23-01), Improving Asset Visibility and Vulnerability Detection on Federal Networks. This directive highlights that “continuous and comprehensive asset visibility is a basic pre-condition for any organization to effectively manage cybersecurity risk” and establishes compulsory baseline requirements for Federal Civilian Executive Branch (FCEB) agencies to identify assets and vulnerabilities on their networks and provide data to CISA at defined intervals.
A key aspect of BOD 23-01 is its scope: “all IP-addressable networked assets that can be reached over IPv4 and IPv6 protocols” and explicitly includes both “information technology” and “operational technology” assets. Frequently, policies and guidance are written for or tailored to the enterprise IT environment, and often overlooked are the OT networks that exist within federal agencies (mission essential OT systems, Supervisory Control and Data Acquisition (SCADA) systems, etc.), and that often constitute critical infrastructure. In BOD 23-01, CISA has elevated OT asset visibility to the same level of importance as IT asset visibility.
This summer, my Cisco colleague, Emory Miller, addressed the challenges to protecting our nation’s critical OT infrastructures in his blog, A Closer Look: Securing Critical Infrastructure in the Federal Government. Given that the amount of data generated and processed at the edge is expected to skyrocket over the next several years, and that analysts are predicting similar increases in edge network breaches, CISA’s latest compulsory direction couldn’t have arrived at a more opportune time to enhance risk management and Zero Trust outcomes.
Cisco is proud to support NASA on its enterprise Zero Trust journey and looks forward to continuing to help government agencies deliver unified security and operational resiliency across both their IT and OT environments.