惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

C
CXSECURITY Database RSS Feed - CXSecurity.com
P
Proofpoint News Feed
Attack and Defense Labs
Attack and Defense Labs
Security Archives - TechRepublic
Security Archives - TechRepublic
Engineering at Meta
Engineering at Meta
WordPress大学
WordPress大学
H
Hackread – Cybersecurity News, Data Breaches, AI and More
MyScale Blog
MyScale Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
F
Full Disclosure
云风的 BLOG
云风的 BLOG
爱范儿
爱范儿
V2EX - 技术
V2EX - 技术
B
Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
M
MIT News - Artificial intelligence
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
W
WeLiveSecurity
Stack Overflow Blog
Stack Overflow Blog
TaoSecurity Blog
TaoSecurity Blog
T
Threatpost
小众软件
小众软件
T
The Blog of Author Tim Ferriss
Google Online Security Blog
Google Online Security Blog
MongoDB | Blog
MongoDB | Blog
T
Tenable Blog
P
Privacy International News Feed
S
Security @ Cisco Blogs
H
Heimdal Security Blog
大猫的无限游戏
大猫的无限游戏
B
Blog RSS Feed
H
Help Net Security
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
C
Cisco Blogs
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Proofpoint News Feed
D
Darknet – Hacking Tools, Hacker News & Cyber Security
有赞技术团队
有赞技术团队
Application and Cybersecurity Blog
Application and Cybersecurity Blog
O
OpenAI News
Security Latest
Security Latest
S
Securelist
Cyberwarzone
Cyberwarzone
D
Docker
S
Schneier on Security
V
Vulnerabilities – Threatpost
The GitHub Blog
The GitHub Blog
P
Privacy & Cybersecurity Law Blog
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research

