New tactics and strategies are required as cyber threats grow, become ever more complex, and change to match cyber resilience measures. Traditional theories and practices that shield a physical peripheral are no longer effective, especially in the increasingly prevalent remote workforce. These strategies must be regularly reviewed, frequently updated, and monitored because they cannot be static.
Organizations that support both the public and private sectors need to be much more aggressive than they were in the past and keep a close eye out for bad actors on all sides—internal and external, domestic and foreign. Systems for ensuring cyber resilience must develop the ability to respond to complex attacks on critical infrastructure, devices, and systems. The December 2020 hack on the SolarWinds software build environment highlights how risky the environment is right now and how concerned cyber resilience teams should be. The risk now affects the overall operation of the country rather than just one department or organization.
There is no denying that there is a broad consensus and shared creation of good practices in both business and government. SolarWinds is still committed to disseminating the lessons they have learned from the attack because they are adamant that openness and collaboration are the best ways to help stop and defend against future attacks. Their guiding set of values, Secure by Design, places an emphasis on software development, infrastructure, and people.
SolarWinds aligned the Next-Generation Build System with four key tenets of Secure by Design principles:
- Dynamic operations: Building only short-term software build environments that self-destruct after completing a specific task.
- Systematic build products: Ensuring build products can be made deterministically so any newly created byproducts will always have identical, secure components.
- Simultaneous build process: Creating software development byproducts, such as data models, in parallel to establish a basis for detecting unexpected modifications to the products.
- Detailed records: Tracking every software build step for complete traceability and permanent proof of record.
Setting the New Standard in Secure Software Development, their white paper, claims: That a good tool is the SolarWinds Next-Generation Build System.