The White House wants the government to adopt a security model called Zero Trust within the next two years. The Office of Management and Budget (OMB) released a finalized federal strategy that lays out the initial details of the shift.

It told agencies to each designate a strategy implementation lead within 30 days. Agencies were given 60 days to submit an implementation plan to the OMB and Cybersecurity and Infrastructure Security Agency (CISA). 

“This memorandum sets forth a federal Zero Trust architecture (ZTA) strategy, requiring agencies to meet specific cybersecurity standards and objectives by the end of fiscal year (FY) 2024 in order to reinforce the government’s defenses against increasingly sophisticated and persistent threat campaigns,” OMB acting director Shalanda D. Young wrote in the memo. “Those campaigns target federal technology infrastructure, threatening public safety and privacy, damaging the American economy and weakening trust in government.”

The Zero Trust approach is based on the notion that local devices and connections can’t be completely trusted. Users need to be authorized, authenticated and continuously validated. Organizations usually have control over Zero Trust setups, and users and devices are often only granted access to essential data, apps and services.

Google offers a Zero Trust solution called BeyondCorp. Last week, a company called Sikur revealed a smartphone it designed using Zero Trust principles.

The release of the strategy follows an executive order President Joe Biden signed last year with the aim of improving the country’s cybersecurity, as well as a draft strategy that the OMB published in September.

The finalized strategy lays out a vision for the government in which staff have “enterprise-managed accounts, allowing them to access everything they need to do their job while remaining reliably protected from even targeted, sophisticated phishing attacks.” The devices would be continuously monitored and each agency’s system would be isolated, with reliable encryption for internal network traffic and sending data to other agencies.

Under this approach, enterprise applications would be tested internally and externally before staff could access them over the cloud. The OMB also said federal security teams and data teams would work together “to develop data categories and security rules to automatically detect and ultimately block unauthorized access to sensitive information.”

The strategy directs agencies to harness strong, phishing-resistant multi-factor authentication, perhaps using physical methods like Personal Identity Verification cards. The OMB also told agencies to have a full inventory of devices that are authorized and used for official business and to make sure they meet CISA standards.

The White House cited the Log4j vulnerability that recently emerged as the latest proof that “adversaries will continue to find new opportunities to get their foot in the door.”

“This strategy is a major step in our efforts to build a defensible and coherent approach to our federal cyber defenses,” national cyber director Christopher Inglis said in a statement. “We are not waiting to respond to the next cyber breach. Rather, this administration is continuing to reduce the risk to our nation by taking proactive steps towards a more resilient society.”

Source: Engadget – White House tells agencies to adopt the ‘Zero Trust’ security model

Following a two-month delay, Valve’s Steam Deck will launch on February 25th. In a blog post the company published on Wednesday, Valve said it would open orders to the first batch of reservation holders that day. Those customers will have 72 hours to purchase the handheld. If they don’t use the opportunity, Valve will release their spot to the next person in the reservation queue. The first orders will then ship on February 28th. Moving forward, Valve says it plans open orders to more customers on a weekly basis.    

Valve had planned to release the Steam Deck at the end of 2021, but due to parts shortages, the company pushed that date back. “We’re sorry about this — we did our best to work around the global supply chain issues,” Valve said at the time. “Components aren’t reaching our manufacturing facilities in time for us to meet our initial launch dates.”

Pricing for the Steam Deck starts at $399. That gets you a device with 64GB of eMMC internal storage and a carrying case. Valve will also offer models with 256GB and 512GB of NVMe storage. Those cost $529 and $649, respectively. The most expensive version also comes with a premium anti-glare screen. The Steam Deck’s custom chipset features a 2.4GHz processor and a GPU with eight RDNA 2 computer units. It also comes with 16GB of LPDDR5 RAM. All of that creates a handheld PC Valve claims can run the latest games at a “very efficient” power envelope. Look to Engadget for a review of the Steam Deck come February 25th.  

Source: Engadget – Valve’s Steam Deck will go on sale February 25th