Tech
NSA urges continuous checks to achieve zero trust | Computer Weekly
The US National Security Agency (NSA) has published its latest guidance on zero trust to secure US federal government IT networks and systems. This is the first of two guidance documents coming out of the NSA, providing “practical and actionable” recommendations that can be applied as best practice to secure corporate IT environments both in the public and private sectors.
In the Zero trust primer document, the NSA defines a “zero-trust mindset”, which means assuming IT environment traffic, users, devices and infrastructure may be compromised. To achieve this, the guidance urges IT security teams to establish a rigorous authentication and authorisation process for all access requests.
In the context of securing the integrity of government IT systems, it said that such a strategy enhances the security posture of networks by rigorously validating every access request, which prevents unauthorised changes, reduces risk of malicious code insertion, and ensures the integrity of software and supply chains
The main takeaway from the NSA regarding zero trust is to never trust users or devices that request network connectivity or access to internal resources. The NSA guidance calls for verification without exception, where dynamic authentication and explicit approval is used across all activities on the network, adhering to the principle of least privilege.
Specifically, the NSA’s latest guidance suggests that IT security teams should assume they are working in an IT environment where there is a breach, which means operating and defending resources under the assumption that an adversary already has a presence in the environment.
The NSA said IT security teams should plan for deny-by-default and heavily scrutinise all users, devices, data flows and requests. This means that IT security teams need to log, inspect and monitor all configuration changes, resource accesses and environment traffic for suspicious activity continuously.
The guidance also recommends explicit verification. This implies that access to all resources is consistently verified, using both dynamic and static mechanisms, which is used to derive what the NSA calls “confidence levels for contextual access decisions”.
Commenting on the guidelines, zero-trust expert Brian Soby, CTO and co-founder of AppOmni, said: “Across the guidance, the emphasis is on continuous logging, inspection and monitoring of resource access and configuration change, plus comprehensive visibility across layers.
“Read plainly, the NSA is suggesting that many programs are built around coarse checkpoints and limited signals, while the real risk lives inside enterprise applications, especially SaaS, where sensitive data and business workflows reside.”
Soby’s understanding of the new guidelines is that effective zero trust requires a thorough understanding of what users can and cannot do, instead of simply relying on their ability to authenticate through network directory services and the authorisation that successful authentication gives them.
“Many security programs still substitute directory groups and simplistic roles for true entitlement materiality, even though effective access in modern SaaS is shaped by application-native permissions, sharing rules, delegated administration, conditional controls and third-party OAuth grants.”
He noted that the NSA’s emphasis on monitoring resource access and configuration change implies that relying on coarse identity abstractions leaves IT security teams blind to the actions and permission shifts that create exposure and enable misuse.
“This gap also lines up uncomfortably well with the breaches and campaigns we are seeing now,” he added.
As an example, Soby said that recent intrusions tied to groups tracked as UNC6040 and UNC6395 have highlighted how attackers can bypass traditional, frontdoor-centred controls by abusing SaaS identities and integrations, including compromised OAuth tokens and third-party application access, to reach and extract data from SaaS environments.
“In that light, the NSA’s guidance supports a sharper conclusion: identity security programs that cannot truly understand user activities, behaviours and the materiality of entitlements inside applications do not match the principles of zero trust,” said Soby. “These often become more performative than effective, leaving security operations centre teams stuck with generic signals like logins when the meaningful attacker activity is happening inside the app.”
Today, Apple announced its new budget MacBook. At $599, it looks seriously impressive. While I haven’t tested its performance, battery life, or display just yet, it may end up being hard to beat at that price based on some of the specs alone.
But that doesn’t mean the competition isn’t there. I want to recommend a couple of Windows laptops deals that offer various advantages over the MacBook Neo, showing where the Neo has both strengths and weaknesses.
First, check out this Asus Vivobook 14, a laptop I’ve been happy to recommend as a budget computer for the past year. In many ways, this is the Windows version of a laptop like the MacBook Neo. It uses a highly-efficient ARM chip, the Qualcomm Snapdragon X, meaning it gets great battery life and performs admirably in daily tasks. It’s not quite as thin or light as the MacBook Neo, but it’s fairly portable for a laptop at this price.
