In today’s world, the internet and social media have made it easier than ever for people to receive news and information. But how accurate is that information, and how harmful is it to you? At the federal level, President Joe Biden recently signed a cybersecurity executive order stating the federal government is adopting a “zero-trust architecture.” But Indiana University professor and cybersecurity expert Scott Shackelford says a zero-trust architecture raises a couple questions: what is zero-trust security, and if trust is bad for cybersecurity, why do most organizations in government and the private sector do it? Zero trust is a security model that takes for granted that threats are omnipresent inside and outside networks and instead relies on continuous verification via information from multiple sources. Shackelford says this approach assumes the inevitability of a data breach -- instead of focusing exclusively on preventing breaches, zero-trust security ensures instead that damage is limited and that the system is resilient and can quickly recover. Shackelford says a consequence of too much trust online is the ransomware epidemic, a growing global problem that affects organizations of all sizes. There were at least 2,354 ransomware attacks on local governments, health care facilities and schools in the U.S. last year, and ransomware attacks are growing more sophisticated. Shackelford says a recurring theme in many of these breaches is misplaced trust in vendors, employees, software and hardware. Trust in the context of computer networks refers to systems that allow people or other computers access with little or no verification of who they are and whether they are authorized users. Shackelford says it’s not hard to see the benefits of the zero-trust model, but that there are barriers to achieving zero trust in government and private computer systems, including the fact that legacy systems and infrastructure are often impossible to upgrade to become zero trust. Additionally, even if it’s possible to upgrade, he says it is costly, time-consuming and potentially disruptive to redesign and redeploy systems, especially if they are custom-made. Peer-to-peer technologies, like computers running Windows 10 on a local network, run counter to zero trust because they rely mostly on passwords, not real-time, multifactor authentication, he says, and migrating an organization’s information systems from in-house computers to cloud services can boost zero trust, but only if it’s done right. Shackelford says when coupled with other initiatives outlined in the executive order – such as creating a Cybersecurity Safety Board and imposing new requirements for software supply chain security for federal vendors – zero-trust security takes the U.S. in the right direction. However, the executive order applies only to government systems, so it won’t stop all ransomware attacks, such as the one that recently targeted Colonial Pipeline. Shackelford says getting the country as a whole on a more secure footing requires helping the private sector adopt these security practices – and that will require action from Congress.
In other news, as vaccine rollout continues, some researchers say the country has hit a plateau in the number of people being vaccinated. For some, finding time off work to get their shots can be a barrier. Ross Silverman, a health policy and management professor at IU, says many people want to get vaccinated — but may not be able to take time off work to do so. Silverman says at this point in the pandemic, the biggest focus should be on helping people figure out where they can get the vaccines and then making sure people have times that are appropriate for them to get vaccinated. Silverman says some people may be worried about going out and taking the time to get themselves, or their family members, vaccinated. The federal American Rescue Plan includes a program that allows companies with less than 500 employees to apply for a tax credit to give paid time off to employees for vaccine-related appointments. Eligible employers can claim the tax credit for paid sick leave from April 1 through Sept. 30, and self-employed individuals may also claim the credit. Silverman said this program can help combat fears workers might have about getting vaccinated, and it also covers time off for any possible side effects they may experience. Since some people may have side effects that can leave them feeling lousy and needing to take a couple days off work, he says this program will allow employers to get a tax credit for giving that time off to their employees, which could be a game changer for people and a benefit for the entire community. He says by allowing employees time off to get vaccinated, it’s not only helping the employees, it also helps protect other people who come to the workplace, protecting their families, and more.