Zero Trust is the Only Way: President Bidens Executive Order Simplified – Security Boulevard

Category: NSA

President Bidens May 12 Executive Order made into policy what the NSA and leading cyber experts have long been advocating. Zero trust is the fundamental cybersecurity principle for combatting sophisticated cyber attacks. The prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security, President Biden says in his Executive Order. The Federal Government must lead by example. To do so, President Biden calls upon federal agencies and contractors to remove barriers to sharing threat information, deploy multi-factor authentication and encryption, and move towards Zero Trust security systems. On February 25, the NSA issued similar guidance, Embracing a Zero Trust Security Model.Communication and collaboration systems, including email, file sharing, and messaging systems, are a favorite target of attackers. Its easy to see why communications are where sensitive data lives and a successful attack on a communication system can give an attacker access to a trove of valuable information. As such, communication and collaboration systems are the logical first place to apply Zero Trust principles for improved cybersecurity.But what is Zero Trust and how is it different from legacy cybersecurity systems? In short, Zero Trust assumes that hacks are inevitable. It eliminates trust in perimeter defenses and ensures that data is secure if and when the network is breached.The NSA correctly identifies that the majority of cybersecurity defense strategies are based on perimeter defenses. The NSAs guidance states traditional perimeter-based network defenses with multiple layers of disjointed security technologies have proven themselves to be unable to meet cybersecurity needs The Zero Trust model eliminates trust in any one element, node, or service by assuming that a breach is inevitable or has already occurred. They go on to say that the NSA strongly recommends that a Zero Trust security model be considered for all critical networks and Defense Industrial Base critical networks and systems.Legacy cybersecurity systems try to prevent breaches by strengthening the perimeter around data. In effect legacy systems build taller and taller walls around networks through password protections and firewalls. The SolarWinds and Microsoft Exchange Server hacks that dominated their respective news cycles earlier this year only succeeded because of that treacherous logical fallacy. Taller walls do not mean a secure system.Modern hackers are sophisticated and inventive; it is only a matter of time before they outwit even the most robust defenses and breach the network perimeter. With perimeter defense based systems, once that breach occurs data is exposed. SolarWinds and Microsoft assumed that robust perimeter defenses will work, that administrators will be secure, and that passwords will protect accounts. This years attacks demonstrate that those assumptions are incongruous with the reality of todays cyberthreat landscape.Communication systems, particularly email and file sharing, are the most frequent target of hackers. Zero Trust communication and collaboration systems assume that breaches are inevitable. Despite best efforts, hackers will make their way into the network. Zero Trust systems ensure that, even when that inevitable breach occurs, data is protected. Access is limited within the network, so that a single point of failure cant bring down the whole organization. In line with their name, Zero Trust systems trust nothing and no one. Passwords arent trusted. IT administrators arent trusted. Anonymous communications arent trusted.Here are the five fundamental ways in which a modern Zero Trust system differs from a Legacy system.

Emails and files are stored on servers. Legacy systems assume that it is possible to protect servers and thereby protect data. Countless hacks have demonstrated that to be a faulty assumption.A Zero Trust system assumes that the server will be breached. It employs end-to-end encryption, meaning that data is never decrypted on the server. The server is unable to decrypt data, so when an attacker succeeds in compromising the server they see nothing but encrypted gibberish. Theyre unable to read emails, unlike in the case of Microsofts Exchange Servers, and theyre unable to access intelligible data, unlike in the case of the SolarWinds attack.This is where we come to a clear deficit in President Bidens Executive Order. The order reinforced the very dangerous and widely held misperception that encryption in transit and at rest is zero trust. That is not the case. Most legacy systems already encrypt data in transit and at rest. But what they dont do is ensure that the server doesnt have access to the keys used to decrypt the data when its in use. When an attacker breaches the server, they can find those decryption keys and access the data despite its encryption at rest. End-to-end encryption ensures that the server is unable to decrypt the data. Period. When an attacker breaches the server there is no way for them to decipher the gibberish of encrypted data that they find. They have compromised the server, but your data remains secure.

