Kelsey Hill, President, Hill Associates
Hill Associates, a Rockville, Maryland based small business specializing in IT infrastructure and cybersecurity services, has made predictions for Federal Government cybersecurity in 2021. While the COVID pandemic defined 2020 for the Federal Government, Brian Clary, Senior Vice President at Hill Associates, stated “The large-scale hack on Federal Agencies in December provides a reminder that cybersecurity threats remain a significant risk to Government systems.” Based on lessons learned and on-going impacts from these major events, as well as other major trends in the cybersecurity ecosystem, Hill Associates predicts the following for Federal cybersecurity in 2021:
Supply Chain
Under the recent large-scale cyber attack on Federal Government agencies and private sector firms, hackers were able to infiltrate Government systems through a malicious software update introduced via the Orion application from SolarWinds, a U.S. network-management company. The SolarWinds’ Orion application build system was compromised, and software updates became surreptitiously weaponized.
Tim Clinton, Hill Associates cybersecurity operations lead, pointed out that “this attack demonstrates that Federal Agency software supply chains remain vulnerable to cyber threats.”
In this cyber incident, attackers directly attacked the trust relationship that exists between the supplier and customer.
This is an important nexus in the growing software economy. Supply chains can be complex, globally distributed, and can consist of multiple tiers of outsourcing. As a result, agencies may have limited visibility into supply chain security controls. This is a critical issue, and we predict that the Federal Government will apply significant attention in 2021 to improving security of the software supply chain. This may include action in areas such as procurement and acquisition decisions; use of frameworks like FedRamp and DoD’s Cybersecurity Maturity Model Certification (CMMC) to validate supply chain security controls; Agency level supply chain risk assessment and management processes; and finally, the increased use of artificial intelligence and machine learning automated tools to provide agencies with deeper and faster insight into their supply chains.
