Tag: Infosec

Trump’s Executive Order 14144 Overhaul, Part 2: Analysis of Post Quantum Cryptography Clauses

Trump’s Executive Order 14144 Overhaul, Part 2: Analysis of Post Quantum Cryptography Clauses

By | | Comments 0 Comment

While Part 1 explored how the amendment reinforced a sanctions-led approach and repositioned AI policy within the broader cybersecurity doctrine, this second instalment shifts focus to its most understated move — the cryptographic recalibration. Executive Order 14144’s treatment of Post-Quantum Cryptography (PQC) may appear procedural at first glance, but in its omissions and realignments lies a deeper signal about how the United States intends to balance resilience, readiness, and sovereignty in a quantum-threatened world.

Executive Summary

The June 2025 amendment to Executive Order 14144 quietly redefines the United States’ approach to Post-Quantum Cryptography (PQC). While it retains the recognition of CRQC as a threat and maintains certain tactical mandates such as TLS 1.3, it rolls back critical enforcement mechanisms and abandons global coordination. This signals a strategic recalibration, shifting from enforced transition to selective readiness. For enterprise CISOs, vendors, and cybersecurity strategists, the message is clear: leadership on PQC will now emerge from the ground up.

What the Amendment Changed

The Trump administration’s June 2025 revision to EO 14144 leaves much of the cryptographic threat framing intact, but systematically reduces deployment timelines and global mandates. Notably:

  • CRQC remains listed as a critical national threat
  • TLS 1.3 mandate remains, now with clarified deadlines
  • SSDF and patching guidance are retained
  • The CISA product list deadline is upheld

However, three key changes undermine its enforceability:

  • The 90-day procurement trigger for PQC tools is removed
  • Agencies are no longer required to deploy PQC when available
  • The international coordination clause promoting NIST PQC globally is eliminated

Why the International Clause Matters

The removal of the global coordination clause is more than a bureaucratic adjustment; it represents a strategic shift.

Possible Reasons:

  • Geopolitical pragmatism: Aligning allies behind NIST PQC may be unrealistic with Europe pursuing crypto-sovereignty and China promoting SM2
  • Avoiding early lock-in: Promoting PQC globally before commercial maturity risks advocating immature technologies
  • Supply chain nationalism: This may be a move to protect the domestic PQC ecosystem from premature exposure or standards capture
  • Sanctions-first strategy: The EO prioritises the preservation of cyber sanctions infrastructure, signalling a move from soft power (standards promotion) to hard deterrence

This aligns with the broader tone of the EO amendment, consolidating national tools while reducing forward-facing mandates.

From Mandate to Optionality: PQC Enforcement Rolled Back

The deletion of the PQC procurement requirement and deployment enforcement transforms the United States’ posture from proactive to reactive. There is no longer a mandate that agencies or vendors use post-quantum encryption; instead, it encourages awareness.

This introduces several risks:

  • Agencies may delay PQC adoption while awaiting further guidance
  • Vendors face uncertainty, questioning whether to prepare for future mandates or focus on current market readiness
  • Federal supply chains may remain vulnerable well into the 2030s

Strategic Implications: A Doctrine of Selective Resilience

This amendment reflects a broader trend: preserving the appearance of resilience without committing to costly transitions. It signifies:

  • A shift towards agency-level discretion over central enforcement
  • A belief that commercial readiness should precede policy enforcement
  • A pivot from global cyber diplomacy to domestic cyber deterrence

This is not a retreat, it is a repositioning.

What Enterprises and Vendors Should Do Now

Despite the rollback, the urgency surrounding PQC remains. Forward-thinking organisations should:

  • Inventory vulnerable cryptographic systems such as RSA and ECC
  • Introduce crypto-agility frameworks to support seamless algorithm transitions
  • Explore hybrid encryption schemes that combine classical and quantum-safe algorithms
  • Monitor NIST, NSA (CNSA 2.0), and OMB guidance closely

For vendors, supporting PQC and crypto-agility will soon become a market differentiator rather than merely a compliance requirement.

Conclusion: Optionality is Not Immunity

The Trump EO amendment does not deny the quantum threat. It simply refrains from mandating early adoption. This increases the importance of voluntary leadership. Those who embed quantum-resilient architectures today will become the trust anchors of the future.

Optionality may offer policy flexibility, but it does not eliminate risk.

References and Further Reading

  1. Executive Order 14144 (January 2025)
  2. EO Amendment (June 2025)
  3. NIST PQC Project
  4. NSA CNSA 2.0 Requirements
  5. OMB M-23-02 Memo on Cryptographic Inventory
Mastering Cyber Defense: The Impact Of AI & ML On Security Strategies

Mastering Cyber Defense: The Impact Of AI & ML On Security Strategies

By | | Comments 0 Comment

The cybersecurity landscape is a relentless battlefield. Attackers are constantly innovating, churning out new threats at an alarming rate. Traditional security solutions are struggling to keep pace. But fear not, weary defenders! Artificial Intelligence (AI) and Machine Learning (ML) are emerging as powerful weapons in our arsenal, offering the potential to revolutionize cybersecurity.