Legacy systems authenticate user identity using passwords. If a hacker can compromise a users password, they can virtually assume their identity and access that users data.Zero Trust systems understand that having guessable, stealable, breachable passwords is an invitation to hackers. Instead of using passwords to authenticate user identity, Zero Trust systems use private encryption keys stored on users devices. These keys are unguessable and tied to users physical devices, thwarting the possibility of a remote attack.

Legacy systems have all-powerful administrators who can independently carry out privileged actions, like accessing user accounts. Given their immense power, these IT administrators can serve as a single point of failure to bring down a whole network.Zero Trust systems understand that administrators are humans and humans are fallible. Administrators can be compromised or even go rogue. Zero Trust systems dont make their security dependent on the absence of human error. Instead, Zero Trust systems cryptographically distribute trust among a group of administrators.Similar to the strategy used to secure nuclear launch codes, cryptographic distribution of trust breaks up users access keys into fragments. Each admin gets a fragment and all the fragments together are required in order to carry out administrative activities. No single administrator can expose data or endanger the network.

Traditional email systems give attackers unlimited access to users. The attacker can flood the user with a barrage of phishing or spoofing attempts over an unbounded period of time and it only takes one user falling for one of those endless attempts to cause a breach.Zero Trust systems restrict communications to only pre-approved and authenticated communication partners, protecting against human error. A user cant fall for a phishing/spoofing attack if that communication is never able to reach them in the first place.The principle of restricting communication to only pre-approved people already exists everywhere from popular social media applications like LinkedIN and Facebook to secure communication applications like Whatsapp and Signal. For enterprises, PreVeil protects your teams communications from outside individuals. Making your team inaccessible to bad actors prevents data exfiltration more effectively than even the best corporate cyber hygiene policy.

Legacy systems are ineffective at exposing network infiltrators. As seen in the SolarWinds attack, hackers can enter a network and then cover up their tracks. This allows them to hide out as ghosts in a system, siphoning data over long periods of time before anyone even notices that the network is compromised.A good Zero Trust system employs tamper-proof logs to ensure that bad actors can be swiftly identified and cannot erase their tracks during an attack. All actions in the system must be logged automatically. Moreover, Zero Trust logs use cryptographic techniques similar to those used in blockchains to ensure that log entries are tamper-proof and cannot be deleted by anyone.These security principles arent theoretical constructs. Many Zero Trust principles, like end to end encryption and restricting access, are widespread in consumer systems like WhatsApp and Signal. These messaging systems are not designed for enterprises, however, so they dont have a concept of IT administrators or activity logs.PreVeil, an enterprise email and file sharing system, employs all five of the Zero Trust principles outlined above. Like consumer messaging systems WhatsApp and Signal, PreVeil is easy to deploy, intuitive to use, and inexpensive. PreVeil can be added to legacy communication systems, like Gsuite and Outlook365, without any changes to the existing IT system. The user experience is seamless for email and file sharing, with the simple addition of an encrypted inbox to existing accounts. Theres no new interface to learn, no new email address to update. Most importantly, in addition to bringing state of the art security, PreVeil helps organizations meet CMMC, NIST800-171, and ITAR compliance requirements for storing and sharing controlled unclassified information in email and files.In response to major breaches like those seen earlier this year with SolarWinds and Microsoft Exchange there is increased regulation for the defense and healthcare industries, as well as any industries handling financial and personal data. Organizations often respond to increased regulation by taking the steps required to become compliant without addressing the fundamental information security weaknesses that necessitated these new regulations. As the old adage goes, they miss the forest for the trees.This is a major moment in cybersecurity. The widespread accessibility of user-friendly, affordable Zero Trust systems like PreVeil makes achieving compliance and upgrading to true security easily achievable in one fell swoop. Ask us your questions on security or compliance our experts are ready to help.

The post Zero Trust is the Only Way: President Bidens Executive Order Simplified appeared first on PreVeil.

