HP Federal’s view on cyber starts at the end

Best listening experience is on Chrome, Firefox or Safari. Subscribe to Federal Drive’s daily audio interviews on Apple Podcasts or PodcastOne.

On this edition of Cyber Chat, host Sean Kelley sat down with Todd Gustafson, President of HP Federal and Tommy Gardner, CTO of HP Federal to discuss the evolution and future of cybersecurity.

“There’s a continuous investment and a continuous improvement that has to go on [with endpoint devices]. The reason is the threats are getting smarter, too,” Gardner said.

Gustafson said the transition away from perimeter defense to defense of the data is a critical shift in combatting different threat vectors.

“We like to think about endpoint security as protection any endpoint device, so it could be your printer or your manufacturing device that’s connected to your network. We like to think about three different levels of security: Below the operating system – think BIOS (Basic Input Output System); at the operating system and then above the operating system,” Gustafsan said.

Gustafson said the BIOS level became the next frontier for bad actors. “Stuxnet, at its core level, was a BIOS level intrusion. Even today, there are still no tools available for people to adequately monitor that.” Gustafson said HP’s focus is to build secure devices that can’t be infiltrated.

To do this, Gardner said industry has to work together with government and academia to set cyber standards. “NIST has the authority to make [new standards] for resilience, supply chain risk, and overall risk management mandatory for the federal government … and that’s leading the design efforts for future machines,” Gardner said.

Gustafson said the federal government is also a leader in leveraging block chain technology in supply chain security for endpoint devices. “From the design of the product, the manufacturing of the product, transportation, installation, and eventually recycling of those devices.”

In order to get stay ahead of cyber threats, Gardner said the key is involving Academia. “Relationships with strong academic institutions that are focused on the cyber area. Carnegie Melon is very engaged with industry and what DoD is doing with CMMC (Cybersecurity Maturity Model Certification) that will be rolled out in the next year,” Gardner said.