A US Cyber Safety Review Board (CSRB) has launched a sweeping investigation of cloud-based identity and authentication infrastructure vulnerabilities to improve cyber security in the face of growing threats.
Reuters tells us in a report that the scope of this review includes a meticulous assessment of the recent Microsoft breach, which had far-reaching consequences, including the theft of emails from US government agencies.
Review on Cloud Security
In a recent press release, the Department of Homeland Security (DHS) revealed its plans for the comprehensive review, underscoring the vital role cloud computing plays in modern digital ecosystems.
This probing inquiry aims to shed light on the intricacies of cloud computing security and provide actionable recommendations to safeguard against malicious attacks.
"We must as a country acknowledge the increasing criticality of cloud infrastructure in our daily lives and identify the best ways to secure that infrastructure and the many businesses and consumers that rely on it," emphasized CSRB Chair and DHS Under Secretary for Policy, Rob Silvers.
The review's focus will be the recent breach of Microsoft's Exchange Online, a staggering intrusion that rocked the tech world. Initially reported in July 2023, the breach involved hackers exploiting a cryptographic key compromise and a coding flaw.
This enabled them to gain unprecedented access to the company's cloud email platform, leading to the exfiltration of sensitive emails from US government entities.
Read Also : X Executives Rock Australian Parliament with Shocking Revelations on Child Abuse Policies
Government Bodies Urged to Act
Microsoft's cloud breach prompted US Senator Ron Wyden to call for swift action from regulatory bodies. In a letter from Wyden, the Federal Trade Commission, the Cybersecurity and Infrastructure Security Agency (CISA), and the Justice Department were all urged to take a stand against the breach.
Secretary of Homeland Security Alejandro N. Mayorkas highlighted the importance of the CSRB's work, stating, "Cloud security is the backbone of some of our most critical systems, from our e-commerce platforms to our communication tools to our critical infrastructure."
The CSRB's focus on cloud-based identity and authentication infrastructure extends beyond the Microsoft incident. Its examination will encompass government and industry approaches and the roles of Cloud Service Providers (CSPs). The overarching goal is to equip organizations with actionable insights to enhance their cybersecurity practices in the cloud environment.
"The Board's findings and recommendations from this assessment will advance cybersecurity practices across cloud environments and ensure that we can collectively maintain trust in these critical systems," expressed CISA Director Jen Easterly.
According to a report by Bloomberg, Easterly proposed that Microsoft should "recapture the ethos" of what its co-founder Bill Gates called "trustworthy computing" back in 2002. During that time, Gates had advised employees to prioritize security over adding new features.
This initiative is not the CSRB's first foray into cybersecurity. Previous reviews analyzed vulnerabilities in the widely-used Log4j software library and dissected attacks attributed to the Lapsus$ hacker group.
Stay posted here at Tech Times.
Related Article : US Government Launches Cyber Contest to Harness AI for National Security