*** This is a Security Bloggers Network syndicated blog from Blog PreVeil authored by Orlee Berlove. Read the original post at: https://www.preveil.com/blog/zero-trust-is-the-only-way-president-bidens-executive-order-simplified/

More here:
Zero Trust is the Only Way: President Bidens Executive Order Simplified - Security Boulevard

McConnell calls out Trump for hiring amateur isolationists at Pentagon, firing NSA director - The Hill - April 8th, 2025 [April 8th, 2025]
Trumps firing of NSA chief is rolling out the red carpet for cyber attacks - Politico - April 8th, 2025 [April 8th, 2025]
A conspiracy theorist convinced Trump to fire the NSA director - Vox - April 8th, 2025 [April 8th, 2025]
William Hartman Named Acting NSA Director Following Dismissal of Top Officials - ExecutiveGov - April 8th, 2025 [April 8th, 2025]
NSA and partners Issue Guidance on Fast Flux as a National Security Threat - National Security Agency (NSA) (.gov) - April 8th, 2025 [April 8th, 2025]
Security News This Week: NSA Chief Ousted Amid Trump Loyalty Firing Spree - WIRED - April 8th, 2025 [April 8th, 2025]
Head of NSA and US Cyber Command reportedly fired - Cybersecurity Dive - April 8th, 2025 [April 8th, 2025]
Trump fires Gen. Timothy Haugh from leadership of Cyber Command and NSA - DefenseScoop - April 8th, 2025 [April 8th, 2025]
Gen. Timothy Haugh, head of NSA and Cyber Command, is fired - CBS News - April 8th, 2025 [April 8th, 2025]
Trump's mixed tariff messaging and NSA director and deputy fired: Morning Rundown - NBC News - April 8th, 2025 [April 8th, 2025]
NSA Director and Deputy Reportedly Dismissed: What We Know - Newsweek - April 8th, 2025 [April 8th, 2025]
Haugh fired from leadership of NSA, Cyber Command - The Record from Recorded Future News - April 8th, 2025 [April 8th, 2025]
Trump administration fires head of NSA and U.S. Cyber Command, along with other top officials - CBS News - April 8th, 2025 [April 8th, 2025]
US Cyber Command, NSA Chief Gen. Timothy Haugh ousted by Trump admin - Breaking Defense - April 8th, 2025 [April 8th, 2025]
Face the Facts: Rep. Himes talks about firing of two top NSA officials - NBC Connecticut - April 8th, 2025 [April 8th, 2025]
NSA Issues Advisory on Fast Flux Cyberthreat - ExecutiveGov - April 8th, 2025 [April 8th, 2025]
Loomer, far-right activist, urged Trump to remove NSA director and others: Sources - ABC News - April 8th, 2025 [April 8th, 2025]
The NSA Sounds Security Alarm For Billions Of iPhone And Android Phones - HotHardware - April 8th, 2025 [April 8th, 2025]
NSA director fired after Trumps meeting with right-wing influencer Laura Loomer - The Verge - April 8th, 2025 [April 8th, 2025]
Trump fires head of NSA and Cyber Command - Nextgov - April 8th, 2025 [April 8th, 2025]
What are the national security concerns of Trump firing the NSA, Cyber Command head? - CBS News - April 8th, 2025 [April 8th, 2025]
Who is Timothy Haugh? The NSA chief fired amid cyber security concerns - Times of India - April 8th, 2025 [April 8th, 2025]
NSA, CISA, FBI, and International Partners Release Cybersecurity Advisory on Fast Flux, a National Security Threat - Hstoday - April 8th, 2025 [April 8th, 2025]
Senator King Responds to Reported Firing of NSA Director General Timothy Haugh - WAGM - April 8th, 2025 [April 8th, 2025]
NSA warned of vulnerabilities in Signal app a month before Houthi strike chat - CBS News - March 26th, 2025 [March 26th, 2025]
Trump said poised to fire NSA Mike Waltz for including journalist in top secret war chat - The Times of Israel - March 26th, 2025 [March 26th, 2025]
Not the last Waltz: Trump defends NSA after security breach - The Times of India - March 26th, 2025 [March 26th, 2025]
