The Cybersecurity EO, Firmware, and Kicking the Can
John Loucaides, VP of Federal Technology and Michael Thelander, Director of Product Marketing
About this talk
The president’s recent “Executive Order on Improving the Nation’s Cybersecurity” presents new perspectives and directions on preventing increasingly destructive ransomware and cyber attacks. While all ten sections in the executive order provide instructions for federal agencies and CISOs in the commercial sector, one in particular breaks away from traditional best practices and calls for new approaches:
Section 4, “Enhancing Software Supply Chain Security,” concentrates on strengthening and securing the complex, multi-headed software supply chain and puts a considerable emphasis on defining and detailing “critical software.”
Firmware is “critical software” in every sense of the term. But in NIST’s follow-up white paper detailing the term “critical software,” firmware was intentionally left for “later.”
In this session, Eclypsium’s Director of Product Marketing, Michael Thelander, and VP of Federal business, John Loucaides, will discuss:
- How firmware security is central to both the spirit and the letter of the executive order
- What it means to “kick the firmware can down the road,” why it’s counter to current attack trends, and what needs to be done when it’s included soon.
- What you can do–today–to build a Software Bill of Materials (SBOM) that includes critical and increasingly vulnerable firmware details
We’ll also explain how to break a huge executive order into immediately actionable and valuable chunks that deliver real value.
Eclypsium is the industry’s leading enterprise firmware protection platform - providing a new layer of security to protect your IT infrastructure from firmware attacks. Eclypsium defends enterprises and government agencies from vulnerabilities and threats hidden within firmware that are invisible to most organizations today.…