SolarWinds hacks in the software supply chain and recent ransomware attacks on the critical energy infrastructure company Colonial Pipeline have increased the importance of governments adopting a risk-based approach to cybersecurity.
About the author
Adam Vincent is the co-founder and CEO of ThreatConnect.
Shortly after disclosing the SolarWinds attack, the US Cyber Security and Infrastructure Security Agency (CISA) announced its systemic cyber risk mitigation venture. This is an effort to develop actionable metrics and quantify cybersecurity risks across critical US infrastructure sectors, focusing on the relationship between threats, vulnerabilities, and consequences.
Shortly after this, the UK’s National Cyber Security Center (NCSC) provided security teams and IT companies with advice and guidance on actions to take to minimize their impact on them and their customers. We used tools such as the Cyber Information Sharing Program (CiSP) to share technical information about whether an organization is at risk and what actions it needs to take if it is at risk. Industry and government initiatives will enable UK organizations to share cyber threat…
