Energy CISO: Agencies can\u2019t implement zero trust alone | CyberScoop<\/title> <meta name=\"description\" content=\"Federal IT and cybersecurity officials said companies who sell zero trust technologies to the government must do more to make them interoperable.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/zero-trust-federal-government-vendors-interoperable\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Energy CISO: Agencies can\u2019t implement zero trust alone\"> <meta property=\"og:description\" content=\"Federal IT and cybersecurity officials said companies who sell zero trust technologies to the government must do more to make them interoperable.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/zero-trust-federal-government-vendors-interoperable\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2025-02-19T21:00:53+00:00\"> <meta property=\"article:modified_time\" content=\"2025-02-19T21:05:15+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone-2.jpg\"> <meta property=\"og:image:width\" content=\"2048\"> <meta property=\"og:image:height\" content=\"1366\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"djohnson\"> <meta name=\"twitter:card\" content=\"summary_large_image\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1739294329g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1739821441g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1739308213g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=5e4722b3d0055288d011\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/83534\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.7.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=83534\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fzero-trust-federal-government-vendors-interoperable%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fzero-trust-federal-government-vendors-interoperable%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-83534 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/zero-trust-federal-government-vendors-interoperable\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"5.12\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Nominations can be submitted for the 2025 CyberScoop 50 awards!<\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.247272727273\">\n<div class=\"single-article__header-content\" readability=\"33.688888888889\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/zero-trust-federal-government-vendors-interoperable\/\"> <span>Government<\/span> <\/a> <\/li>\n<\/ul>\n<p> Federal IT and cybersecurity officials said companies who sell zero trust technologies to the government must do more to make them interoperable. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/83534\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone-2.jpg 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone-2.jpg?resize=1536,1025 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone-2.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone-2.jpg?resize=1012,675 1012w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone-2.jpg?resize=1264,843 1264w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> Department of Energy CISO Paul Selby speaks during CyberScoop’s Zero Trust Summit on Feb. 19, 2025, in Washington, D.C. (Scoop News Group Photo) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"29.50974025974\"><body readability=\"59.843064336184\"><\/p>\n<p>Federal agencies need help from stakeholders outside of government to solve some of the harder technical barriers in setting up zero-trust architecture in their networks, the Department of Energy\u2019s chief information security officer said Wednesday. <\/p>\n<p>Speaking at CyberScoop\u2019s Zero Trust Summit in Washington D.C., Paul Selby urged technology manufacturers and experts to work with federal agencies to develop technologies and protocols that address the limitations of legacy systems \u2014 including operational technology \u2014 that are still prevalent in the energy sector.<\/p>\n<p>\u201cThere\u2019s no question that the legacy environment and the technical debt in the government is a huge problem, and we need the vendor community to help us overcome this,\u201d Selby said.<\/p>\n<p>Since 2021, federal agencies <a href=\"https:\/\/fedscoop.com\/biden-cyber-executive-order-reignites-push-to-cloud-zero-trust\/\">have been required to implement<\/a> zero trust principles to their IT. Because zero trust is more of a concept than a prescribed set of technologies or solutions, each agency\u2019s journey <a href=\"https:\/\/www.scworld.com\/analysis\/zero-trust-strategy-will-likely-be-different-for-each-federal-agency\">has looked different<\/a> depending on their needs and legacy IT environment.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Selby\u2019s department oversees the nation\u2019s energy policy, manages nuclear infrastructure and works hand-in-hand with thousands of private companies and independent utilities. Because of that, he described his IT environment as \u201ccomplex,\u201d with the complexity multiplying as remote work grew during the COVID-19 pandemic.<\/p>\n<p>Cherilyn Pascoe, director of the National Cybersecurity Center of Excellence at the National Institute of Standards and Technology, said that companies who sell to the government must do more to make their technologies interoperable with other products.<\/p>\n<p>Since 2021, Pascoe said NIST has worked with over 100 different technology vendors to develop a zero trust implementation guide for federal agencies, eventually narrowing the list down to 24.<\/p>\n<p>\u201cOne of the things that we noticed is that when we first started the project, all 24 members said they could integrate with each other. As we continued down that path, we quickly learned that was not the case,\u201d Pascoe said. \u201cWe also learned that there were security capabilities that were missing that we thought we were going to be able to leverage in some of our example builds that we were unable to demonstrate.\u201d<\/p>\n<p>Selby also highlighted ongoing \u201ccultural and organizational resistance\u201d to the zero trust mandates in federal agencies, as well as other cybersecurity initiatives, attributing this to a larger failure by practitioners to communicate effectively with stakeholders beyond \u201cscreaming louder\u201d about the problem.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cFear, in and of itself, is not changing the landscape inside cybersecurity,\u201d Selby said.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.6029411764706\">\n<div class=\"author-card\" readability=\"13\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/02\/energy-ciso-agencies-cant-implement-zero-trust-alone-1.jpg?w=640&ssl=1\" alt=\"Derek B. Johnson\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Derek B. Johnson<\/h4>\n<p> Derek B. Johnson is a reporter at CyberScoop, where his beat includes cybersecurity, elections and the federal government. Prior to that, he has provided award-winning coverage of cybersecurity news across the public and private sectors for various publications since 2017. Derek has a bachelor\u2019s degree in print journalism from Hofstra University in New York and a master\u2019s degree in public policy from George Mason University in Virginia. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/zero-trust-federal-government-vendors-interoperable\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Energy CISO: Agencies can\u2019t implement zero trust alone | CyberScoop<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[78,1343,117,3727,900],"tags":[86,1344,119,3728,907],"class_list":["post-7367","post","type-post","status-publish","format-standard","hentry","category-cybersecurity","category-department-of-energy","category-government","category-procurement","category-zero-trust","tag-cybersecurity","tag-department-of-energy","tag-government","tag-procurement","tag-zero-trust"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-energy\/\" rel=\"category tag\">Department of Energy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/procurement\/\" rel=\"category tag\">procurement<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/zero-trust\/\" rel=\"category tag\">Zero Trust<\/a>","tag_info":"Zero Trust","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7367","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=7367"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/7367\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=7367"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=7367"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=7367"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":7367,"date":"2025-02-19T15:00:53","date_gmt":"2025-02-19T21:00:53","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=83534"},"modified":"2025-02-19T15:00:53","modified_gmt":"2025-02-19T21:00:53","slug":"energy-ciso-agencies-cant-implement-zero-trust-alone","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2025\/02\/19\/energy-ciso-agencies-cant-implement-zero-trust-alone\/","title":{"rendered":"Energy CISO: Agencies can\u2019t implement zero trust alone"},"content":{"rendered":"