Embracing Digital Transformation

#125 Ways to Reduce Cybersecurity Risk

In this episode, Darren discusses leveraging the six cybersecurity domains to develop a Zero Trust Architecture to protect your resources, data, and critical infrastructure.

cybersecurity applicationsecurity zerotrust policy
Darren W Pulsipher

Cyber Threats

The types of cyber threats are constantly changing as bad actors continue to invest time and money into infiltration technologies. Keeping up with these changes is extremely difficult for organizations. this is prevalent in the recent cybersecurity numbers, which show little to no change in organizations’ ability to detect and remediate cyber threats to their infrastructure. The promise of zero-trust architecture solutions to protect against these ever-changing attacks seems hard to realize.

Cyber Security Six Domains

Before organizations can deploy a zero-trust architectural solution, they must understand the critical elements of deploying cybersecurity systems. These systems can be grouped into six cybersecurity domains. Understanding these domains help organizations build a resilient cybersecurity system.

img.png

  • Threat detection prevention intelligence analytics and management – This has been the primary focus of most cybersecurity products over the last ten years. Detecting cyber intrusion and remediating threats is the primary focus of most cyber security organizations.
  • Identity and access management - identity and access management are moving beyond users' traditional access controls to access control of users’ devices and applications to other assets in the organization, including devices networks and, most importantly, data.
  • Data and application security - this requires new thoughts of data and application encryption Techniques that encrypt data at rest, in transit, and in use. Silicon encryption is now available In client devices, server devices, and the cloud. Encryption of data and applications in use requires hardware-enabled confidential computing.
  • Supply chain security - securing the supply chain requires more than generating a bill of materials for hardware devices. Supply chains include hardware, firmware, software, and solutions.
  • Network security - New types of security topologies and control plane technologies are improving network security which can provide dynamic isolation of resources and infected assets in operational infrastructure.
  • Host and system security - Security is only as good as its weakest link, ensuring hosts and systems security, including boot guard technologies, are leveraged to guarantee devices have not been infiltrated with zero-day attacks or malware injected into the BIOS or firmware of the device.

Building Zero Trust Solutions

After organizations understand the six domains and the tools available in them, they should apply the guiding principles of zero trust architectures to those domains to build a cyber-resilient zero trust system.

img_1.png

These principles include:

  • Default deny - access to assets and resources is only granted through explicit requests following regulatory policies and defined processes.
  • Contextual authentication - provides mechanisms to authenticate users, devices, and applications based on temporal, policy, situational, and environmental contexts.
  • Granular control - provides direct access to groups of assets, individual assets, and even subsets of assets, for example, files in a file system directory or rows in a SQL database.
  • Dynamic and real-time - provide dynamic and real-time threat analysis and cyber security policy enforcement based on environmental and situational contexts.
  • Continuous monitoring - don't rely on event-driven architectures to provide complete and accurate status of assets and enterprise resources.
  • Continuous trust validation - validate that a person is authenticated and has access to assets and resources in the context of the current operating environment and the temporal space allocated for access.

When these principles are applied to the security domains, organizations can build a policy-driven zero-trust architecture that provides a responsive, resilient cybersecurity platform that reduces risk. However, process and organizational changes must be made to establish a policy administration role to define and enable policies that can be enforced through automated cybersecurity systems.

Secure Supply Chain

Creating a zero-trust solution does not mediate all an enterprise’s cyber-attack vulnerabilities. One area of concern is the security of the supply chain of IT solutions. Organizations must understand the solutions' five components to fully protect the supply chain: silicon, hardware, firmware, software, and systems integration. Each element of a solution how's a supply chain which includes suppliers of raw materials, manufacturers, integrators, deployment, and operations. The deployment and operations typically are performed by the consumer, but As organizations begin to provide XaaS offerings, they deliver the deployment and operations functions.

Organizations must understand the supply chain of each component in the stack. Understanding these five levels can be complex and overwhelming for anyone in the IT solution space. Simplifying this complex ecosystem can help organizations wrap their head around areas to improve and help mitigate risk. The first simplification comes in identifying physical and digital supply chain security.

img_2.png

Physical Supply Chain Security

The COVID-19 pandemic showed the world the fragility of our supply chain as factories shut down due to a lack of physical supply based on shortages of raw materials and their derivatives. This continued to be exacerbated by the outbreak of war in Ukraine as supply chain channels continued to be cut further. The complex global supply chain had a ripple effect across unrelated industries. For example, a chip shortage causes delays in the delivery of hundreds of thousands of automobiles to consumers and government agencies. Securing the physical supply chain is critical to our national security.

Significant efforts have been made to improve the physical supply chain by investing in local manufacturing through partnerships with the public and private sectors, like the passing of the CHIPS act and subsequent investment in central Ohio by Intel and other technology companies to build silicon and to hardware manufacturing facilities in the silicon heartland.

Digital Supply Chain Security

Identifying the components that comprise solutions and documenting their use and operating parameters have been standard procedures most organizations follow for hardware and physical product development. However, providing this same level of security for firmware software and solutions is not observed in the IT solution space. To improve this situation, organizations must look at the providers of the five solution component levels concerning the providers and set expectations for their deliverables.

img_3.png

  • Suppliers - Provide a bill of materials for all components in the solution stack, including software, COTS libraries and code, firmware, BIOS, hardware, and even Silicon manufacture components. Understanding the source location, version, and certification level is critical when evaluating vulnerabilities in an organization against assets in operations. The best example of this is the log4J vulnerability in 2022. many organizations have no idea how many applications depended on the log4J library and were exposed to cyber-attacks.
  • Manufacturers - Provide a chain of custody Ledger that shows who and what has accessed the product being developed through the development lifecycle process, including silicon, hardware, firmware, software, and solution stacks.
  • Integrators – Provide products with a hardware root of trust to assure consumers that solutions have not been tampered with or altered from the original manufacturer’s specifications and production manifest.
  • Deployment – Provide tested and certified manifests that can be checked against product delivery to guarantee no changes have been made during deployment.
  • Operation – Provide mechanisms to monitor and execute applications and IT solutions in trusted execution environments.

Data and Application Security

The last step in securing the supply chain is providing trusted execution environments for products to run securely and safely. To protect data and applications from cyber threats, including ransomware and data breaches, organizations must encrypt their data, at rest, in transit, and in use. Leveraging silicon in enabled encryption and decryption algorithms are critical in providing performance and reliability of application and data security.

New technology such as intel's SGX and TDX provides data encryption to prevent new cyber attacks on clear text memory execution. These technologies can be found in server and cloud service provider offerings under confidential computing.

img_4.png

Conclusion

The battle with cyber bad actors will not go away anytime soon. However, organizations can prepare themselves two better combat and mitigate risk. Applying zero trust principles to the six domains of cybersecurity will profoundly affect an organization’s ability to combat cyber bad actors and mitigate risk across their infrastructure.