For many reasons, it's unreasonable to expect Central and State Governments to develop software that will protect their day-to-day operations. So, they depend on solutions provided by private companies. This helps the government to get access to best-of-breed solutions developed by experienced companies, and in return, the private firms get secure funds and help them to develop more advanced technology; a perfect win-win situation. But let's discuss the security implications of this relationship?
Recent incidents have exhausted any assumption that if governmental agencies, use any kind of software, it must be secure. And this isn't necessarily due to a shortage of assiduity on the government's side; some sort of security threats, like ones found further up the supply chain, are simply out of their hands.
In the USA SolarWinds, breach incident was, and still is, highly talked about, and it's for good reason. This incident is a stand-out example of the imputation of an attack that arises several degrees of separation away from where an application was actually being deployed. This is feasibly the most common definition of a supply chain attack, which trade-off governmental operations and critical infrastructure.
On May 12, 2021, President Biden issued Executive Order (EO) 14028, aiming to pay keen attention to potential threats introduced earlier in the supply chain. While the order mainly charged several agencies with injunctions that are still in the process of being fulfilled today, it set the groundwork for what can be expected moving ahead.
This most recent EO certainly isn't the first time that the government moves forward in to help fight cybersecurity threats. In 2013, the Obama administration issued EO 13636, which demarcates the charges of federal departments and agencies in upgrading the cybersecurity of critical infrastructure. As a result, NIST collected several key stakeholders to build what is known today as the Cybersecurity Framework (CSF). This framework imparts a common goal to help organizations understand and manage their current cybersecurity status. Significantly, it helps the organization understand the types of risks they face, and how they are ready to combat them. With this understanding, necessary improvements and modifications can be made to reduce risk.
The primary stakeholders of the CSF are private sector operators of critical infrastructures, such as pipelines and power grids, but the CSF has expanded to be embraced by a divergent set of organizations and governments across the globe. Few of the more remarkable companies that strengthen it include JP Morgan Chase, Microsoft, Boeing, Intel, Bank of England, and the Ontario Energy Board. While none of these companies are required to cling to the CSF, they took dominance of it to shape their plan of action and secure their businesses.
The public sector or critical infrastructure is to be affected by the recent cybersecurity executive order. The results of initiatives such as these tend to become guiding principles and effective standards in the industries in which they implement into their practice. These processes typically involve a series of the topic's greatest minds and experiences, regrouping behind one joint cause, the results of which are simply prudent and efficient.
So as a software developer, you may want to get ahead of the competitors and start developing as per the demand of the consumers of your products.
The recent pandemic was unexpected and unknown to most part of the world. It has changed our life and we are slowly adapting to our new lifestyle. The risks associated with the new lifestyle, both personal & corporate, are unknown to most of us.Read Details