CISA official: SolarWinds shows new approach needed for identity, critical asset protection

Organizations need to spend more time focusing on identity access management, according to a CISA official, which will require a shift in resources at the agency level and in the private sector following the SolarWinds hack.

The National Institute of Standards and Technology’s work on resiliency and risk management are steps in the right direction to help organizations understand how to withstand an attack, CISA’s Jay Gazlay said at a NIST private-sector advisory board meeting on Wednesday, but more can...