Zero Trust is the Only Way: President Bidens Executive Order Simplified – Security Boulevard

Category: NSA

President Bidens May 12 Executive Order made into policy what the NSA and leading cyber experts have long been advocating. Zero trust is the fundamental cybersecurity principle for combatting sophisticated cyber attacks. The prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security, President Biden says in his Executive Order. The Federal Government must lead by example. To do so, President Biden calls upon federal agencies and contractors to remove barriers to sharing threat information, deploy multi-factor authentication and encryption, and move towards Zero Trust security systems. On February 25, the NSA issued similar guidance, Embracing a Zero Trust Security Model.Communication and collaboration systems, including email, file sharing, and messaging systems, are a favorite target of attackers. Its easy to see why communications are where sensitive data lives and a successful attack on a communication system can give an attacker access to a trove of valuable information. As such, communication and collaboration systems are the logical first place to apply Zero Trust principles for improved cybersecurity.But what is Zero Trust and how is it different from legacy cybersecurity systems? In short, Zero Trust assumes that hacks are inevitable. It eliminates trust in perimeter defenses and ensures that data is secure if and when the network is breached.The NSA correctly identifies that the majority of cybersecurity defense strategies are based on perimeter defenses. The NSAs guidance states traditional perimeter-based network defenses with multiple layers of disjointed security technologies have proven themselves to be unable to meet cybersecurity needs The Zero Trust model eliminates trust in any one element, node, or service by assuming that a breach is inevitable or has already occurred. They go on to say that the NSA strongly recommends that a Zero Trust security model be considered for all critical networks and Defense Industrial Base critical networks and systems.Legacy cybersecurity systems try to prevent breaches by strengthening the perimeter around data. In effect legacy systems build taller and taller walls around networks through password protections and firewalls. The SolarWinds and Microsoft Exchange Server hacks that dominated their respective news cycles earlier this year only succeeded because of that treacherous logical fallacy. Taller walls do not mean a secure system.Modern hackers are sophisticated and inventive; it is only a matter of time before they outwit even the most robust defenses and breach the network perimeter. With perimeter defense based systems, once that breach occurs data is exposed. SolarWinds and Microsoft assumed that robust perimeter defenses will work, that administrators will be secure, and that passwords will protect accounts. This years attacks demonstrate that those assumptions are incongruous with the reality of todays cyberthreat landscape.Communication systems, particularly email and file sharing, are the most frequent target of hackers. Zero Trust communication and collaboration systems assume that breaches are inevitable. Despite best efforts, hackers will make their way into the network. Zero Trust systems ensure that, even when that inevitable breach occurs, data is protected. Access is limited within the network, so that a single point of failure cant bring down the whole organization. In line with their name, Zero Trust systems trust nothing and no one. Passwords arent trusted. IT administrators arent trusted. Anonymous communications arent trusted.Here are the five fundamental ways in which a modern Zero Trust system differs from a Legacy system.

Emails and files are stored on servers. Legacy systems assume that it is possible to protect servers and thereby protect data. Countless hacks have demonstrated that to be a faulty assumption.A Zero Trust system assumes that the server will be breached. It employs end-to-end encryption, meaning that data is never decrypted on the server. The server is unable to decrypt data, so when an attacker succeeds in compromising the server they see nothing but encrypted gibberish. Theyre unable to read emails, unlike in the case of Microsofts Exchange Servers, and theyre unable to access intelligible data, unlike in the case of the SolarWinds attack.This is where we come to a clear deficit in President Bidens Executive Order. The order reinforced the very dangerous and widely held misperception that encryption in transit and at rest is zero trust. That is not the case. Most legacy systems already encrypt data in transit and at rest. But what they dont do is ensure that the server doesnt have access to the keys used to decrypt the data when its in use. When an attacker breaches the server, they can find those decryption keys and access the data despite its encryption at rest. End-to-end encryption ensures that the server is unable to decrypt the data. Period. When an attacker breaches the server there is no way for them to decipher the gibberish of encrypted data that they find. They have compromised the server, but your data remains secure.

