“We like to think about endpoint security as protection any endpoint device, so it could be your printer or your manufacturing device that’s connected to your network. We like to think about three different levels of security: Below the operating system – think BIOS (Basic Input Output System); at the operating system and then above the operating system,” Gustafsan said.
Gustafson said the BIOS level became the next frontier for bad actors. “Stuxnet, at its core level, was a BIOS level intrusion. Even today, there are still no tools available for people to adequately monitor that.” Gustafson said HP’s focus is to build secure devices that can’t be infiltrated.
To do this, Gardner said industry has to work together with government and academia to set cyber standards. “NIST has the authority to make [new standards] for resilience, supply chain risk, and overall risk management mandatory for the federal government … and that’s leading the design efforts for future machines,” Gardner said.
Gustafson said the federal government is also a leader in leveraging block chain technology in supply chain security for endpoint devices. “From the design of the product, the manufacturing of the product, transportation, installation, and eventually recycling of those devices.”
In order to get stay ahead of cyber threats, Gardner said the key is involving Academia. “Relationships with strong academic institutions that are focused on the cyber area. Carnegie Melon is very engaged with industry and what DoD is doing with CMMC (Cybersecurity Maturity Model Certification) that will be rolled out in the next year,” Gardner said.
A monthly show featuring interviews with experts in IT and Information Security discussing the latest trends and hottest cyber topics and challenges impacting the federal community. Follow Sean on Twitter. Subscribe on Apple Podcasts or Podcast One.