News & Events

Technology for New Cyber Policies

By

 

Recent developments suggest the U.S. may be nearing the end of a policy logjam surrounding cybersecurity:

  • October 13: SEC issued a new disclosure requirement related to cyber security risks and incidents
  • October 17: Executive Order issued pertaining to protecting classified information, specifically implementing insider threat and secure information sharing programs
  • November 8: SASC investigates counterfeit electronic parts within principally DoD inventory

From a technology standpoint, executing on these developments raises some difficult problems, in particular:

  • Supply chain controls for mostly open source commercial products
  • Detecting counterfeit hardware and firmware
  • Concurrently inspecting electromechanical parts and residing software code
  • Step function in computing speed and processing power to maintain real-time situational awareness and analysis for decision makers

We believe companies possessing the following capabilities will be most valuable in the near term:

  • Understanding the integration of hardware, firmware, and software from a cyber perspective
  • Understanding of how to visualize the three (above) architecture layers in a consolidated security information and event management (SIEM) graphical interface
  • Range / test / lab to persistently emulate and develop integrated environments
  • Scaleable offensive exploits in order to better understand the art of the possible from a nefarious perspective
  • Training environments that persistently emulate real-world scenarios in order to organically grow next generation expertise using a time-sensitive method