By Ash Patel, Marketing Specialist. Recently we reached out to John Linford, Security & OTTF Forum Director, for The Open Group, to discuss his role, industry advice, updates within his Forum and lots more. Thank you again to John for his time and for giving us an expansive look into his Forum at large. Please see the full interview below:
By Ash Patel – Marketing Specialist, The Open Group
Recently we reached out to Joanne Woytek (Program Director for the NASA SEWP Program), to discuss her role as a Governing Customer Member Representative for The Open Group Governing Board.
On May 12, 2021, President Joe Biden issued the Executive Order on Improving the Nation’s Cybersecurity. This EO enumerates that “…the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.” The EO contains a significant level of detail regarding areas of improvement for federal IT systems, as well as policy responses to be implemented by the government in support of greater security for private and public IT systems. The EO mentions in some detail the shift to zero trust security as a part of what is needed to combat cyber threats, as well as increased reliance on enhanced supply chain security.
Aircraft safely is of interest to everyone around the world. To address aircraft safety there are certification processes in place where two organizations with the greatest involvement are the FAA (Federal Aviation Agency) in the US, and the EASA (European Union Aviation Safety Agency) in Europe.
Certification is how the FAA manages risk through safety assurance. It provides the FAA confidence that a proposed product or operation will meet FAA safety expectations to protect the public. Certification affirms that FAA requirements have been met.
In the world of technology, there are paradigms of language that arise organically and artificially over time. Necessity requires a shared mode of communication for ideas and as a result, descriptors, nouns, and technical designators are created and shared. The problem arises when certain words acquire a surfeit of meaning, so much so that they paradoxically become less meaningful. There are many examples of this but for our purposes, we’re going to look at “Supply Chain Security”.
By Jim Hietala (VP, BD and Security), Andras Szakal (VP and CTO), John Linford Security and OTTF Forum Director) – The Open Group
In potentially the most damaging cyber-supply chain attack ever, a leading IT systems management vendor became the latest hi-tech company to suffer a major cybersecurity breach with wide-reaching consequences. The malware that caused the attack has been dubbed SUNBURST by Microsoft and code-named Solorigate by FireEye, the security consulting firm that uncovered the breach after falling victim to it late last year.
After successfully infiltrating the development environment, attackers were able to observe and learn how to subvert the vendor’s development and operations pipeline. Hackers were then able to maliciously taint the vendor’s product by planting a sophisticated trojan. Once the software, which required broad systems access, was installed in customers’ environments, the attackers were able to leverage the tainted software to exfiltrate sensitive information from within an organization’s network.