ICAM Must Work Among Agencies to Be Effective
The DOD released its zero-trust strategy in October 2022; the service branches and individual intelligence agencies are preparing their own. Defense agencies have until 2027 to finalize their zero-trust plans.
Concerns about interoperability were not limited to industry partners, however. Agencies must find ways to integrate security tools such as identity, credential and access management (ICAM) — important in the defense and intelligence worlds, where information must be shared among agencies in real time amid crisis.
Unexpectedly, this has become an issue with unclassified information. “We really didn’t have a realization of how much unclassified mission we had in the intelligence community until after COVID. It’s coming out of the woodwork,” Phelps said.
“We have a lot of focus on the high side (classified and top secret) when it comes to interoperability, data standards, how we federated, but unclassified, we’re just not there,” he added.
He recently had to join an unclassified teleconference as a guest, he said, because his system wasn’t federated with the other agency’s; the other agency was unable to verify his identity as a result.
“ICAM is one of the more critical capabilities to make zero trust a possibility,” said Evan Kehayias, division chief of cybersecurity engineering at the National Geospatial-Intelligence Agency. “And we need ICAM to be interoperable so that someone at NGA can access data at another agency.”
Identity Is Key to Interoperability in Defense Agencies
The Cybersecurity and Infrastructure Security Agency organizes zero-trust priorities into five “pillars”: identity, devices, networks, applications and workloads, and data. The DOD strategy adapts those into seven: users, devices, applications and workloads, data, network and environment, automation and orchestration, and visibility and analytics.
“All things are kind of equal in regard to the pillars, but everything starts with identity,” said Stephen Kensinger, CIO of the cyber and security division and senior technical adviser for the Defense Intelligence Agency.
“For interoperability in particular, we have to work across our partnerships to embrace the same standards. If we have different data marking and tagging standards utilized throughout the government, that will defeat interoperability.”
“The systems that are set up for ID management across all the different agencies are different, and we need to be able to translate that,” said acting DIA Chief Data Officer Mac Townsend.