Executive Order 14028 and Zero Trust Architecture - Now We Must, But What It Means?

Presented at A New HOPE (2022), July 23, 2022, 4 p.m. (50 minutes).

The President's executive order on "Improving the Nation's Cybersecurity" (14028) issued on May 12, 2021 started a process, which was followed on January 26, 2022 by a "Federal Strategy To Move the U.S. Government Towards a Zero Trust Architecture." This calls for wide cooperation between government, public, and private sectors. The executive order also calls for "enhancing software supply chain security" with an emphasis for which open source software would be the most reasonable solution. As response to the recent war in Ukraine, major governments have asked the private sector to "shield up," increasing the urgency of adaptation on the private sector - and recent successful penetrations of critical systems overseas should be seen as a foreshadowing of things to come.

Zero Trust is a journey, and an over-hyped term. What does it mean in this context? The cornerstone these implementation requirements are built upon is the "identity management," not only for humans, but also for devices, instances, and services. "Once in a million" used to be a moniker for acceptable risk, but with the rate velocity of business and the volumes that transactions have reached, it may translate to seconds instead of years. And the elephant in the room: How do we manage identities without sacrificing privacy?


Presenters:

  • Harri Hursti
    **Harri Hursti (@harrihursti)** is a Finnish computer programmer and former chairman of the board and co-founder of ROMmon, where he supervised in the development of the world's smallest two-gigabit traffic analysis product that was later acquired by F-Secure Corporation. He is well known for participating in the Black Box Voting hack studies, part of a series of four voting machine hacking tests organized by the nonprofit election watchdog group Black Box Voting in collaboration with the producers of HBO documentary *Hacking Democracy* (2006). The studies demonstrated serious security flaws in the voting systems of Diebold Election Systems.

Links:

Similar Presentations: