On May 12, 2021, President Joe Biden issued the Executive Order on Improving the Nation’s Cybersecurity. This EO enumerates that “…the prevention, detection, assessment, and remediation of cyber incidents is a top priority and essential to national and economic security.” The EO contains a significant level of detail regarding areas of improvement for federal IT systems, as well as policy responses to be implemented by the government in support of greater security for private and public IT systems. The EO mentions in some detail the shift to zero trust security as a part of what is needed to combat cyber threats, as well as increased reliance on enhanced supply chain security.
The Open Group, an international vendor- and technology-neutral standards and certification consortium, has been actively engaged in establishing a consistent and coherent vision of Zero Trust and Zero Trust Architecture across industry, academia, and governmental organizations for the last two years. In fact, The Open Group pioneered the underlying principles behind Zero Trust, under the aegis of the Jericho Forum® and the guidance that came from the Jericho Forum over the past two decades, including the Jericho Forum Commandments and Jericho Forum Identity Commandments.
By Jim Hietala (VP, BD and Security), Andras Szakal (VP and CTO), John Linford Security and OTTF Forum Director) – The Open Group
In potentially the most damaging cyber-supply chain attack ever, a leading IT systems management vendor became the latest hi-tech company to suffer a major cybersecurity breach with wide-reaching consequences. The malware that caused the attack has been dubbed SUNBURST by Microsoft and code-named Solorigate by FireEye, the security consulting firm that uncovered the breach after falling victim to it late last year.
After successfully infiltrating the development environment, attackers were able to observe and learn how to subvert the vendor’s development and operations pipeline. Hackers were then able to maliciously taint the vendor’s product by planting a sophisticated trojan. Once the software, which required broad systems access, was installed in customers’ environments, the attackers were able to leverage the tainted software to exfiltrate sensitive information from within an organization’s network.
Schneider Electric, the leader in digital transformation of energy management and automation, and Aramco, the world’s pre-eminent integrated energy and chemicals company that drives global commerce and enhances the daily lives of people around the globe, today announced they have signed a memorandum of understanding to collaborate on assessing emerging technologies based on The Open Group Open Process Automation™ Standard (O-PAS). Testing will take place at a new built-for-purpose test bed in the Saudi Schneider Electric Innovation and Research Center in Dhahran Techno Valley, Saudi Arabia.
Since late in 2016, The Open Group Security Forum have been collaborating with San Jose State University and Probability Management to develop a Risk Analysis tool that adheres to The Open Group Open FAIR™ Standard.
With a view to creating a tool that helps accelerate the adoption of the Open FAIR standard, the tool provides both experienced and novice risk practitioners with a practical and pragmatic tool to help analyse perceived risk in a consistent and simple to use way, whatever industry they work in. It is now ready and we are pleased to make it available to use and evaluate for free.
The tech city of Bangalore was the venue for The Open Group India Conference and Awards held Feb 22 – 24, 2018.
Speakers and delegates from seventeen countries converged in Bangalore to participate in this international event, which was supported by the Ministry of Electronics and Information Technology, Government of India. Making Standards Work™ for Your Digital Agenda was the theme for this year, in line with the realization of the importance of standards.