MeriTalk

Eliminating Silos in IT/OT Cybersecurity Is a Funding Challenge, Not a Technical One The FedRAMP High Supply Crisis Is a Federal Security Problem – Not a Procurement Footnote How More Tightly Focused Software Development Initiatives Will Unlock Innovation Across Government Transforming Federal Cybersecurity Through Private Sector Innovation Evolving Zero Trust and Embedded AI – Federal Government Cybersecurity Predictions for 2026 Unlocking AI’s Potential in High-Assurance Environments Accelerate Agentic AI in the Federal Government: Top Takeaways Why Congress Must Reauthorize the Technology Modernization Fund Make Cybersecurity a Key Ingredient of Modernization How Spectro Cloud’s PaletteAI Secure helps agencies scale AI securely, compliantly, and confidently Fix the Foundation: How Hybrid Cloud and Trusted Data Enable Government AI New Google Workspace Cost-Saving Offer Available for U.S. Federal Government Reinventing FedRAMP in the Age of AI Balancing Security and Efficiency: The Federal IT Dilemma in the AI Era Meeting Evolving State and Local Cyber Threats AI Is the Solution to Stop AI Data Theft Enhancing U.S. Government Operations with AI and Human-Centered Design How FinOps Can Help Agencies Slash Cloud Costs in 5 Steps Will Quantum Computing Weaken or Strengthen Cybersecurity of Federal Systems? Improving Citizen and Federal Employee Experience with Virtual AI Assistants Strategies for Securing the Federal Supply Chain Reframing the U.S. Government’s Approach to Cybersecurity Oversight Three Steps Agencies Can Take to Meet Government’s AI Requirements The Impact of NIST’s PQC Standardization on the Federal Cybersecurity Ecosystem Generative AI is Revolutionizing Federal Government Operations NIST’s new PQC Algorithms and What They Mean for Federal Agencies Addressing the U.S. Quantum Labor Shortage Before It’s Too Late Addressing the Talent Shortage: How Digital Government Improves Satisfaction, Retention Here’s What We Can Learn (and Do) About Cybercrime from FBI’s Latest Internet Crime Report Implementing AI Assurance Safeguards Before OMB’s December Deadline The Next AI Wave: Quantum AI CDM’s Evolution to Non-Traditional Technology: Why Now and How Will it Succeed? Customer Expectations Require Agencies to Raise the Bar on Customer Experience, Report Shows Applying for Government Benefits Shouldn’t Be Difficult When It Comes to Identity Verification Four Federal Software Supply Chain Security Trends to Watch FedRAMP Baseline Transition Points to OSCAL-Native Tools What Zero Trust Means for Modern Government: Best Practices for Key Tenets Four Ways to Handle the IT Funding Crunch Agencies Need to Get Creative to Fill the Cyber Workforce Gap Customer Identity trends report shows control trumps convenience Federal Agencies Making Strides Toward Sustainability and Climate Action Executive Order 14028 | Improving the Nation’s Cybersecurity Depends on Data | All Data is Security Data Applying Geospatial Intelligence, AI/ML to Climate Change Challenge My Cup of IT: Angry at Arthritis, Hunting for Cures How the Federal Government Can Help Combat a Fragmented Internet Accelerating Cybersecurity for US Critical Infrastructure Getting in on the Ground Floor of the ‘New Observability’ Comply-to-Connect is Key to Zero Trust for DoD How Will Upcoming Cryptocurrency Regulations Affect Industry? My Cup of IT: Cup Cake for Kushner? Launching a New Era of Government Cloud Security Managing IT Complexity in Federal Agencies Agencies Must Modernize Zero Trust Approaches to Achieve Optimal Protection Five Essential Metrics for Measuring Federal Government CX Unlocking the Benefits of 5G and Beyond The Federal Factory of the Future: How AI is Transforming Manufacturing The Quantum Impact on Cyber How Next-Gen Computers Will Transform What’s Possible for Federal Government Agencies Must Take an Authentic Approach to Synthetic Data Biometrics and Privacy: Finding the Perfect Middle Ground Two-Way Street: Why Officials and Constituents Are Equally Responsible for Securing the Midterms The “Programmable World” Will Bring the Best of the Virtual World Into the Physical One Cyberattacks are a Common Occurrence and the Costs are Higher Than Ever Increasing Equity Through Data and Customer Experience The AI Edge: Why Edge Computing and AI Strategies Must Be Complementary How Metaverses and Web3 can Reshape Government Four Emerging Technology Trends set to Impact Government Most 5G Enables AI at the Edge Plugging Cyber Holes in Federal Acquisition Resilient Critical Infrastructure Starts with Zero Trust The Evolution of Government Tech Procurement Under CMMC 2.0 Zero Trust Requires Continuous, Tested Security for Federal Agencies How Multi-INT Fusion Accelerates Mission Intelligence for Real-Time Decision Advantage Three Things to Consider for Responsible AI in Government Legislation, White House Orders Show Agencies Opportunity for Hybrid Cloud Creating an Effective Framework for DoD’s Software Factories Realizing Upsides for Digital Security in the Hybrid Workplace A Future With AI and ML: The Power of Workforce Education Five Tips to Begin MFA Integration and Embrace Zero Trust The Vital Intersection Between Equity and Digital Transformation Equity as a Platform: Applying a New Mindset to Scale Innovation Harnessing the Right Data for Evidence-Based Equity From EO to Action: Human Factors of Enabling a Cyber Safety Review Board For Equity in Government Services, It’s Time to Change the Paradigm Critical Questions to Ask When Considering Explainable AI (XAI) for Your Federal Agency The Telework Model for Government: COVID Lessons for Building an Effective Workforce DevSecOps: 4 Steps for Mitigating the Next Cyber Attack in Your Federal IT Environment Better Cyber Hygiene Helps, but Federal Security Needs SASE Lift DoD, Feds Plot Top Cyber, Cloud Priorities for 2022 Cloud-Native Government: How to Transform With Intention DoD and VA Health Networks Face Growing Threat From Medical-Device Vulnerabilities New Federal Cybersecurity Requirements: How Agencies Should Implement a Zero Trust Architecture Protecting Our Nation Through Big Data Analytics Three Ways COVID-19 Altered Federal, State IT Budget Allocations Ransomware is More Than a Cybersecurity Issue From Me to We: Take the Mission Further With Multiparty Systems Anywhere, Everywhere: Integrating Your Virtual Workplace ‘I, Technologist’: Empowering Innovators in the Federal Workforce Mirrored World: Digital Twins Report for Duty Across Government Stack Strategically: Rearchitecting Government for What’s Next
How a Community Vigil Approach and Secure by Design are Critical to Software Cybersecurity
MeriTalk Sta · 2024-06-11 · via MeriTalk

By Travis Galloway, head of government affairs, SolarWinds

The threat landscape in cybersecurity continues to evolve at breakneck speed, with new challenges emerging daily. Among the most pervasive threats stem from sophisticated cyberattacks sponsored by nation-states. These attacks are a growing menace to private businesses and public agencies alike, promising severe consequences for our collective security.

Private sector businesses recognize that they can be targets of advanced nation-state hackers seeking to achieve their geopolitical goals. For instance, China has been known to engage in extensive cyber espionage campaigns aimed at stealing technology and intellectual property to overtake the U.S. economy and its businesses. It was recently reported that the Chinese-sponsored Volt Typhoon group also persistently targets vulnerabilities in critical systems like electric grids, water systems, and ports.