Legacy systems authenticate user identity using passwords. If a hacker can compromise a users password, they can virtually assume their identity and access that users data.Zero Trust systems understand that having guessable, stealable, breachable passwords is an invitation to hackers. Instead of using passwords to authenticate user identity, Zero Trust systems use private encryption keys stored on users devices. These keys are unguessable and tied to users physical devices, thwarting the possibility of a remote attack.

Legacy systems have all-powerful administrators who can independently carry out privileged actions, like accessing user accounts. Given their immense power, these IT administrators can serve as a single point of failure to bring down a whole network.Zero Trust systems understand that administrators are humans and humans are fallible. Administrators can be compromised or even go rogue. Zero Trust systems dont make their security dependent on the absence of human error. Instead, Zero Trust systems cryptographically distribute trust among a group of administrators.Similar to the strategy used to secure nuclear launch codes, cryptographic distribution of trust breaks up users access keys into fragments. Each admin gets a fragment and all the fragments together are required in order to carry out administrative activities. No single administrator can expose data or endanger the network.

Traditional email systems give attackers unlimited access to users. The attacker can flood the user with a barrage of phishing or spoofing attempts over an unbounded period of time and it only takes one user falling for one of those endless attempts to cause a breach.Zero Trust systems restrict communications to only pre-approved and authenticated communication partners, protecting against human error. A user cant fall for a phishing/spoofing attack if that communication is never able to reach them in the first place.The principle of restricting communication to only pre-approved people already exists everywhere from popular social media applications like LinkedIN and Facebook to secure communication applications like Whatsapp and Signal. For enterprises, PreVeil protects your teams communications from outside individuals. Making your team inaccessible to bad actors prevents data exfiltration more effectively than even the best corporate cyber hygiene policy.

Legacy systems are ineffective at exposing network infiltrators. As seen in the SolarWinds attack, hackers can enter a network and then cover up their tracks. This allows them to hide out as ghosts in a system, siphoning data over long periods of time before anyone even notices that the network is compromised.A good Zero Trust system employs tamper-proof logs to ensure that bad actors can be swiftly identified and cannot erase their tracks during an attack. All actions in the system must be logged automatically. Moreover, Zero Trust logs use cryptographic techniques similar to those used in blockchains to ensure that log entries are tamper-proof and cannot be deleted by anyone.These security principles arent theoretical constructs. Many Zero Trust principles, like end to end encryption and restricting access, are widespread in consumer systems like WhatsApp and Signal. These messaging systems are not designed for enterprises, however, so they dont have a concept of IT administrators or activity logs.PreVeil, an enterprise email and file sharing system, employs all five of the Zero Trust principles outlined above. Like consumer messaging systems WhatsApp and Signal, PreVeil is easy to deploy, intuitive to use, and inexpensive. PreVeil can be added to legacy communication systems, like Gsuite and Outlook365, without any changes to the existing IT system. The user experience is seamless for email and file sharing, with the simple addition of an encrypted inbox to existing accounts. Theres no new interface to learn, no new email address to update. Most importantly, in addition to bringing state of the art security, PreVeil helps organizations meet CMMC, NIST800-171, and ITAR compliance requirements for storing and sharing controlled unclassified information in email and files.In response to major breaches like those seen earlier this year with SolarWinds and Microsoft Exchange there is increased regulation for the defense and healthcare industries, as well as any industries handling financial and personal data. Organizations often respond to increased regulation by taking the steps required to become compliant without addressing the fundamental information security weaknesses that necessitated these new regulations. As the old adage goes, they miss the forest for the trees.This is a major moment in cybersecurity. The widespread accessibility of user-friendly, affordable Zero Trust systems like PreVeil makes achieving compliance and upgrading to true security easily achievable in one fell swoop. Ask us your questions on security or compliance our experts are ready to help.

The post Zero Trust is the Only Way: President Bidens Executive Order Simplified appeared first on PreVeil.

