Jun 05 2024

How NTSB Leans on Microsegmentation to Improve Its Security Posture

Microsegmentation, user identity and endpoint security stand as the keystones of zero trust.

Federal agencies have reported an average of about 30,000 cyber incidents annually for the past five years, according to data from the White House Office of Management and Budget.

While that number is down from its height in 2015, when it topped more than 77,000, the potential for damage remains profound, and agencies now continuously update systems and cybersecurity measures in an attempt to achieve the most secure environments possible. A key element of their strategy: microsegmentation.

“Ransomware is not going anywhere. If anything, it’s only going to increase,” says Carlos Rivera, a senior analyst at Forrester who began his cybersecurity career in the U.S. Air Force. “We’re not going to stop all of it, but we can mitigate its spread in some way. Microsegmentation is the strategy and technology that can reduce the reach of a ransomware attack.”

Click the banner below to begin developing a comprehensive cyber resilience strategy.


The National Transportation Safety Board began implementing microsegmentation tools in 2017.

“Like most modern networks, the NTSB network was segmented into smaller, compartmentalized sub-networks based on the sensitivity of the assets or services, which is a way to subdivide the network into smaller chunks,” CTO Victor Pham says. “Microsegmentation, by definition, segments our enterprise into even smaller components at the application level or the workload level.”

Microsegmentation can be designed to differentiate between endpoints, containers or other defined segments, and offers increased visibility across each, which can help administrators identify and detect threats and stop lateral movements through a network.

“It’s a granular approach that allows you to map out who was talking to whom, what and where. This is especially important for government organizations that don’t typically have a lot of visibility in their environments,” Rivera says.

Microsegmentation is increasingly essential in zero-trust environments, part of a 2021 executive order requiring all federal agencies to improve their cybersecurity postures. Zero trust deems all users, devices and workloads untrustworthy unless they are verified.

“Microsegmentation combined with user identity and endpoint security is the Holy Grail of zero trust,” Pham says. “With those three, you have a foundation and can layer any agency-specific risk management functions on top.”



Microsegmentation Evolves at NTSB

When the NTSB security team first explored the potential for microsegmentation, the agency had three regional offices and a headquarters in Washington, D.C., which were interconnected using multi-protocol label-switching to speed routing. Remote access to the enterprise resource was a tunnel through a VPN and Trusted Internet Connections, also in D.C. But this traditional remote access setup didn’t meet the agency’s computing needs in the cloud computing era.

“At the time, our federal mandate was that every agency had to use TIC,” Pham remembers. “As good as it was, it didn’t work well for cloud infrastructure, and our agency needed to be in the cloud.”

The old network also was vulnerable to insider threats.

“Our old setup was like a fortress, but the inside was like a marshmallow,” Pham says. “If you got in, you could access anything you wanted.”

Remote access to the NTSB resource was suboptimal: “Can you imagine an investigator in Alaska trying to log in to a VPN session in D.C. to get to a service at the HQ or in the cloud? It was just painful. We had to find something that met our business needs,” Pham says.

The NTSB tested Zscaler in a 2017 pilot, but the move was gradual. The agency first needed to create an infrastructure that would support the move to the cloud. It built three WAN nodes at its regional offices and linked them via a high-speed connection before layering on the Zscaler platform as a replacement for the previous VPN structure, and it has expanded its use of microsegmentation ever since.


The number of ransomware complaints from government facilities considered critical government infrastructure that were targeted by cyberattacks in 2023

Source: FBI, “Internet Crime Report, 2023,” December 2023

In 2020, the NTSB migrated core applications and services to Microsoft Azure Government. In addition to the benefits of security in a managed FedRAMP cloud environment, the new infrastructure has greatly cut down on the time and bandwidth needed to collaborate on and complete investigations.

Regardless of how much the NTSB increases its cloud presence, microsegmentation is a major component of the agency’s zero-trust architecture.

Traditional security measures protect north-south movement; it’s easy to monitor traffic going in and out of the system,” says Pham. “Preventing the lateral movement — the east-west movement — that is much more valuable.”

LEARN MORE: Evolving the zero-trust security model for business.

Enter Thunderdome, DOD’s Zero-Trust Architecture

At the Defense Information Systems Agency, the mission to support military and civilian defense leaders with IT tools and infrastructure to do their jobs effectively has been aided by microsegmentation. Where DISA at one time allowed broad access to everything on the agency’s network, zero trust has now stepped in.

“Historically, if you logged in to the network, you had access to everything, and that’s broad access we don’t want to allow anymore,” says Brian Hermann, program executive officer with the Cyber Security and Analytics Directorate at DISA.

The move to zero trust was mandated by both the White House and Department of Defense, which released its zero-trust strategy and roadmap in 2022 with the goal of achieving a complete zero-trust network architecture, known as Thunderdome, by 2027.

Microsegmentation is a valuable tool in those efforts.


Percentage of enterprises working toward zero-trust architecture that will deploy more than one form of microsegmentation by 2026, up from less than 5 percent in 2023

Source: gartner.com, “Market Guide for Microsegmentation,” June 12, 2023

“When users log on to their machines, they don’t have access to anything they shouldn’t,” says Hermann. “That means we have to define those things that are critical components.”

DISA works with partner agencies in a variety of ways, ranging from assisting them with creating and securing their networks to hosting and running their networks for them.

“The Defense Department provides the backbone — the Defense Information Network — and we provide the ‘connective tissue’ in terms of transport and security functions, which connect all of those enclaves and hosting environments,” he says. 

His team has tested several microsegmentation technologies within cloud environments hosted by Microsoft, Amazon, Google and Oracle.

“The tools are agnostic of your hosting environment; if you’re in any of those clouds, you can leverage the same solution to microsegment other applications,” Hermann says. “Our path forward is zero trust, and microsegmentation is part of what will help us achieve that.”

DISCOVER: How organizations can address emerging security challenges with zero trust.

subjug/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.