July 19, 2023

Device Authority embraces transparency and international standards as the White House Names SBOMs as key pillar of Cybersecurity Implementation Plan

human and robot hand touching

In a significant stride towards strengthening cybersecurity practices and protecting the nation’s digital future, the White House has issued a formal National Cybersecurity Implementation Plan, and named the 5 pillars that it believes are critical to successfully implementing its cybersecurity strategy. Alongside greater international collaboration and shared standards, a joint ransomware task force and updated National incident response plan, Software Bill of Materials (SBOM) has been named as the key to ‘Shaping Market Forces and Driving Security and Resilience’ as outlined in initiative 3.3.2.

As a team that has been working with our partners for over a year now on building SBOM validation and remediation into KeyScaler to validate the integrity of devices prior to authentication, and to establish a secure mechanism to patch vulnerabilities at scale, we strongly support this doubling down on the transparency and accountability, and ultimately the supply chain security, that SBOM brings.

Let’s recap on what continuous assurance using a device’s SBOM offers:

  • Enhanced supply chain visibility
  • Proactive Vulnerability Management
  • Informed Risk Assessment and Mitigation
  • Swift and Effective Incident Response
  • Regulatory Compliance
  • End to End Device and Data Trust

…these powerful capabilities allow organizations to truly achieve Zero Trust in their connected device environment. As CISA continues to work with stakeholders to identify and reduce gaps in their scale and implementation, as well as explore requirements for a globally accessible database and international working group, SBOMs look poised to become an even more powerful tool in the arsenal for threat deterrence.

SBOM validation also has importance for one of the fastest growing technology trends today. Accompanying the increasingly challenging security landscape, the growth in AI and its potential use for combating cyber-crime cannot be ignored. However, many of today’s AI and ML tools implicitly trust the sources of data they rely on without first validating data integrity and provenance. This is directly counter to any Zero Trust Architecture. Device Authority KeyScaler is uniquely positioned to leverage the power of SBOM’s to establish explicit trust in the both the device and the data it produces, helping secure the potential of AI by creating a full AIoT “Trust Chain”. This is particularly pertinent for our partner Virginia Innovation Partnership Corporation (VIPC) who have established a Cybersecurity Testbed in conjunction with DHS, where some of the most innovative companies in the testbed are pushing the boundaries of AI and data sharing in their operations.

David Ihrie, CTO at VIPC commented in a recent conversation, “The ability for device identity management to work alongside SBOMs and identified training data sets to create explicit trust between AI and machine learning technology, enabling greater trust in the systems and outputs, is a huge step forward.  Every area of technology will be touched by AI and ML but attestation has always been a question mark with the potential to hold back its use. Device Authority continues to be a leader in this area, helping ensure device and data trust for AI, which is vital for fulfilling its potential.”

If you would like to learn more about Device Authority’s work with SBOM and the role KeyScaler can play in securing the use of AI and ML, get in touch. To see where your organization fits in CISA’s Zero Trust Maturity Model, take this short survey and learn where you can take proactive steps toward the “Optimal” Zero Trust approach.

To Learn More about VIPC, visit https://www.virginiaipc.org/

Tyler Gannon