Jun 4, 2021
In this OODAcast we provide insights into Zero Trust
architectures from an experienced practitioner, Junaid Islam.
Junaid is a senior partner at OODA. He has over 30 years of
experience in secure communications and the design and operations
of highly functional enterprise architectures. He founded Bivio
Networks, maker of the first gigabyte speed general purpose
networking device in history, and Vidder, a pioneer in the concept
of Software Defined Networking. Vidder was acquired by Verizon to
provide Zero Trust capability for their 5G network. Junaid has
supported many US national security missions from Operation Desert
Shield to investigating state-sponsored cyberattacks. He has also
led the development of many network protocols including Multi-Level
Precedence and Preemption (MLPP), MPLS priority queuing, Mobile
IPv6 for Network Centric Warfare and Software Defined Perimeter for
Zero Trust. Recently Junaid developed the first interference-aware
routing algorithm for NASA’s upcoming Lunar mission. He writes
frequently on national security topics for OODAloop.com.
We discuss Junaid’s approaches to zero trust networking. His
approach is to always start with the needs of the business. From
there he works with organizations to ensure a comprehensive
assessment of the existing architecture is done, since every
organization already has some elements of a zero trust approach in
play. Junaid highlights that one of the biggest mistakes he sees
organizations make is skipping this gap analysis and moving right
to purchase of products or services. This frequently ends up being
a negative to the project.
Today’s global businesses operate with many partners, providers
and suppliers and zero trust designs must be established with this
unique mix in mind to optimize the use of technology in support of
core business needs.
Junaid provides insights into many of the products he encounters
in zero trust architecture work.
Cybersecurity Sensemaking: Strategic intelligence to inform
your decisionmaking
The OODA leadership and analysts have decades of experience in
understanding and mitigating cybersecurity threats and apply this
real world practitioner knowledge in our research and reporting.
This page on the site is a repository of the best of our actionable
research as well as a news stream of our daily reporting on
cybersecurity threats and mitigation measures. See: OODA
Cybersecurity Sensemaking
From Solar Sunrise to Solar Winds: The Questionable Value of
Two Decades of Cybersecurity Advice
While the Ware Report of 1970 codified the foundations of the
computer security discipline, it was the President’s Commission on
Critical Infrastructure Protection report of 1997 that expanded
those requirements into recommendations for both discrete entities
as well as the nascent communities that were growing in and around
the Internet. Subsequent events that were the result of ignoring
that advice in turn led to the creation of more reports,
assessments, and studies that reiterate what was said before. If
everyone agrees on what we should do, why do we seem incapable of
doing it? Alternately, if we are doing what we have been told to
do, and have not reduced the risks we face, are we asking people to
do the wrong things? See:
From Solar Sunrise to Solar Winds: The Questionable Value of Two
Decades of Cybersecurity Advice
If SolarWinds Is a Wake-Up Call, Who’s Really Listening?
As the U.S. government parses through the Solar Winds software
supply chain breach, many questions still remain as to the motive,
the entities targeted, and length of time suspected nation state
attackers remained intrenched unseen by the victims. The
attack stands at the apex of similar breaches in not only the
breadth of organizations compromised (~18,000), but how the attack
was executed. See:
If SolarWinds Is a Wake-Up Call, Who’s Really Listening?
Executive Level Action In Response to Ongoing Massive Attacks
Leveraging Microsoft Vulnerabilities
This post provides executive level context and some
recommendations regarding a large attack exploiting Microsoft
Exchange, a system many enterprises use for mail, contact
management, calendar/scheduling and some basic identity management
functions. This attack is so large and damaging it is almost
pushing the recent Solar Winds attacks off the headlines. Keep in
mind that till this point, the Solar Winds attack was being called
the biggest hack in history. So this is a signal that the damage
from this one will also be huge. See:
Executive Level Action In Response to Ongoing Massive Attacks
Leveraging Microsoft Vulnerabilities