Wave Systems Corp. (fka WAVXQ)

[Genz2]

The shutdown's cybersecurity costs

https://www.axios.com/government-shutdown-cybersecurity-essential-workers-029b10b1-06a0-4c7f-afcb-803347ff24a2.html


The government is on hiatus. Enemies of the U.S. are not.

Why it matters: During the government shutdown, essential personnel are exempt from the furlough — so in theory, anyone preventing cybersecurity calamities is still showing up for work. But experts believe the loss of support staff makes the cybersecurity effects of a shutdown bad in the short term and worse in the long term.

Show less

The fallout: Consider the difficulty of maintaining security in government networks before a government shutdown. Now try doing that with fewer people.
•"Defending federal networks is already an act of triage, due to personnel shortages, legacy IT overhang, uneven risk management practices and a hostile threat environment. Furloughs make a hard job even harder," said Andrew Grotto, a former White House cybersecurity adviser for Presidents Obama and Trump and a current employee of Stanford's Hoover Institution.
•While critical personnel are still on duty during a shutdown, he added, "What that means as a practical matter is that these people have to do even more than usual."

Those problems will stick around after the shutdown. It's likely, say multiple former federal employees Codebook spoke to, that federal networks will fall behind on basic hygiene tasks.
•"Government shutdowns tend to affect support activities disproportionately, such as hiring or vetting contracts. Thus, over time, personnel slots will go unfilled and contracts will expire, making it difficult to sustain the workforce or upgrade equipment," noted Michael Daniel, former White House cybersecurity coordinator and current president and CEO of the industry group Cyber Threat Alliance.

In the long term, this could do irreparable damage to the federal government's ability to hire cybersecurity talent.
•The unemployment rate for trained cybersecurity personnel is famously at 0%, the private sector pays better and the only advantage the government has in hiring is the importance of the work and the gratitude of a nation.
•Willingness to shutter the government doesn't speak too highly to the perceived value of the job or its employees.
•*Government people go to work because of the mission, and we’re kicking them in the teeth," said Phil Reitinger, president and CEO of the Global Cybersecurity Alliance.

Departments devoted to cybersecurity policies will grind to a halt.

•The National Institute of Standards and Technology, which is developing a widely awaited privacy framework, is seeing its staff reduce to 49 out of its normal cohort of roughly 3,000 employees.
•The Department of Homeland Security's newly christened Cybersecurity and Infrastructure Security Agency will be without a substantial amount of support staff. By DHS' tally, 43% of the workforce — over 1,500 employees — are furloughed.

Security-related investigations and prosecutions at the FBI and Department of Justice will continue with all employees carried over.

The bottom line: Furloughing cybersecurity staff creates both short-term and long-term vulnerabilities.
•"Cyber threats don’t operate on Washington’s political timetable, and they don’t stop because of a shutdown," said Lisa Monaco, former assistant to the president for homeland security and counterterrorism.

Go deeper: The fear of a painful shutdown is kicking in
=================================================================
Wave's products are ones that require less labor especially when concerned with limiting unknown devices from getting on the network. While this strategy/product (Wave ERAS) keeps the bad guys from entering the network, the more labor intensive strategy (governments'/companies') allows the bad guys on the network to be tracked and possibly subdued or not. imo. Better security at less than half the cost could be a good backup plan for shutdowns like this (much less critical labor needed) or probably a better plan than the existing one.
=================================================================
https://www.wavesys.com/products/embassy%C2%AE-remote-administration-server-tpm-management

Excerpts:

Secure device & user authentication

Sometimes it feels like security is more effective at deterring your users than hackers. But you still have to protect your enterprise resources, and we’re here to help. We take pride in securing your network, data, and resources to an unprecedented level, without causing a revolt from either IT or your users. In fact, your users probably won’t even know we’re there.

Here’s how it works:

Trusted Platform Module (TPM) + Wave’s ERAS for TPM Management = hardware-secured, fully-managed authentication

Most of your devices already come with TPMs (check out our “What is a TPM?” brochure if you’re not sure why this is exciting). This security chip comes attached to the motherboard of most enterprise-class PCs. There’s nothing “add-on” about it. The TPM provides a verifiable, unique identity for each machine.

Wave’s ERAS for TPM Management gives IT remote, centralized management of all TPMs on enterprise computers and tablets.

With this control, IT can set policies and dictate which machines and users have authority to access which resources. IT can ensure that only known and approved devices are accessing your network. And what’s more, IT can prove it with detailed activity logs.
================================================================
https://www.wavesys.com/products/wave-virtual-smart-card