The Colonial Pipeline hack and the shutdown of the U.S.’s largest fuel pipeline was only one of many recent ransomware attacks on our nation’s hospitals, financial institutions and critical infrastructure. Can government IT departments alone shield public infrastructure from such malicious attacks, ransomware and the ensuing outages? President Biden’s executive order on improving the nation’s cybersecurity addresses this question, and outlines potential security gaps and relevant technology solutions. The order details specific types of technology, security best practices and other ways the federal government and the private sector can team up to crack down on cyberattacks.
The president’s order states that the U.S. “faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” And while the order states that “protecting our nation from malicious cyber actors requires the federal government to partner with the private sector,” it arguably implies that the private sector must include the strongest and most transparent protections, whatever their origins. This may accelerate the shift from commercial proprietary technology to open source software. Only by collaborating and innovating together can we bring all the best ideas to the table and examine them for their relative strengths and weaknesses. It’s unrealistic to think any one individual, company, or government department will be able to envision all lines of attack or build impenetrable code to defend against them.
The president writes that the government “must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services.” Security best practices are outlined, such as comprehensive authentication, authorization, encryption, and having consistent policies and controls in place. However, the challenge is exacerbated by modern, cloud-native application networks and cloud platforms. As applications migrate toward hybrid and multi-cloud environments, microservices instead of monoliths and containers instead of bare metal or virtual machines, zero-trust application networking becomes mandatory. One complication: not every application can be modernized at once, so security professionals need to find a way to address both modern and legacy platforms.
We can protect our nation’s infrastructure, but no one group can do it alone. If experts from government, private and public companies, as well as white hat enthusiasts join together, we’ll all be safer. Collaboration yields innovation— and in the security realm, the resulting solutions will benefit us all.