Mitre's call to action
In response to the attack Charles Clancy, Chief Technology Officer of MITRE stated:
"First, we need to advance secure by design principles. Hardware and software needs to be secure right out of the box.
Second, we need to operationalize secure supply chains by taking advantage of the software bill of materials ecosystem to understand the threats in our upstream software systems.
Third, we should deploy zero trust architectures, not just multi-factor authentication, but also micro-segmentation of our networks.
Fourth, we need to adopt adversary engagement as a routine part of cyber defense. It can provide not only detection, but also deterrence to our adversaries. Adversaries are advancing new threats and new techniques"
IMO the first three are absolutely essential and long overdue basics for infosec given the current threat landscape. The fourth I'm not so sure about, depending on what it means in practice. If it means maintaining up to the minute intelligence, that's also basic and long overdue, but 'engagement' has me a bit worried if it implies active counterattack (as some folks do seem keen on).