Cyberscoop reports that
The White House has a message for America: it’s going to take a long time to sort through the fallout from the massive espionage operation spurred on by the SolarWinds breach uncovered late last year.
Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger stressed during a White House briefing Wednesday [February 17] that the way the suspected Russian hackers infiltrated a SolarWindsnetwork management software update with malicious code has made it more difficult for federal investigators to track down the details of the compromise.
Meritalk adds that
Officials from the Defense Department (DoD) and the Cybersecurity and Infrastructure Security Agency (CISA) said [on Friday February 19] that creating more effective defenses against sophisticated cyberattacks of the type used in the SolarWinds Orion hack may require further adoption of zero trust security concepts.
That was the news from Bob Kolasky, who heads CISA’s National Risk Management Center (NRMC), and Stacy Bostjanick, director of the Cybersecurity Maturity Model Certification (CMMC) Policy Office for DoD’s under secretary of Defense for Acquisition and Sustainment, who spoke during an online event organized by AFCEA International.
Both officials also discussed the growing likelihood that the CMMC security model will migrate in some form from its present use in ensuring minimum cybersecurity standards in the defense industrial base (DIB) to further areas of Federal government contracting. * * *
Zero trust security concepts incorporate much more rigorous and frequent evaluations of user and endpoint identities to allow access to networks. Kolasky agreed that something closer to a zero trust concept would be useful in that regard.
Discussing how to prevent software exploits, he suggested “really putting extra controls in place on things that have high levels of access, because that is where the risks are.” He continued, “that is where you go closer to zero trust,” adding, “you can’t go zero trust everywhere . . . but you can where the risk is higher.”
From the healthcare interoperability front, Healthcare Dive interviews the Don Rucker, National Coordinator for Health IT during the Trump Administration, and Fierce Healthcare interviews his successor Mike Tripathi.
From the HIPAA Privacy Rule front, the HHS Office for Civil Rights announced earlier this month the fifteenth and sixteenth settlements of HIPAA Privacy Rule individual right to access patient records cases.