These evolving cybersecurity threats to our nation were a central theme at the recent SolarWinds Day: A Trusted Vision for Government IT panel event, where SolarWinds President and CEO Sudhakar Ramakrishna was joined by Congressman Raja Krishnamoorthi, D-Ill., and Christopher D. Roberti from the U.S. Chamber of Commerce.

“It’s a very scary thing if you think about it,” said Rep. Krishnamoorthi, reflecting on the growing nation-state threats facing the United States. “Operation Typhoon is meant to preposition malware in our utilities in water systems, electric grids, you name it.”

During the event, the panelists highlighted several important takeaways for shoring up our shared cyber defenses, supply chain, and other critical infrastructure. The discussion emphasized the importance of public-private partnerships, adopting a “Secure by Design” framework that ensures security is an integral part of the entire software development process, and promoting ongoing cybersecurity education to ensure all levels of an organization share the responsibility of bolstering our shared defenses.

The Enduring Importance of Public-Private Partnerships

Today, no single entity can combat sophisticated cybercriminals and nation-state adversaries alone. As the Cybersecurity and Infrastructure Security Agency (CISA) has highlighted, a collaborative effort among governments, private entities, and individuals is necessary if we are to address ongoing cyberwarfare successfully.

“No company, no matter how big or sophisticated, has a chance against a nation-state adversary,” said Roberti. “Therefore, the U.S. government needs to use its authority and capabilities together with the knowledge and resources of the private sector to tackle the threat.”

Part of this is the increasingly popular concept of a “community vigil,” where government agencies, private sector businesses, and other stakeholders work together to create a secure digital environment. This ongoing collaboration between governments and businesses underscores the significance of community-focused strategies to enhance national cybersecurity. By fostering transparent communication and resource sharing, organizations can reinforce our collective defenses – and harness a collective intelligence much greater than what any could achieve alone.

Setting New Standards Through a Secure by Design Framework

Cyber resilience involves more than just preventing cyberattacks. It also means being able to recover quickly and having strategies in place to detect and manage any breaches. This can be achieved by embracing Secure By Design guiding principles for software security and cyber resiliency. Informed by years of experience from industry-leading cybersecurity experts, the SolarWinds Secure by Design initiative is a gold-plated cybersecurity approach to software build systems and processes that provides an effective and novel defense for thwarting advanced supply chain cyber threats.

The proactive Secure by Design approach embeds security into software systems right from the start. By addressing security early in development, organizations can mitigate risks before they progress into serious threats. There are several ways to put Secure by Design into practical use. Engaging with governmental and regulatory bodies like CISA can enhance the flow of cyber threat information between public and private sectors.

Recently, CISA introduced the Secure Software Development self-attestation form to help organizations declare their cybersecurity commitments in a standardized, formal, and consistent manner. The form serves multiple purposes: it encourages organizations to evaluate their security postures, provides valuable data for benchmarking industry standards, and fosters a transparent environment where enterprises can learn from each other’s best practices.

Integrating Cyber Resilience as a Universal Responsibility

Driving a cultural shift to a Secure by Design posture requires clear communication from the top down that cybersecurity is a shared responsibility, where everyone plays a part in safeguarding the organization’s digital assets. This means that every individual in an organization, regardless of their level of technical expertise, must be aware of their role in maintaining a secure digital environment.

“Security information should be like a utility,” said Ramakrishna. “(Something) everyone should have access to (in order) to protect themselves. It shouldn’t be the job of just a few people.”

However, for this approach to work, ongoing education on the importance of cybersecurity and the steps that can be taken to ensure its success is essential for both technical and non-technical employees. This will help promote awareness and ensure that everyone understands their role and is prepared to play it well.

For executives at the highest level, this education is essential for making informed decisions, understanding how cybersecurity affects the business as a whole, and leading by example in promoting a culture of security awareness. For technical and IT staff, continuous learning helps them stay ahead of emerging threats, understand complex security tools and technologies, and implement best practices for threat mitigation. These initiatives make cybersecurity easier for everyone, even employees in non-technical roles, to understand and stress the importance of good digital practices to reduce human error – one of the primary causes of breaches.

Moving forward, embracing all of these strategies will not only enhance our collective cyber defenses but also set new industry standards – ones that prioritize security and resiliency of the systems we all rely on. As we continue to navigate a landscape marked by the ever-growing sophistication of cyber threats, our success in safeguarding the digital world will depend on our ability to adapt, innovate, and unite under this critical common goal.