What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2021-05-21 12:06:56 | Live From RSAC: Anne Neuberger Addresses President Biden\'s Executive Order on Cybersecurity (lien direct) |  Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology, addressed President Biden???s executive order at the virtual RSA Conference this week. The executive order, announced on May 12, 2021, aims to safeguard U.S. cybersecurity and modernize cybersecurity defenses.
As Neuberger explains, this executive order couldn???t come at a more critical time. The Biden administration was challenged with two cybersecurity incidents in the first 100 days ??? SolarWinds and Microsoft Exchange. Note that the session must have been pre-recorded because she didn???t even mention a third attack that disrupted the Colonial Pipeline.
The incidents proved three major lessons:
Adversaries will look for any opening to attack, including the government???s suppliers.
Partnerships are critical. The government needs the private sector, and the private sector needs the government.
The government needs to modernize cybersecurity defenses.
???[These lessons prove that] we need to shift our mindset from incident response to prevention,??? said Neuberger. ???We simply cannot let waiting for the next shoe to drop be the status quo under which we operate.???
In the software development world, we call this being stuck in a ???break/fix??? mentality. It is better to build a software development process that causes less ???breaks.??? That enables you to deliver more software with less failures. We are starting to see cybersecurity learn from software development principals, shifting our cybersecurity problems to the left.
Breaches are more detrimental than most organizations realize. Neuberger noted two staggering statistics. In 2019, Accenture reported an average company spends $13 million per breach. And CIS and McAfee reported that cybercrime cost 1 percent of global GDP in 2018. Organizations are far better off spending the money to secure their applications, including demanding better from their vendors, than waiting for a breach. How many small businesses, schools, hospitals, or government agencies have an extra $13 million to spend on an unexpected breach?
What Neuberger didn???t mention is that that same study from Accenture cited an increase of 67 percent in cyberattacks over the past five years. And if cyberattacks continue at this velocity, Accenture calculates a total value at risk of $5.2 trillion globally over the next five years.
The president???s approach is proactive and includes modernizing cyber defenses, returning to a more active role in cybersecurity internationally, and ensuring that America has a better posture to compete. It was the SolarWinds breach that opened our eyes to the fact that we don???t have modern cyber defenses in place. Software supply chain security is of particular concern.
???The current model of build, sell, and maybe patch means that the products the federal government buys often have defects and vulnerabilities that developers are accepting as the norm with the expectation that they can patch later. Or perhaps they ship software with defects and vulnerabilities that they don???t think merit fixes ??ヲ. That???s not acceptable,??? said Neuberger. ???Security has to be a basic design consideration.??? ツ?ツ?
Neuberger hinted that the executive order might require federal vendors to build software in a secure development environment. And that software leveraged by the federal government should include strong authentication, encryption and limit privileges. As for preexisting critical infrastructure that was built before the Internet, the orde |
Ransomware | Uber |
1
We have: 1 articles.
We have: 1 articles.
To see everything:
Our RSS (filtrered)
