Washington, DC. The attack via software from the SolarWinds company taught the U.S. government that it should buy software that is secure, said Chris DeRusha, who serves as the federal director of Information Security and deputy director of the National Cyber Security Administration. Joe Biden.
During the first conferences of the Amazon Web Services (AWS) Summit in the US capital, DeRusha and CJ Moses, Director of Information Security at AWS, they remembered the Orion software hack, developed by the technology company Solar Winds, which caused several companies, including Microsoft; as well as government security agencies ─including the Pentagon and the Department of Homeland Security─ were infected with malware in 2020.
There were practices there that shouldn’t have been followed,” DeRusha said.
The speakers also recalled the executive order of the President of the United States through which, in May 2021, the National Cyber Directorate of the National Security Agency (NSA) and the creation of a NIST scheme linked to the defense and security of the software supply chain was promoted.
The Zero-Trust technology, which refers to the degree of trust owed to any participant in a computer network: none, and which has been developed between the US government and the cybersecurity industry, is another of the achievements that DeRusha mentioned as part of the new cybersecurity policy of the government of Joe Biden.
What we’re capable of now is building across agencies on a common foundation, with the performance indicators and metrics that we have. It’s a strategic approach,” he said.
cloud cybersecurity
One of the top cybersecurity officials in the United States said that governments, at least in the United States, have focused on the cloud since 2011, with the Cloud First policy. By 2017, institutions had already advanced in this technology and began to identify the gaps that I hadamong which security was among the main ones.
As you can see now, governments are very optimistic about moving to the cloud. There are a lot of things that agencies are going to have to learn to do,” he said.
The covid-19 pandemic, according to DeRusha, made the Chief Information Security Officers (CISOs) of US federal agencies more aware of the exposure they were subjected to. This forced agencies to start moving to software as a service (SaaS) models, which base their effectiveness on the cloud, to serve their population.
