Here are the most interesting items to land into The Cyber Hut inboxes this week.
So Ransomware is a Terrorist Act?
So it seems the US Department of Justice is raising the status of ransomware investigations to be treated with the same priority as with terrorist activity. Reuters reported on June 4th the DoJ was taking the action, likely on the back of the recent Colonial Pipeline attack. It seems this change in priority, will see evidence and investigation data centralised in Washington.
NIST Releases NISTIR Draft 8320 Hardware Enabled Security
NIST released a draft doc focusing on hardware security. In an age of cloudification and cloud migration strategies, many ignore the needs for hardware security, mainly as it’s someone else’s responsibility. Whilst the risk has certainly transferred to different parts of the supply chain for some, the focus on configuration verification, crypto verification and the use of configuration references is more relevant than ever. Take a look at the draft.
Identity as a Foundation of Zero Trust
William Lin founding member of ForgePoint Capital had an article in Security Week on the 26th May where he revealed the virtues of having identity at the foundation of zero trust designs. Whilst the ZTNA band wagon continues – many are struggling to find consistent design patterns. Network technology is bearing the brunt of buying decisions, but identity capabilities (especially for post login authorization decisions) really need to be put in as the foundation of data access decisions. How to apply controls on the device, user entity, resource and transaction event, if the identity ecosystem isn’t fully integrated and extenadble?
Are Password Managers Bad For Our Health?
I wrote last week questioning why we haven’t all moved to passwordless authentication yet? I compared using passwords to smoking – they’re bad for your health, yet we still carry on using them. Why? Well the incentives of our security decisions (to reference Ross Anderson) don’t seem aligned with a strategic and more importantly concious decision to get away from passwords altogether. Anyway, another week and another article on password managers. I’m not knocking IronNet (other vendors are available), but my point is really that password managers, whilst certainly better than choosing and managing poor password selection and storage directly, are simply masking the underlying problem, and removing the incentive to move to something more strategic.
The links above are to third party articles and blogs. They have no relation to The Cyber Hut. See our disclaimer policy for more details.
If you have a product newsletter, update or press release, please email us at firstname.lastname@example.org