In the face of repeated major exploitations of critical U.S. networks, it is past time for the U.S. government to recognize that traditional security systems such as perimeter entry controls or whitelists are no longer adequate. As the SolarWinds hack proved, any security system can be penetrated with enough time and effort. Cybersecurity must be based on “zero trust,” which assumes that threats exist continually both inside and outside a network or cloud environment. A strategy of zero trust must provide, among other things, means for continuously monitoring every individual, organization, device, and piece of information on a network and validating their legitimacy. I have written more on this subject here.
Find Archived Articles: