What lessons can be learned from the latest cyber attack on the US State Department?

The news has just leaked out:

The US State Department was recently the victim of a cyber-attack.

The attack is believed to have taken place a few weeks ago, shortly after a Senate committee warned of the risk of a data breach.

What is surprising is that this is not the first time the State Department has been the subject of a cyber-attack. Indeed, it was one of dozens of federal agencies - and thousands of private data networks (more than 18,000 government and private computer networks) - hit by the massive SolarWinds breach in December 2020.

What then of the computer security lessons learned from the Department of Defense (DOD) "Zero Trust Reference Architecture"(1) and from the National Institute of Standards and Technology's Special Publication 800-207 on "COMPUTER SECURITY" devoted to the ZERO TRUST ARCHITECTURE (2)?

Is this just another example of the famous saying that it is the shoemaker who is the worst shod?

Or should we look further and analyse the content of the American ZERO TRUST concept to understand what has happened?

In fact, a closer look at the concept shows us that it is still focused on human behavior with the training of the staff in charge and the abundant hierarchy of cascading authorizations and privileges.

Is this not the heart of the matter?

We all know that the human factor is the weakest link in the IT security chain. No one is safe from a mistake and when the attacker has access to the credentials of the highest authorities in a system, he has access to everything he wants.

This is why we at PT SYDECO have created a close protection system, totally independent of the human factor and the type of attack, precisely because we are aware of this weakness and because antivirus software only works with a certain delay when it comes to new viruses. We call this system SP-One©.

SP-One© is inspired by the processes and mechanisms of our IMMUNE SYSTEM to protect our computer systems against any external aggression.

Since 29 January 2021, SP-One© has been subject to numerous daily attacks, each one equally unsuccessful. As of August 23, 2021, they totalled 1,117,745 attacks.

No one has succeeded in breaking through the protection of the program that SP-One© protects.

So isn't the best protection against cyber attacks the integration of SP-One© in a ZERO TRUST architecture using MICRO SEGMENTATION?

***

(1) Department of Defense (DOD) Zero Trust Reference Architecture

Version 1.0 February 2021 Prepared by the Joint Defense Information Systems

Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team

(2)This publication is available free of charge from

https://doi.org/10.6028/NIST.SP.800-207

Comments

KEUANGAN & DATA PRIBADI PEMAIN GAME ONLINE DALAM BAHAYA

Melindungi Gamer Online: Memahami Risiko dan Solusi Dalam beberapa tahun terakhir, dunia game online telah mengalami pertumbuhan eksponensial, sejalan dengan meningkatnya nilai aset game. Namun, lonjakan popularitas ini juga membawa segudang risiko yang mengancam para pemain dan operator. Dari upaya peretasan dan pencurian akun hingga transaksi yang tidak sah dan eksploitasi data, bahaya yang mengintai di dunia digital selalu ada. Mengingat tantangan-tantangan ini, sangat penting untuk menjelaskan pentingnya langkah-langkah perlindungan yang kuat dan solusi inovatif. Memahami Lanskap Aset game, yang terdiri dari mata uang virtual, item, dan akun, adalah sumber kehidupan ekonomi game online. Nilainya melampaui ranah virtual, bahkan sering kali melampaui transaksi di dunia nyata. Meskipun demikian, perlindungan konsumen tradisional yang diberikan oleh layanan perbankan dan pembayaran tidak ada di ranah game. Operator platform game sering kali mengadopsi pendekatan laissez-faire, membuat ...

Hospital Security in Question In a recent article titled "Cyberattacks: Public and Private Hospitals, Is the Worst Yet to Come?", Jean-Michel Tavernier1 provides a detailed analysis of why the medical sector is a prime target for hackers. He highlights the vulnerabilities that allow hackers to access sensitive data such as medical records, insurance information, and payment details. The compromise of this data can have severe consequences for individuals' privacy, financial security, and even personal safety, not to mention the financial damage to institutions and the risks to the quality of care provided to patients. System Vulnerabilities Tavernier points to the "excessive interdependence of the entire healthcare chain." Hospitals collaborate with a multitude of interconnected providers and partners, creating numerous opportunities for attackers. He suggests managing the attack surface (ASM), which means controlling and securing all entry points where unautho...

ERRARE HUMANUM EST The Inescapable Nature of Human Error and Its Implications in Cybersecurity To err is human; one could even say it is a defining characteristic of humanity. Who has never made a mistake, whether out of distraction, ignorance, or because it was provoked? No one is immune to making mistakes, and most of the time, they are forgivable, even if their consequences can be very damaging. However, the fundamental, unforgivable error is doing nothing to avoid situations that lead to mistakes. Thus, to minimize errors due to distraction, one should avoid multitasking (for example, a surgeon operating should not be distracted by a nurse recounting her latest adventures) and refrain from performing actio...

Sydeco Blog

Search This Blog