*** This is a Security Bloggers Network syndicated blog from Blog PreVeil authored by Orlee Berlove. Read the original post at: https://www.preveil.com/blog/zero-trust-is-the-only-way-president-bidens-executive-order-simplified/

More here:
Zero Trust is the Only Way: President Bidens Executive Order Simplified - Security Boulevard

IDR Final Rule updates NSA dispute resolution | United States | Global law firm - Norton Rose Fulbright - June 16th, 2026 [June 16th, 2026]
Where Is Edward Snowden Now? What to Know About the NSA Whistleblower's Life in Exile, 13 Years Later - People.com - June 16th, 2026 [June 16th, 2026]
Former NSA official: 'Timing couldn't have been worse' for FISA 702 to expire - WBFF - June 16th, 2026 [June 16th, 2026]
SHAREHOLDER ALERT: The M&A Class Action Firm Continues to Investigate the Merger--CZNL, NSA, CNBN, and ESQ - PR Newswire - June 16th, 2026 [June 16th, 2026]
Training, teamwork, and quick action save a life at NSA Philadelphia - MilitaryNews.com - June 12th, 2026 [June 12th, 2026]
NSA Insurance celebrates 100 years of selling a promise on the East End - The Suffolk Times - June 12th, 2026 [June 12th, 2026]
Ex Pakistan NSA Moeed Yusuf says fixing ties with India key to economic revival, regional trade ambitions - ThePrint - June 12th, 2026 [June 12th, 2026]
RSABI's Carol McLaren wins NSA Silver Salver for her work in the industry - The Scottish Farmer - June 12th, 2026 [June 12th, 2026]
Anthropic's Mythos model is reportedly powering NSA offensive cyber ops against China and Iran - the-decoder.com - June 7th, 2026 [June 7th, 2026]
NSA taps three officials for top cybersecurity positions - Nextgov/FCW - June 7th, 2026 [June 7th, 2026]
Anthropic is blacklisted by the Pentagon and being used by the NSA at the same time - TechSpot - June 7th, 2026 [June 7th, 2026]
NSA said to be readying Anthropics Mythos for use in cyber operations - TechCrunch - June 5th, 2026 [June 5th, 2026]
Former NSA John Bolton to plead guilty to retaining classified info - MS NOW - June 5th, 2026 [June 5th, 2026]
Trump executive order on AI gives central role to NSA - Breaking Defense - June 5th, 2026 [June 5th, 2026]
Anthropic Is Helping the NSA Hack China. It Also Wants Everyone to Pause AI - Yahoo - June 5th, 2026 [June 5th, 2026]
NSA using Claude Mythos for 'offensive cyber operations,' report claims says 'half-a-dozen' Anthropic engineers embedded inside the agency - Tom's... - June 5th, 2026 [June 5th, 2026]
NSA selects new leads for key cybersecurity posts - The Record from Recorded Future News - June 5th, 2026 [June 5th, 2026]
NSA Joins CISA and Partners to Release Guidance on Hardening Automatic Tank Gauge Systems - National Security Agency (NSA) (.gov) - June 5th, 2026 [June 5th, 2026]
FT: Anthropic staff helping the NSA use Mythos for offensive cyberattacks - Sherwood News - June 5th, 2026 [June 5th, 2026]
Anthropic Is Helping the NSA Hack China. It Also Wants Everyone to Pause AI - Decrypt - June 5th, 2026 [June 5th, 2026]
Anthropic Embeds Engineers at NSA to Deploy Mythos AI for Offensive Cyber Operations - MLQ.ai - June 5th, 2026 [June 5th, 2026]
The NSA has all the equipment and technology needed to track bandits but lacks the political will to do so -Stephen alleges Watch full interview:... - June 5th, 2026 [June 5th, 2026]
Anthropic aids NSA with Mythos to bolster offensive cyber operations - CHOSUNBIZ - Chosunbiz - June 5th, 2026 [June 5th, 2026]
NSA warns that cybercriminals are targeting this one critical component that the energy, chemical, food, agriculture, and transportation sectors rely... - June 5th, 2026 [June 5th, 2026]
Video | Ex-Trump NSA Adviser Pleads Guilty To Classified Info Leak | Zelenskyy Calls For Meet With Putin - NDTV - June 5th, 2026 [June 5th, 2026]
