Cybersecurity: A new EO that's stressing critical Infra providers
Ransomware.
Five years ago, the cybersecurity community was familiar with the term, albeit infrequently. New Ransomware has been making headlines since the beginning of the year 2021. Numerous security professionals and non-professionals alike have brought it up.
Ransomware assaults cost an average of $4.62 million, according to recent statistics. A company's viability could be jeopardised if it suffers a loss. Non-commercial organisations were also affected by this. In 2021, ransomware attacks have disrupted the supply channels of everything from oil pipelines to food pipelines.
Even the United States government has taken note.. Five legislation addressing critical system cybersecurity have been passed by the House of Representatives. President Joe Biden promised a second response on May 2021 when the TSA released a new security guideline for pipeline operators. Additional security measures are requested by the "Executive Order on Improving the National Cybersecurity" (EO 14028). A zero-trust architecture, improved cybersecurity programmes, and a cloud security plan are a few of the things that must be addressed.
Most of our Extreme Compute team's attention was drawn to section four, which focused on supply chains that hackers have used in many major data breaches. Software supply chain security includes four topics:
- According to NIST, fundamental security standards for, including code verification, threat modelling, and automated testing for software sold to the US government, will be established.
- Software that is labelled "Secure." The implementation of a labelling system that represents significant testing and evaluation is planned.
- Enterprises benefit from an SBOM because it allows them to quickly detect any software components that may pose a danger to their operations.
- The EO's key software will be described in detail by NIST. Security-critical software should be deployed in the first phase of EO implementation, according to NIST's recommendation.
It's not just software organizations that will benefit from this. All major industries are extensively regulated by the government. What are the first actions that firms take in the modern era? Consider that most of the EO's criteria are unknown, therefore analyse the EO and assess your surroundings. As a starting point, we recommend looking at four areas:
- Do you use multifactor authentication, data encryption, and detection and response in your software development?
- Do you use tools to keep your source code secure, and do you regularly check for defects that could be exploited?
- If yes, are you equipped to discover and solve known and potential security flaws in your software, devices, and networked infrastructure?
- If so, is your software code or component data, controls on both internal and external software components, and tools and services up-to-date? To guarantee that your data is accurate, you should conduct regular audits of your methods and controls.
An important part of software development is testing the code before it is released. Code, libraries, packages, and services are all subject to NIST's minimal set of criteria for testing and verifying. Correcting underlying issues is also a priority. It also emphasises the importance of developing incident response methods and controls, which should be monitored and responded to around the clock.
Your security and compliance operations will benefit from the use of this technique, which at first glance may seem cumbersome. To maximise your investment and reduce the risk of a catastrophic breach, you should conduct security evaluations on a regular basis. Because the federal government supports this EO, your executive team and board may also be on board. There is a shift in the company's culture when more people are on board with the idea. Additional resources and money may be needed to ensure security.
Taking care of the EO may help you organise your life better. This means that you will always be able to identify the people, processes, and technology that make up your organisation, and you will be able to track and regulate the flow of data. The federal government's focus on security is expected to increase.
Partnering with an EO specialised team is easy with the support of Extreme Compute Security. Consider your surroundings and how the EO can be applicable.
