MeriTalk: SolarWinds Hack Defense Points to Zero Trust, Federal Officials Say

“Officials from the Defense Department (DoD) and the Cybersecurity and Infrastructure Security Agency (CISA) said today that creating more effective defenses against sophisticated cyberattacks of the type used in the SolarWinds Orion hack may require further adoption of zero trust security concepts.

That was the news from Bob Kolasky, who heads CISA’s National Risk Management Center (NRMC), and Stacy Bostjanick, director of the Cybersecurity Maturity Model Certification (CMMC) Policy Office for DoD’s under secretary of Defense for Acquisition and Sustainment, who spoke during an online event organized by AFCEA International.

Both officials also discussed the growing likelihood that the CMMC security model will migrate in some form from its present use in ensuring minimum cybersecurity standards in the defense industrial base (DIB) to further areas of Federal government contracting…”

“Bostjanick said that CMMC compliance up to the level 3 rating would not have prevented an attack using similar methods as the SolarWinds exploit, although employing cybersecurity practices to the level 3 rating may have given some companies the ability to identify that such an attack was taking place.

‘You’re not going to get into the levels of stopping [that attack] until you get to levels 4 and 5,’ she said. ‘To really stop a SolarWinds [type attack], you almost have to go to a zero trust environment,’ Bostjanick said.

Zero trust security concepts incorporate much more rigorous and frequent evaluations of user and endpoint identities to allow access to networks…” Read the full article here.

Source: SolarWinds Hack Defense Points to Zero Trust, Federal Officials Say – By John Curran, February 19, 2021. MeriTalk.


This topic contains 0 replies, has 1 voice, and was last updated by  Jackie Gilbert 5 days, 14 hours ago.

  • Author
  • #119834

    Replies viewable by members only


You must be logged in to reply to this topic.


Questions?. Send us an email and we'll get back to you, asap.


©2021 G2Xchange all rights reserved | Community and Member Guidelines | Privacy Policy | About G2Xchange FedCiv

Opportunities. Starting Points.

About our Data

The Vault is a listing of expiring contracts, task orders, etc. within a certain set of parameters, to include:

  • Have an initial total estimated contract value of $10 million or above
  • Federal Civilian Only – DHS, Transportation, Justice, Labor, Interior, Commerce, Energy, State, and Treasury Actions
  • NAICS codes include: 511210, 518210, 519130, 519190, 541511,
    541513, 541519, 541611, 541618,
    541690, 541720, 541990
  • Were modified within the last 12 calendar months
  • The data represented is based on information provided by the government

Who has access? Please note that ALL G2Xchange FedCiv Members will receive access to all basic and much of the advanced data. G2Xchange FedCiv Corporate Members will receive access to ALL Vault content (basic and advanced).

Feedback/Suggestions? Contact us at and let us know what you think. 

G2Xchange FedCiv

Log in with your credentials for G2Xchange FedCiv

Forgot your details?