January 22, 2021 | 3 minute read
President Donald Trump signed an executive order to prevent foreign malicious cyber actors from misusing United States Infrastructure as a Service (IaaS) products. In the executive order, dated January 19, President Trump explained that foreign malicious cyber actors were using IaaS products made in the United States to aid their efforts in stealing sensitive information as well as targeting U.S. critical infrastructure:
“Foreign actors use United States IaaS products for a variety of tasks in carrying out malicious cyber-enabled activities, which makes it extremely difficult for United States officials to track and obtain information through legal process before these foreign actors transition to replacement infrastructure and destroy evidence of their prior activities; foreign resellers of United States IaaS products make it easier for foreign actors to access these products and evade detection.”
The President subsequently ordered that five actions be taken. First, he commanded the Secretary of Commerce (Secretary) to submit minimum regulations that U.S. IaaS providers could use to verify the identity of a foreign actor who obtains an account with their offered technology solutions.
Those regulations must include the procedures for verifying a foreign person’s identity, the types of records that U.S. IaaS providers must maintain with respect to a foreign actor who maintains an account and methods for limiting third-party access to that information.
They must also seek to avoid imposing any undue burden on the U.S. IaaS providers while also allowing room for the Secretary to exempt providers under special circumstances. In accordance with the order, the Secretary must submit those regulations for notice and comment within 180 days of the order taking effect.
Second, the Secretary must submit regulations that issue prohibitions or conditions around any foreign person obtaining an account with a U.S. IaaS provider in a foreign jurisdiction where there is a large number of foreign actors misusing those technologies for malicious purposes.
Those prohibitions and conditions may also prevent an individual foreign actor from opening an account with any U.S. IaaS provider if they’re found to be offering such technologies for malicious cyber activities or using those technologies themselves for malicious purposes.
Towards that end, the regulations must take a number of factors into account including evidence that foreign malicious cyber actors have gained access to U.S. IaaS products within a foreign jurisdiction, the relationship of the United States to that foreign jurisdiction, the extent to which those individuals are misusing those products for malicious cyber activities and whether imposing prohibitions would create an undue competitive disadvantage for a U.S. IaaS provider.
The Secretary of Commerce has 180 days from the time that President Trump signed the order to submit those regulations for comment and review.
Third, within 120 days of the order, the Attorney General and the Secretary of Homeland Security will work with other agency heads to solicit feedback from industry heads on how to increase information sharing and collaboration among U.S. IaaS providers as well as between those providers and federal agencies.
The Attorney General and the Secretary of Homeland Security will submit a report summarizing their recommendations on how to increase those communication channels within 240 days of the order taking effect. Lastly, the Secretary will identify funding requirements to support the efforts of the order.
IaaS is a type of cloud deployment model where a customer rents a virtual server from another company that’s running a data center. This type of arrangement promotes access over ownership, notes Comptia, with organizations not responsible for those servers’ maintenance or operational costs. But is the effort too little too late given the timing of the Executive Order, literally on the last day of the former administration?
“He publishes it on day 1,459 of 1,460? That’s not a priority. It’s an afterthought. Also, it’s moot. The strategy is really up to Biden,” said Cybereason CSO Sam Curry.
“What matters is whether this is useful to Biden as a tool for his strategy, not the parting shot of the outbound President. This is a chip in a political game and not significant to cyber security unless there’s momentum and more to follow. It’s all up to Biden now.”
Organizations are struggling to secure their IaaS environments, however. As reported by CISOMAG, a 2020 study found that 45% of digital attacks involved a lack of visibility associated with the management of IaaS infrastructure. A majority (74%) of surveyed organizations said that they were using more than one IaaS provider at the time of analysis. Nearly half were using more than three.
To address the complexity of securing these environments, more than two-thirds of organizations said that they were relying on multiple tools. But that didn’t stop 97% of respondents from admitting that they were having trouble managing and governing access to their IaaS environments, thereby increasing the risk of a security incident.
Using a single tool’s single agent, organizations can spend less time chasing alerts and managing their endpoint security across the enterprise, including the cloud. They can then focus more of their time and effort on more important security initiatives.
Cybereason recently entered a partnership with Oracle to protect global enterprises against advanced cybersecurity threats at every endpoint and across the enterprise. Oracle and Cybereason share a vision for helping cybersecurity defenders reverse the adversary advantage.
Enterprise customers will benefit from the Cybereason Defense Platform machine learning prevention, detection and automated remediation capabilities, and the Oracle Cloud Infrastructure (OCI) will provide global scalability with microsecond latency and low costs.
Oracle and Cybereason also entered into a partnership to jointly market and sell solutions. Cybereason’s market-leading endpoint protection platform is optimized for delivery via Oracle’s second-generation global cloud regions. The solution is available through Cybereason and in the Oracle Cloud Marketplace, where customers can search for available applications and services to find the best business solutions for their organizations.
David Bisson is an information security writer and security junkie. He's a contributing editor to IBM's Security Intelligence and Tripwire's The State of Security Blog, and he's a contributing writer for Bora. He also regularly produces written content for Zix and a number of other companies in the digital security space.All Posts by David Bisson