Security Market Segment LS
Friday, 14 May 2021 09:38

New cyber rules will be judged by their efficacy: Tenable chief Featured

By
New cyber rules will be judged by their efficacy: Tenable chief Image by Gerd Altmann from Pixabay

The executive order on cyber security issued by the US on Thursday will be judged by whether it can stop the next attack similar to the Colonial Pipeline attack or the SolarWinds supply chain fiasco, the head of a security firm says.

Amit Yoran, the chief executive at security outfit Tenable, said the Colonial attack underlined how critical the new executive order was to the national security of the US.

The order lists measures to be taken across software suppliers and purchasing, sharing of threat information, modernising the federal government's cyber security posture, and improving the security of software supply chains.

"The question on everyone's mind is whether the executive order will stop the next SolarWinds or Colonial Pipeline attack," said Yoran, who is also a founding director of US-CERT in the US Department of Homeland Security. "Make no mistake — no one policy, government initiative or technology can do that. But this is a great start."

He described the executive order as "one of the most detailed and deadline-driven" documents he had seen from any administration. "In the wake of a seismic attack, like SolarWinds, this is incredibly encouraging to see," he added.

Yoran said within the next year, all software vendors for the Federal Government would need to have an established software development lifecycle.

"This speaks directly to the gaping supply chain security issues that SolarWinds brought to attention — one broken chain link can bring down the entire fence. While these practices won't prevent all supply chain breaches, it's an important step forward," he said.

"Part of the new guidelines includes breach notification requirements for software suppliers. This forces much-needed transparency and accountability across the private sector which have been avoided for too long. This should be a welcome change by all – technology vendors, government agencies and end-users.

"However, the next and arguably most important step is implementation. While we're encouraged to see cyber security play a prominent role in President [Joe] Biden's policy initiatives, we must now focus our attention on making this executive order actionable."

James Hayes, vice-president for Global Government Affairs at Tenable, said: "As more and more organisations look to zero-trust security as the way forward, this executive order takes a bold step forward in making sure the days of bolting security onto critical systems as an afterthought are upended.

"This detailed order will require federal agencies and their private sector partners to share information and double down on the cyber security basics to successfully drive a zero-trust framework throughout the federal enterprise.

"The past year exposed significant vulnerabilities within our digital infrastructure. We are still learning the full scope and scale of these cyber attacks, and it's becoming clear that, in order to prevent something like this from happening again, the Federal Government and the private sector must partner together to implement smart cyber policies and best practices."

Andrew Rubin, chief executive and co-founder, micro-segmentation provider Illumio, said: "Cyber complacency has been plaguing the federal system for decades, as recently evidenced by the catastrophic breach involving SolarWinds. This new executive order acknowledges that we fundamentally need to change the way we think about cyber resiliency – and it starts with zero trust.

"Globally, we spent US$173 billion (A$223.8 billion) on cyber security last year. Yet in the past year alone we've seen more catastrophic breaches than at any other time in history. Despite our failing strategy and terrible outcomes, the US has continued to take the same approach to federal cyber security as we did 20 years ago."

He said that the new administration had changed that by finally acknowledging the failings of an outdated federal cyber security model, and laying bare the first iteration of a new security design founded on zero trust.

"Cyber complacency isn't just an American problem, or a federal problem, or a policy problem – it's a global problem. That's why I welcome this executive order with open arms. It's a call to action to the world that we need to change the way we protect ourselves," Rubin said.

"This is the first time in history that a US president has acknowledged that we cannot stop all security incidents. Signing this executive order — mandating zero trust and segmentation — has become a public demonstration that detection does not work 100% of the time.

"Our complete reliance on detection to find and stop bad things is no longer an option. With bad actors and nation-states operating at all-time high levels of sophistication, a failure to recognise this will result in a small incident turning into a catastrophic attack – with the potential to impact human lives.

"We need segmentation and we need zero trust – and the government has now publicly declared this vital."


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments