When the Colonial Pipeline ransom attack took place last year, consumers were cut off from fuel, prices soared and there was a slight panic. It was one of the first cyberattacks to show consumers – and industry – that we are more connected than we realize to the effects of digital crime.

Time is everything. The Colonial Pipeline attack helped pave the way for a radical change in the federal government’s approach to cybersecurity. And this is exactly what the US government has been doing throughout the year to dynamically engage stakeholders on various aspects of Executive Order 14028 to improve the nation’s cybersecurity, which will change the status quo on how industry and government become more resilient.

In the year since the creation of the EO, new legislation on cybersecurity incident reporting has also passed law, but adversary tactics have become more sophisticated and the line between cyber incidents and actual incidents has evaporated. This has played a significant role in manufacturing, the most attacked industry in 2021. Threats have found a lever in the critical role that manufacturers play in global supply chains. Whether it’s cream cheese, toilet paper or meat, the ripple effect of the attacks has affected consumers in a significant way.

EO provides new defensive and offensive strategies that will help us win some small victories, but the key is effective execution. When the EO reaffirmed zero confidence by recognizing it as a key part of its strategy to improve the US position in cyberspace, we had a small victory. Now the challenge lies in the actual implementation. Without a deep understanding of the relationship of trust, implementations will fail.

Trust relationships need to be thoroughly tested, tested and retested. Access and trust should never be assumed; then security gaps are created. Today, many security teams unknowingly build networks with “less trust” – not zero trust.

To resolve this, we need to turn the table and look at the nets from the attacker’s lens; and threatening hunting is one way to do just that. However, while the EO explicitly mentions active cyber hunting, there is confusion about how to conduct the hunt. Automated security tools and security operations analysts have to deal with about 80% of threats, but another 20% remain on the table that have the potential to cause real harm.

The pursuit of threats must go beyond traditional detection technologies and, if done correctly, detect the unknown in the environment. Threat hunters look at security data and look for hidden malware or attackers. They look for patterns of suspicious activity that the computer may have missed or judged to be allowed, but not. Remember that effective implementation is key here.

Another small victory is the improvement in threat sharing, illustrated by the CISA Joint Cyber ​​Defense Collaborative’s JCDC, and progress in establishing collective and coordinated protection against cybercrime. Something we’ve been missing for a long time.

Historically, the wider security community has not been involved – as it is today – in sharing information about threats. The JCDC attracts table practitioners in the beginning, which has the potential to bring about change. This does not mean “mission accomplished”. There is still the challenge of making information more digestible and accessible. There is currently no standard classification for threat analysis. Providers have their own taxonomy, which means that it is incredibly difficult to combine threat analyzes from multiple providers.

Knowledge of the prevailing threats to federal agencies and the tactics and techniques used by adversaries is crucial. Every second counts in the face of a cyber attack. The more time it takes to detect and manage a security incident, the more expensive it is. For example, data breaches that took more than 200 days to identify and limit cost an average of $ 1.26 million more than those that took less than 200 days. That is why we need to continue to improve our approach to sharing threat information.

We entered a moment of sinking or swimming for cybersecurity. Legislation alone or more regulations will not help us gain an advantage over attackers. EO should only be seen as one tool in our security arsenal. By effectively implementing and transcending what is required and changing the culture around cybersecurity, federal agencies can better protect critical data and infrastructure that remain a major target for threat actors.

With more than two decades of experience in the information security industry, Charles Henderson leads a global team of hackers, researchers, investigators and incident responders to provide offensive and defense security services. Charles has also been hacking since he was nine years old. But in the name of fairness, we do not include his pre-teen exploits in his twenty-year tenure in the industry.


Previous articleMouser Electronics and Phoenix Contact announce a new solution Microsite dedicated to energy storage devices –
Next articleTitan Enterprises explains the possible causes of damage to the flow meter during installation