NSA warned about vulnerabilities in Signal prior to White House group chat fiasco - SiliconANGLE News - March 26th, 2025 [March 26th, 2025]
NSA warned the Signal app was vulnerable last month - WTIC - March 26th, 2025 [March 26th, 2025]
Codebreakers and Covert Agents: The Women Behind the NSA and CIA heads to Illinois State Museum - WAND - March 26th, 2025 [March 26th, 2025]
NSA warned about using Signal a month before leak of Houthi strike chat - CBS News - March 26th, 2025 [March 26th, 2025]
'Putin is giddy': NSA knew Signal was vulnerable to Russian hackers before security breach - AlterNet - March 26th, 2025 [March 26th, 2025]
RAW: NSA MIKE WALTZ EXPECTED TO VISIT GREENLAND - Local 3 News - March 26th, 2025 [March 26th, 2025]
US NSA likely to visit India in third week of April - Hindustan Times - March 26th, 2025 [March 26th, 2025]
Statement from Secretary Rubio and NSA Waltz on Call with Zelenskyy - Department of State - March 22nd, 2025 [March 22nd, 2025]
Europe must invest more in defence amid global shifts: Greeces NSA Ntokos - Firstpost - March 22nd, 2025 [March 22nd, 2025]
NSA Bahrain, NAVCENT Hold First-of-its-Kind Exercise Vigilant Resolve - navy.mil - March 22nd, 2025 [March 22nd, 2025]
Former NSA boss Osei Assibey Antwi picked up by NIB - GhanaWeb - March 22nd, 2025 [March 22nd, 2025]
WHAT THE TECH? NSA recommending weekly smartphone restarts & how it improves performance - Local 3 News - March 9th, 2025 [March 9th, 2025]
Ex-NSA cyber chief warns of devastating impact of potential DOGE-inspired firings - Breaking Defense - March 9th, 2025 [March 9th, 2025]
Former top NSA cyber official: Probationary firings devastating to cyber, national security - CyberScoop - March 9th, 2025 [March 9th, 2025]
Prime Targets Martha Plimpton On Her NSA Character & Why This Political Thriller Works: Never Trust People In Charge - Deadline - March 9th, 2025 [March 9th, 2025]
Former NSA Dep. Director, Gifty Oware-Mensah will see NIB over 80k ghost names allegations - GhanaWeb - March 5th, 2025 [March 5th, 2025]
Zelensky is not ready for peace talks, US NSA says - Mehr News Agency - English Version - March 3rd, 2025 [March 3rd, 2025]
More Than 100 Intelligence Staffers Will Be Fired Over Sexually Explicit Texts In NSA Chatrooms, Gabbard Says - Forbes - March 1st, 2025 [March 1st, 2025]
NSA says it is investigating potential misuse of chat platform - The Record from Recorded Future News - March 1st, 2025 [March 1st, 2025]
100-plus spies fired after NSA internal chat board used for kinky sex talk - The Register - March 1st, 2025 [March 1st, 2025]
Tulsi Gabbard says more than 100 intelligence officers will be fired for sexually explicit NSA chat messages - CNN - March 1st, 2025 [March 1st, 2025]
Elon Asked What Government Workers Did. The NSA Overshared - Schiff Sovereign - March 1st, 2025 [March 1st, 2025]
Tulsi Gabbard Fires 100 Intelligence Officers for Sex Chats on NSA-Hosted Tool - The Daily Beast - March 1st, 2025 [March 1st, 2025]
Elon Musk reacts to leaked chat alleging NSA, CIA officials discussed raising intersex babies as non-bina - The Times of India - March 1st, 2025 [March 1st, 2025]
What NSA, DIA agents said about Libs of TikTok, Ben Shapiro in leaked messages - The Times of India - March 1st, 2025 [March 1st, 2025]
NSA staff accused of lurid sex chats at work they were just discussing LGBTQ+ issues - PinkNews - March 1st, 2025 [March 1st, 2025]
Sen. Tom Cotton reacts to lewd NSA chats: 'We don't want these people anywhere near classified information' - Fox News - March 1st, 2025 [March 1st, 2025]