Former Trump NSA John Bolton to plead guilty over retaining classified documents: Report - WION - June 5th, 2026 [June 5th, 2026]
Anthropics Mythos being used by US NSA for cyber operations FT - Business Post - June 5th, 2026 [June 5th, 2026]
This day, that year: From Robert F. Kennedys assassination to Edward Snowdens NSA revelations how June 5 shaped the world - The Times of India - June 5th, 2026 [June 5th, 2026]
Strengthening the security architecture with NSA and HSA - The Guardian Nigeria News - June 5th, 2026 [June 5th, 2026]
Ex-US NSA Bolton to plead guilty over mishandling classified documents: Report - ANI News - June 5th, 2026 [June 5th, 2026]
The NSA, Mythos and the quiet emergence of AI cyber doctrine - csoonline.com - May 27th, 2026 [May 27th, 2026]
NSA warning on AI automation protocol raises fresh testing concerns for banks - QA Financial - May 27th, 2026 [May 27th, 2026]
Pentagon and NSA Form Joint AI Task Force to Deploy Frontier Hacking Models on Classified Networks - SOFX - May 27th, 2026 [May 27th, 2026]
Marco Rubio meets NSA Doval, discusses defence, security and strategic tech cooperation including TRUST in - The Economic Times - May 27th, 2026 [May 27th, 2026]
Two protesters detained under NSA to appear before advisory board in Lucknow today - The Times of India - May 27th, 2026 [May 27th, 2026]
General Paul M. Nakasone Director National Security Agency and staff carry a wreath to the Memorial Wall. - National Security Agency (NSA) (.gov) - May 20th, 2026 [May 20th, 2026]
NSA scandal: Court admits bank documents between Gifty Oware and ADB - Modern Ghana - May 20th, 2026 [May 20th, 2026]
Wiretapping trial: NSA, ICPC boss acknowledge conversation cited by in El-Rufai TV Interview - Business News Nigeria - May 20th, 2026 [May 20th, 2026]
NSA, ICPC El-Rufais Open Confession in Media Interview Witness Testifies - The Guardian Nigeria News - May 20th, 2026 [May 20th, 2026]
NSA issues strong warning to sports bodies over governance compliance - GhanaWeb - May 20th, 2026 [May 20th, 2026]
Witness: NSA confirmed wiretapped conversation referenced by el-Rufai was authentic - TheCable - May 20th, 2026 [May 20th, 2026]
NSA wiretapping: El Rufai returned to DSS custody, awaits bail - Pointblank News - May 20th, 2026 [May 20th, 2026]
Alleged Security Breach: NSA Confirmed Conversation Referenced By El-Rufai Was Authentic Witness - Channels Television - May 20th, 2026 [May 20th, 2026]
El-Rufai: NSA, ICPC chair confirmed tapped conversation Witness - Punch Newspapers - May 20th, 2026 [May 20th, 2026]
Imran Khan coup: 'US message to Pakistan was clear ...' says Tilak Devasher, frmr NSA board - The Economic Times - May 20th, 2026 [May 20th, 2026]
NSA Lady Saints two wins from claiming seventh consecutive V... - The Suffolk News-Herald - May 16th, 2026 [May 16th, 2026]
The imposition of NSA on Satyam Verma and Aakriti Chaudhary is a conspiracy to keep them in jail - Countercurrents - May 16th, 2026 [May 16th, 2026]
'No Sailor Lives Afloat' Initiative: NSA Naples Moves 54 Sailors from Shipboard Berthing to Shore - DVIDS - May 16th, 2026 [May 16th, 2026]
Workers protest: Day after invoking NSA, police say 1 cr transactions found in banks accounts of one accused | Hindustan Times - Hindustan Times - May 16th, 2026 [May 16th, 2026]
Press Club of India urges Uttar Pradesh govt. to withdraw NSA against journalist Satyam Verma - The Hindu - May 16th, 2026 [May 16th, 2026]
Uttar Pradesh police invoke NSA against two accused held during workers protest in Noida - The Hindu - May 16th, 2026 [May 16th, 2026]
Illegal Mining: FG Hands Over Foreign Terror Suspects To NSA - Channels Television - May 16th, 2026 [May 16th, 2026]
Noida Violence: NSA invoked against Satyam Verma and Aakriti Choudhary over alleged role in labour protest - Organiser - May 16th, 2026 [May 16th, 2026]