The Numbers Don’t Lie: Why AI/ML Matters

  • Security Incidents on the Rise: According to the IBM Security X-Force Threat Intelligence Index 2023 https://www.ibm.com/reports/threat-intelligence, the average organization experienced 270 data breaches in 2022, a staggering 13% increase from the previous year.
  • Alert Fatigue is Real: Security analysts are bombarded with a constant stream of alerts, often leading to “alert fatigue” and missed critical threats. A study by the Ponemon Institute found that it takes an average of 280 days to identify and contain a security breach https://www.ponemon.org/.

AI/ML to the Rescue: Current Applications

AI and ML are already making a significant impact on cybersecurity:

  • Reverse Engineering Malware with Speed: AI can disassemble and analyze malicious code at lightning speed, uncovering its functionalities and vulnerabilities much faster than traditional methods. This allows defenders to understand attacker tactics and develop effective countermeasures before widespread damage occurs.
  • Prioritizing the Vulnerability Avalanche: Legacy vulnerability scanners often generate overwhelming lists of potential weaknesses. AI can prioritize these vulnerabilities based on exploitability and potential impact, allowing security teams to focus their efforts on the most critical issues first. A study by McAfee found that organizations can reduce the time to patch critical vulnerabilities by up to 70% using AI https://www.mcafee.com/blogs/internet-security/the-what-why-and-how-of-ai-and-threat-detection/.
  • Security SIEMs Get Smarter: Security Information and Event Management (SIEM) systems ingest vast amounts of security data. AI can analyze this data in real-time, correlating events and identifying potential threats with an accuracy far exceeding human capabilities. This significantly improves threat detection accuracy and reduces the time attackers have to operate undetected within a network.

The Future of AI/ML in Cybersecurity: A Glimpse Beyond

As AI and ML technologies mature, we can expect even more transformative applications:

  • Context is King: AI can be trained to understand the context of security events, considering user behaviour, network activity, and system configurations. This will enable highly sophisticated threat detection and prevention capabilities, automatically adapting to new situations and attacker tactics.
  • Automating Security Tasks: Imagine a future where AI automates not just vulnerability scanning, but also incident response, patch management, and even threat hunting. This would free up security teams to focus on more strategic initiatives and significantly improve overall security posture.

Challenges and Considerations: No Silver Bullet

While AI/ML offers immense potential, it’s important to acknowledge the challenges:

  • Explainability and Transparency: AI models can sometimes make decisions that are difficult for humans to understand. This lack of explainability can make it challenging to trust and audit AI-powered security systems. Security teams need to ensure they understand how AI systems reach conclusions and that these conclusions are aligned with overall security goals.
  • Data Quality and Bias: The effectiveness of AI/ML models heavily relies on the quality of the data they are trained on. Biased data can lead to biased models that might miss certain threats or flag legitimate activity as malicious. Security teams need to ensure their training data is diverse and unbiased to avoid perpetuating security blind spots.

The Takeaway: Embrace the Future

Security practitioners and engineers are at the forefront of adopting and shaping AI/ML solutions. By understanding the current applications, future potential, and the associated challenges, you can ensure that AI becomes a powerful ally in your cybersecurity arsenal. Embrace AI/ML, and together we can build a more secure future!

#AI #MachineLearning #Cybersecurity #ThreatDetection #SecurityAutomation

P.S. Check out these resources to learn more:

NIST Artificial Intelligence Risk Management Framework (AI RMF 1.0): https://www.nist.gov/itl/ai-risk-management-framework) by National Institute of Standards and Technology (NIST)

Understanding The Implications Of The Data Breaches At Microsoft.

Understanding The Implications Of The Data Breaches At Microsoft.

