Description |
1 online resource (56 pages) : color illustrations, color portraits |
Contents |
Executive summary. -- Introduction. -- I. Sunburst explained. -- II. The historical roots of Sunburst. -- CCleaner. -- Kingslayer. -- Flame. -- Able Desktop. -- WIZVERA VeraPort. -- Operation SignSight. -- Juniper. -- Trendlines leading to Sunburst. -- III. Contributing factors to Sunburst. -- Deficiencies in risk management. -- Hard-to-defend linchpin cloud technologies. -- Brittleness in federal cyber risk management. -- IV. Toward a more competitive cybersecurity strategy. -- Seeking flow. -- Build better on what works (or could). -- Recommendations. -- Ruthlessly prioritize risk. -- Improve the defensibility of linchpin software. -- Enhance the adaptability of federal cyber risk management. -- Conclusion |
Summary |
The Sunburst crisis was a failure of strategy more than it was the product of an information-technology (IT) problem or a mythical adversary. Overlooking that question of strategy invites crises larger and more frequent than those the United States is battling today. Studying the Sunburst campaign, three overarching lessons become clear. First, states have compromised sensitive software supply chains before. The role of cloud computing as a target is what takes Sunburst from another in a string of supply-chain compromises to a significant intelligence-gathering coup. Second, the United States could have done more to limit the harm of this event, especially by better prioritizing risk in federal technology systems, by making the targeted cloud services more easily defensible and capable by default, and by giving federal cybersecurity leaders better tools to adapt and govern their shared enterprise. Third, Sunburst was a failure of strategy much more than it was just an IT risk-management foul-up or the success of a clever adversary. The United States government continues to labor under a regulatory model for software security that does not match the ways in which software are built, bought, or deployed. Observers should recognize Sunburst as part of a disturbing trend: an ongoing intelligence contest between the United States and its adversaries in which the United States is giving up leverage due to technical insecurity, deficient policy response, and a shortfall in strategy |
Notes |
"March 2021." |
Bibliography |
Includes bibliographical references |
Notes |
Online resource; title from PDF title page (Atlantic Council, viewed April 5, 2021) |
Subject |
Sun Microsystems -- Security measures
|
SUBJECT |
Sun Microsystems. fast (OCoLC)fst00638567 |
Subject |
Information warfare -- Strategic aspects
|
|
Cloud computing -- Security measures -- Strategic aspects
|
|
Computer software -- Security measures -- Strategic aspects
|
|
Espionage -- Prevention -- Government policy -- United States
|
|
Information technology -- Security measures -- Strategic aspects -- Government policy -- United States
|
|
Computer crimes -- Prevention -- Strategic aspects
|
|
Internet in espionage -- Prevention -- Strategic aspects
|
|
Security systems.
|
|
United States.
|
Form |
Electronic book
|
Author |
Loomis, Will, author
|
|
Schroeder, Emma, author
|
|
Scott, Stewart, author
|
|
Handler, Simon, author
|
|
Zuo, Tianjiu, author
|
|
Atlantic Council of the United States, publisher.
|
ISBN |
9781619771680 |
|
1619771683 |
|