NSA invoked against two accused in Noida labour unrest case - Awaz The Voice - May 16th, 2026 [May 16th, 2026]
NSA invoked against two in April 13 workers stir in Noida - The New Indian Express - May 16th, 2026 [May 16th, 2026]
Homeland Security: Replace NSA Ribadu if you lack confidence in him ADC to Tinubu - Daily Post Nigeria - May 16th, 2026 [May 16th, 2026]
NSA sweeps Cape Henry for TCIS baseball and softball titles - The Suffolk News-Herald - May 9th, 2026 [May 9th, 2026]
News - NSA Naples Sailor Named Navy Military Fire Officer of the Year - DVIDS - May 9th, 2026 [May 9th, 2026]
Bergen's solo homerun lifts NSA into the TCIS Final - The Suffolk News-Herald - May 9th, 2026 [May 9th, 2026]
NSA members bring sheep farming into the classroom - Farmers Guardian - May 9th, 2026 [May 9th, 2026]
Amritpals mother confronts Mann: His NSA over, why arent you bringing him to Punjab? - The Indian Express - May 9th, 2026 [May 9th, 2026]
They Said They Were From NSA Ribadus Office, Seized My Husband In Abuja Hotel: Woman Cries Out Over Alleged Disappearance - Sahara Reporters - May 9th, 2026 [May 9th, 2026]
NSA Ajit Doval, Vietnam President discuss strengthening strategic partnership - The Sentinel - of this Land, for its People - May 9th, 2026 [May 9th, 2026]
Cyber Command, NSA chief warns foreign adversaries likely to target midterms - The Record from Recorded Future News - April 29th, 2026 [April 29th, 2026]
CISA flags data-theft bug in NSA-built OT networking tool - theregister.com - April 29th, 2026 [April 29th, 2026]
Decades-old pre-Stuxnet cyber sabotage tool breaks cover, NSA listed it as 'nothing to see here' fast16 targeted nuclear reactors, dam design, and... - April 29th, 2026 [April 29th, 2026]
The NSA Just Warned Everyone to Reboot Their Routers What to Do Right Now - National Cybersecurity Alliance - April 29th, 2026 [April 29th, 2026]
Former NSA Science Chief Warns Humanity May Be Missing Something 'Huge' About UFO Phenomena - International Business Times UK - April 29th, 2026 [April 29th, 2026]
Court rejects bid to halt trial of former NSA Deputy CEO - Ghanaian Times - April 29th, 2026 [April 29th, 2026]
The NSA: SLs missing link on the geopolitical stage - The Morning - April 29th, 2026 [April 29th, 2026]
Farmers seeking new pastures urged to try NSA's Graziers List - Craven Herald - April 29th, 2026 [April 29th, 2026]
Punjab Police takes Amritpal on 2-day remand following expiry of NSA detention - ThePrint - April 29th, 2026 [April 29th, 2026]
Report: NSA is currently using Anthropics unreleased Mythos model - Sherwood News - April 23rd, 2026 [April 23rd, 2026]
FBI And NSA Warnings IgnoredNo Fix For Millions Of Phones - Forbes - April 23rd, 2026 [April 23rd, 2026]
NSA Uses AI Mythos Even Though Anthropic is Blacklisted by the Pentagon - VOI.ID - April 23rd, 2026 [April 23rd, 2026]
NSA Running Blacklisted Anthropic AI: Warning for UK Banks - Disruption Banking - April 23rd, 2026 [April 23rd, 2026]
Amritpal Singh Taken into Punjab Police Custody After NSA Detention Ends in Dibrugarh - The Sentinel - of this Land, for its People - April 23rd, 2026 [April 23rd, 2026]
Cybersecurity, Claude Mythos, is Anthropic's model in the hands of the Nsa? - Il Sole 24 ORE - April 23rd, 2026 [April 23rd, 2026]
NSA Doval Meets Top Saudi Leaders, Focus On Security And Energy - The Times of India - April 23rd, 2026 [April 23rd, 2026]
NSA: stereotyping, ethnic profiling can weaken intelligence gathering - The Nation Newspaper - April 7th, 2026 [April 7th, 2026]

June 8th, 2021

No comments yet

Comments are closed.

Mediaboss Marketing

Zero Trust is the Only Way: President Bidens Executive Order Simplified – Security Boulevard

About

Pages

Categories

Media Sites

Recommended Sites

Archives