By | | Comments 0 Comment
Note: I started this article last weekend to try and explain the attack path  “Midnight Blizzard” used and what Azure admins should do to protect themselves from a similar attack. Unfortunately, I couldn't complete/publish it in time and now there is another breach at Microsoft. (🤦🏿) Now, I had to completely redraft it and change the focus to a summary of data breaches at Microsoft and a walkthrough on the current breach. I will publish the Midnight Blizzard defence later this week.
Microsoft Data Breach

The Timeline of the Breaches

  • 20th-25th September 2023: 60k State Department Emails Stolen in Microsoft Breach
  • 12th-25th January 2024: Microsoft breached by “Nation-State Actors”
  • 11th-14th February 2024: State-backed APTs are weaponising OpenAI models 
  • 16th-19th February 2024: Microsoft admits to security issues with Azure and Exchange servers.
Date/MonthBreach TypeAffected Service/AreaSource
February 2024Zero-day vulnerabilities in Exchange serversExchange serversMicrosoft Security Response Center blog
January 2024Nation State-sponsored attack (Russia)Email accountsMicrosoft Security Response Center blog
February 2024State-backed APTs are weaponising OpenAI modelsNot directly impacting MS services
July 2023Chinese Hackers Breach U.S. Agencies Via Microsoft CloudAzureThe New York Times, Microsoft Security Response Center blog
October 2022BlueBleed Data Leak, 0.5 Million user data leakedUser Data
December 2021Lapsus$ intrusionSource code (Bing, Cortana)The Guardian, Reuters
August 2021Hafnium attacks Exchange serversExchange serversMicrosoft Security Response Center blog
March 2021SolarWinds supply chain attackVarious Microsoft products (indirectly affected)The New York Times, Reuters
January 2020Misconfigured customer support databaseCustomer data (names, email addresses)ZDNet
This is a high-level summary of breaches and successful hacks that got reported in the public domain and picked up by tier 1 publications. There are at least a dozen more in the period, some are of negligible impact, and others are less probable

Introduction:

Today, The digital landscape is a battlefield, and even tech giants like Microsoft aren’t immune to cyberattacks. Understanding recent breaches/incidents and their root causes, and effective defence strategies is crucial for Infosec/IT and DevSecOp teams navigating this ever-evolving threat landscape. This blog post dives into the security incidents affecting Microsoft, analyzes potential attack paths, and equips you with actionable defence plans to fortify your infrastructure/network.

Selected Breaches:

  • January 2024: State actors, purported to be affiliated with Russia leveraged password spraying and compromised email accounts, including those of senior leadership. This highlights the vulnerability of weak passwords and the critical need for multi-factor authentication (MFA).
  • January 2024: Zero-day vulnerabilities in Exchange servers allowed attackers to escalate privileges. This emphasizes the importance of regular patching and prompt updates to address vulnerabilities before they’re exploited.
  • December 2021: Lapsus$ group gained access to source code due to misconfigured access controls. This underscores the importance of least-privilege access and regularly reviewed security configurations.
  • Other incidents: Supply chain attacks (SolarWinds, March 2021) and data leaks (customer database, January 2020) demonstrate the diverse threats organizations face.

Attack Paths:

Understanding attacker motivations and methods is key to building effective defences. Here are common attack paths:

  • Social Engineering: Phishing emails and deceptive tactics trick users into revealing sensitive information or clicking malicious links.
  • Software Vulnerabilities: Unpatched software with known vulnerabilities offers attackers an easy entry point.
  • Weak Passwords: Simple passwords are easily cracked, granting access to accounts and systems.
  • Misconfigured Access Controls: Overly permissive access rules give attackers more power than necessary to escalate privileges and cause damage.
  • Supply Chain Attacks: Compromising a vendor or partner can grant attackers access to multiple organizations within the supply chain.

Defence Plans:

Building a robust defense requires a multi-layered approach:

  • Patch Management: Prioritize timely patching of vulnerabilities across all systems and software.
  • Strong Passwords & MFA: Implement strong password policies and enforce MFA for all accounts.
  • Access Control Management: Implement least privilege access and regularly review configurations.
  • Security Awareness Training: Educate employees on phishing, social engineering, and secure password practices.
  • Threat Detection & Response: Deploy security tools to monitor systems for suspicious activity and respond promptly to incidents.
  • Incident Response Planning: Develop and test a plan to mitigate damage, contain breaches, and recover quickly.
  • Penetration Testing: Regularly test your defenses by simulating real-world attacks to identify and fix vulnerabilities before attackers do.
  • Network Segmentation: Segment your network to limit the potential impact of a breach by restricting access to critical systems.
  • Data Backups & Disaster Recovery: Regularly back up data and have a plan to restore it in case of an attack or outage.
  • Stay Informed: Keep up-to-date on the latest security threats and vulnerabilities by subscribing to security advisories and attending industry conferences.

Conclusion:

Cybersecurity is an ongoing battle, but by understanding the tactics employed by attackers and implementing these defence strategies, IT/DevOps admins can significantly reduce the risk of breaches and protect their networks and data. Remember, vigilance and continuous improvement are key to staying ahead of the curve in the ever-evolving cybersecurity landscape.

Disclaimer: This blog post is for informational purposes only and should not be considered professional security advice. Please consult with a qualified security professional for guidance specific to your organization or mail me for an obligation free consultation call.

References and Further Reading:

Bitnami