One Article Review
| Source |  Veracode |
|---|---|
| Identifiant | 2821368 |
| Date de publication | 2021-05-21 12:06:56 (vue: 2021-05-21 17:05:37) |
| Titre | Live From RSAC: Anne Neuberger Addresses President Biden\'s Executive Order on Cybersecurity |
| Texte |  Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, addressed President Biden???s executive order at the virtual RSA Conference this week. The executive order, announced on May 12, 2021, aims to safeguard U.S. cybersecurity and modernize cybersecurity defenses.
As Neuberger explains, this executive order couldn???t come at a more critical time. The Biden administration was challenged with two cybersecurity incidents in the first 100 days ??? SolarWinds and Microsoft Exchange. Note that the session must have been pre-recorded because she didn???t even mention a third attack that disrupted the Colonial Pipeline.
The incidents proved three major lessons:
Adversaries will look for any opening to attack, including the government???s suppliers.
Partnerships are critical. The government needs the private sector, and the private sector needs the government.
The government needs to modernize cybersecurity defenses.
???[These lessons prove that] we need to shift our mindset from incident response to prevention,??? said Neuberger. ???We simply cannot let waiting for the next shoe to drop be the status quo under which we operate.???
In the software development world, we call this being stuck in a ???break/fix??? mentality. It is better to build a software development process that causes less ???breaks.??? That enables you to deliver more software with less failures. We are starting to see cybersecurity learn from software development principals, shifting our cybersecurity problems to the left.
Breaches are more detrimental than most organizations realize. Neuberger noted two staggering statistics. In 2019, Accenture reported an average company spends $13 million per breach. And CIS and McAfee reported that cybercrime cost 1 percent of global GDP in 2018. Organizations are far better off spending the money to secure their applications, including demanding better from their vendors, than waiting for a breach. How many small businesses, schools, hospitals, or government agencies have an extra $13 million to spend on an unexpected breach?
What Neuberger didn???t mention is that that same study from Accenture cited an increase of 67 percent in cyberattacks over the past five years. And if cyberattacks continue at this velocity, Accenture calculates a total value at risk of $5.2 trillion globally over the next five years.
The president???s approach is proactive and includes modernizing cyber defenses, returning to a more active role in cybersecurity internationally, and ensuring that America has a better posture to compete. It was the SolarWinds breach that opened our eyes to the fact that we don???t have modern cyber defenses in place. Software supply chain security is of particular concern.
???The current model of build, sell, and maybe patch means that the products the federal government buys often have defects and vulnerabilities that developers are accepting as the norm with the expectation that they can patch later. Or perhaps they ship software with defects and vulnerabilities that they don???t think merit fixes ??ヲ. That???s not acceptable,??? said Neuberger. ???Security has to be a basic design consideration.??? ツ?ツ?
Neuberger hinted that the executive order might require federal vendors to build software in a secure development environment. And that software leveraged by the federal government should include strong authentication, encryption and limit privileges. As for preexisting critical infrastructure that was built before the Internet, the orde |
| Envoyé | Oui |
| Condensat | $13 100 2018 2019 2021 accenture acceptable accepting accountable act actions active addressed addresses administration advantages adversaries advisor agencies aims alliance also amazon america among anne announced any applications approach are attack attackers attacking attacks authentication average basic because been before being better biden bold bolstering breach breaches break/fix breaks broadly build built businesses buys calculates call calling can cannot causes chain challenged change cis cisco cited coalition colonial come comes commitment companies company compete concern conference consequences consideration continue cost couldn countries critical cryptocurrency current customer cyber cyberattacks cybercrime cybercriminals cybersecurity days defects defenses deliver demanding deputy design detecting detrimental developers development didn different digital disrupted dissuade don drop emerging enables encryption end ends enforcement ensure ensuring environment even exchange exchanges executive executives expectation explains extra eyes fact failures far favorite federal find first five fixes foreign from fundamental fundamentally gdp global globally government has have havens hinted hold hospitals how improvements incident incidents include includes including increase incremental incur infrastructure international internationally internet just know later laundering law laws learn left less lessons lessons: let leveraged liable like limit live long look major many may maybe mcafee means mentality mention merit microsoft might million mindset misplaced model modern modernize modernizing money more most must nation national need needs neuberger new next norm not note noted off often one opened opening operate order organizations other over overdue particular partnerships past patch per percent perhaps pipeline place play posture pre preexisting president press prevention principals private privileges proactive proactively problems process products promote proponents proportional prosecute prosecuting prove proved quo ransomware realize recommendations recommends recorded renewing report reported require response restrictions retaliation returning risk role rsa rsac: russia safe safeguard safeguarding said same sanctions saying schools sector secure security see sell session she shift shifting ship shoe should simply small software solarwinds spend spending spends staggering starting stated statements statistics status stepping strategy strong stuck study suppliers supply team technology than that these think third threaten three thy time times top total transparent travel trillion trust trustworthy two under unexpected using value velocity vendors virtual visa visibility vision vulnerabilities waiting want ways week what where which will world years york |
| Tags | Ransomware |
| Stories | Uber |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.