Securing the forgotten risk vector: firmware

Show Notes

Firmware is ubiquitous in any IT environment. The code—usually hardwired onto a microchip—bridges the hardware and software in any computer, including Internet of Things devices and other surprising places. Because it is hidden and because it can be difficult to update, many IT organizations pay little attention to developing cybersecurity strategies. 

That omission can be a costly mistake. CGI Vice President Chris Lavergne and Director Dave Crawford, both cybersecurity experts, join CGI Voices host Pete Tseronis on this podcast episode to explain the current state of firmware and how agencies can better account for it in their planning.

Timestamps/Chapters
00:05:34 - Chapter: Grappling with an increasing target-rich environment--the IoT, firmware and smart technologies
00:09:28 - Chapter: What is firmware, anyway? 
00:17:38 - Chapter: Identifying resources and scoping out the challenge
00:31:14 - Chapter: Back to basics
00:34:47 - Chapter: The unique squishiness of the IoT
00:37:51 - Chapter: Asset visibility and vulnerability detection
00:43:27 - Chapter: Parting shots

Have feedback or want to contact a CGI expert? You can email us at Voicespodcast@cgifederal.com. 

Related links
 
How CDM concepts can aid a zero trust transition, by David Crawford and Chris Lavergne
Reduce the noise to strengthen agency cybersecurity defenses, by John Nemoto and Chris Lavergne
CGI Federal Cybersecurity services
Executive Order on Improving the Nation’s Cybersecurity
Known Exploited Vulnerabilities Catalog | CISA
Common Vulnerabilities and Exposures- CVE - CVE (mitre.org)
Common Platform Enumeration- NVD - CPE (nist.gov)
CISA BOD 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks

Producer: Michael Hardy
Engineer: Lexie Floor
Assistant Engineer: Donovan Samuel

Want to watch instead of listening? Find this podcast on our YouTube channel.

Learn more about us at www.cgifederal.com