There’s an unsettling reality that the federal technology community is facing: the SolarWinds and Kaseya breaches could have happened to almost any other company. The vulnerabilities exposed during the incident weren’t unique; in fact, it was the type of increasingly sophisticated supply chain attack that adversaries are using more and more. It continues to serve as a wake-up call for every government agency and organization working within the Defense industrial base.
Similar to a lion targeting the most vulnerable antelope in the herd, hostile cyber actors will continue to target the weakest links within our federal IT supply chains. The Biden administration is rightly focused on raising the cybersecurity bar for technology partners, issuing the executive orders on cybersecurity and supply chain resilience and the recent memorandums focused on providing CISA access to endpoint detection and response solutions/endpoint monitoring systems, improving cybersecurity for critical infrastructure control systems, and securing on-premise software.
These are essential roadmaps to holding contractors accountable for cyber…