At least 100 NSA staffers to be fired for explicit chats during work hours - WDRB - March 1st, 2025 [March 1st, 2025]
Gifty Oware-Mensah on the run as NIB investigates NSA scandal - GhanaWeb - February 25th, 2025 [February 25th, 2025]
Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace - CyberScoop - February 25th, 2025 [February 25th, 2025]
NSA emphasizes strong defensive posture as it responds to report it hacked China - Washington Times - February 25th, 2025 [February 25th, 2025]
How the NSA Head of Accounts was undermined by his deputy for eight months after appointment - GhanaWeb - February 25th, 2025 [February 25th, 2025]
What Is Proteus in Zero Day? How the NSA Weapon Changes Everything - Collider - February 25th, 2025 [February 25th, 2025]
'Zelenskyy will sign the minerals deal, no matter': US NSA Mike Waltz on Trump's Ukraine plan - The Economic Times - February 25th, 2025 [February 25th, 2025]
EXCLUSIVE: Clearcover launches Illinois-based reciprocal exchange to jumpstart entry into NSA - Re-Insurance.com - February 12th, 2025 [February 12th, 2025]
Chief of Naval Operations Visits NSA Crane, Purdue University [Image 18 of 25] - DVIDS - February 12th, 2025 [February 12th, 2025]
Liminal Health Launches NSA ClearPath: Revolutionizing Reimbursement for Out-of-Network Providers - PR Newswire - February 12th, 2025 [February 12th, 2025]
Elon Musks D.O.G.E is giving the CIA and NSA nightmares now - MSN - February 12th, 2025 [February 12th, 2025]
NSA Ajit Doval likely to visit US along with PM Modi - The Economic Times - February 12th, 2025 [February 12th, 2025]
The NSA says do these 5 things with your phone right now - Fox News - January 30th, 2025 [January 30th, 2025]
NSA: Iraqi territory will not be used to attack neighboring countries Iraqi News Agency - ina.iq - January 30th, 2025 [January 30th, 2025]
NDC is not here to witch-hunt - Opare Addo to NSA staff - GhanaWeb - January 30th, 2025 [January 30th, 2025]
NSA Warns iPhone And Android UsersDisable Location Tracking - Forbes - January 19th, 2025 [January 19th, 2025]
Trumps incoming NSA: Hamas must have no role in governing Gaza - JNS.org - January 19th, 2025 [January 19th, 2025]
Trump NSA Disputes Report That Neocons Are Influencing MAGA Staffing - RealClearDefense - January 19th, 2025 [January 19th, 2025]
US NSA lauds Ajit Doval for pivoting ties to advanced future tech - The Times of India - January 9th, 2025 [January 9th, 2025]
Auto insurtech Clearcover expands into Texas NSA market with CGA launch - Re-Insurance.com - January 9th, 2025 [January 9th, 2025]
"Cannot Think Of A Better Way To End My Tenure": US NSA On His India Visit - NDTV - January 9th, 2025 [January 9th, 2025]
Heightened Security At U.S. Naval Academy And NSA Annapolis: Public Access Suspended Amid Increased Force Protection Measures - Bay Net - January 9th, 2025 [January 9th, 2025]
From The Seabed To The Stars: 10 Takeaways From U.S. NSA Sullivans Visit - Strategic News Global - January 9th, 2025 [January 9th, 2025]
NSA Sullivan to visit India to finalise important ongoing initiatives: White House - The Hindu - January 9th, 2025 [January 9th, 2025]
What NSA Jake Sullivans India Visit Signals For Nuclear And Tech Ties As US Lifts Curbs On Indian Entities - Swarajya - January 9th, 2025 [January 9th, 2025]
NSA Sullivan arrives today, seeks to strengthen AI, space, tech ties - The Tribune India - January 9th, 2025 [January 9th, 2025]

June 8th, 2021

No comments yet

Comments are closed.

Mediaboss Marketing

Zero Trust is the Only Way: President Bidens Executive Order Simplified – Security Boulevard

About

Pages

Categories

Media Sites

Recommended Sites

Archives