The SolarWinds hack and the never-ending stream of revelations about the attackers’ tools, techniques and other targets has been occupying the minds of CISOs and organization’s cyber defenders since mid-December.
The breach announcement came as a shock to many, but Greg Touhill, President of Appgate Federal Group, says that he wasn’t surprised – just disappointed.
“When I retired from government service as the US government’s [first] Federal CISO, I was already ‘all-in’ on the zero trust security strategy and extremely concerned about the integrity of the supply chain of our products and services,” he told Help Net Security.
“I certainly wasn’t alone: in 2019, my colleagues in the Information Technology Sector Coordinating Council and I participated with the Communications Sector and the government in an Information & Communications Technology Supply Chain Risk Management Task Force that identified numerous risks to our supply chain. Many of us forecasted the risk of an adversary penetrating a supplier’s software development lifecycle and deliberately insert a backdoor. We thought it a feasible scenario we ought to plan for as part of our…
