Washington University in St. Louis Professor Ning Zhang suggested recently there is plenty to learn from the recent cybersecurity breach that occurred involving SolarWinds, a private company, and its clients in the U.S. Government.
“This attack was special because it was a software supply chain attack, where a software update mechanism (which is generally a very good thing to protect yourself) was turned around to use as an attack vector,” said Zhang, who is an assistant professor of computer science and engineering in the McKelvey School of Engineering. “Most of the IT infrastructure in major organizations are not prepared to handle this type of threat.”
He suggested that the length that the attackers went to minimize risk was the other major feature, which ultimately led to the attack’s extensive impact.
“I think following one of the most fundamental principles in computer security – the principle of least privilege – goes a long way, because we can limit the impact of compromised components within the greater organization,” he added.
George Paras, A&G’s Editor in Chief and the Managing Director of EA Directions agreed with the academic.
“Professor Zhang makes some good points, by reinforcing the value of adhering to architecture principles for security,” said Paras. “The idea of identifying and following core principles is not only fundamental to security, but also applies broadly across all aspects of enterprise architecture.”