GovLoop

Facing Supply Chain Threats With Flexibility

An interview with Michael Epley, Chief Architect and Security Strategist, Red Hat

Cybersecurity threats have become more frequent, more varied and more sophisticated. While familiar attack vectors like phishing remain among the most common, new threats are gaining traction: One industry survey found that supply chain attacks on open-source software increased 650% in 2021. Because software supply chains are incredibly complex, firms such as Red Hat that partner with government agencies and help remove weak links from their supply chains are critically important.

Accept That It’s an Arms Race

“I think of it as an arms race,” said Michael Epley of Red Hat’s North America Public Sector. “Sometimes attackers will get the upper hand. But even when they have minor tactical successes, we can win with a broader strategy for defending our enterprises.”

Epley explained that modernizing their IT systems, adopting cloud resources and integrating operational technology (OT) systems into a common enterprise fabric can create vulnerability. That new complexity has led hackers to see supply chains as an easy point of attack, from which they can then move laterally through the system.

Epley noted that Executive Order 14028, “Improving the Nation’s Cybersecurity”, provides a roadmap to meeting these challenges. It calls on federal agencies to move toward zero trust and accelerate their transition to secure cloud. Zero trust can help reduce the impact of attacks through the supply chain by requiring verification every time one resource attempts to access another, he said.

3 Ways to Make it Stick

Epley has three recommendations to help organizations build resilience against attacks:

How Red Hat can Help

Red Hat is a good example of a vendor that can assume some of the security burden for its customers. The company provides systems that are “hardened by default,” Epley explained, “so that even if there is a vulnerability, the controls we ship with our products can help mitigate it.”

Red Hat creates secure supply chains for its customers, treating every system as if it were a production system, Epley said. “That means better cybersecurity data sharing across all those players — vendors, IT providers, our own internal cybersecurity team, as well as [customer] incident response [teams] and all the other partners that are affected.”

This article appears in our guide “Bright Ideas for Making Cyber Stick.” To see more about how agencies are implementing cybersecurity, download the guide.

Image by Tom from Pixabay
Exit mobile version