Unlike the MacBook Neo, the Vivobook 14 comes with 16 GB of RAM and 512 GB of storage. That’s twice what you get in the MacBook Neo’s starting configuration. Right now, this configuration of the Vivobook 14 is on sale for $539. That’s a killer deal for those specs. It even comes with a healthier mix of ports, including HDMI, two USB-A, one USB-C, and a headphone jack. That also means it can support two external displays unlike the MacBook Neo, which can only handle just one.
Don’t get me wrong—I’m not at all saying the Vivobook 14 is a slam dunk over the MacBook Neo. Based on specs alone, I know the Vivobook 14 is a serious step down when it comes to the display. It’s less sharp, stretched across a larger screen, and the color performance isn’t so good. The Vivobook 14 maxes out at 280 nits, whereas Apple says the MacBook Neo can go all the way up to 500 nits. I have a hunch that the MacBook Neo will deliver a much better display in just about every regard.
There’s also the touchpad. It’s a little clunky to use, which is typical of budget Windows laptops. This is just a guess—but the touchpad on the MacBook Neo will likely feel smoother. It’s a mechanical trackpad (unlike the MacBook Air’s haptic feedback trackpad), but Apple has almost never made a bad trackpad.
If you’re not convinced by the Asus Vivobook 14, I’d also recommend the HP OmniBook 5, which is currently on sale for $500 and uses the same Snapdragon X chip. While it only has 256 GB of storage, it has a much better screen than the Vivobook 14, using an OLED display. It’s not any brighter than the Vivobook 14, but it gives you far better color performance and contrast. It’s also just 0.50 inches thick, matching the MacBook Neo exactly in portability.
Other Good USB Hubs to Consider
Ugreen Revodok Pro 211 Docking Station for $64: Most laptop docking stations are bulky gadgets that often require a power source, but this one from Ugreen straddles the line between dock and hub. It has a small, braided cable running to a relatively large aluminum block. It’s a bit hefty but still compact, and it packs a lot of extra power. It has three USB ports (one USB-C and two USB-A) that each reached up to 900 MB/s of data-transfer speeds in my testing. That was enough to move large amounts of 4K video footage in minutes. The only problem is that using dual monitors on a Mac is limited to only mirroring.
Photograph: Luke Larsen
Hyper HyperDrive Next Dual 4K Video Dock for $150: This one also straddles the line between dock and USB hub. Many mobile docks lack proper Mac support, only allowing for mirroring instead of full extension. The HyperDrive Next Dual 4K fixes that problem, though, making it a great option for MacBooks (though it won’t magically give an old MacBook Air dual-monitor support). Unfortunately, you’ll be paying handsomely for that capability, as this one is more expensive than the other options. The other problem is that although this dock has two HDMI ports that can support 4K, though only one will be at 60 Hz and the other will be stuck at 30 Hz. So, if you plan to use it with multiple displays, you’ll need to drop the resolution 1440p or 1080p on one of them. I also tested this Targus model, which is made by the same company, which gets you two 4K displays at 60 Hz but not on Mac.
.png)
Anker USB-C Hub 5-in-1 for $20: This Anker USB hub is the one I carry in my camera bag everywhere. It plugs into the USB-C port on your laptop and provides every connection you’d need to offload photos or videos from camera gear. In our testing, the USB 3.0 ports reached transfer speeds over 400 MB/s, which isn’t quite as fast as some USB hubs on this list, but it’s solid for a sub-$50 device. Similarly, the SD card reader reached speeds of 80 MB/s for reading and writing, which isn’t the fastest SD cards can get, but adequate for moving files back and forth.—Eric Ravenscraft
Kensington Triple Video Mobile Dock for $83: Another mobile dock meant to provide additional external support, this one from Kensington can technically power up to three 1080p displays at 60 Hz using the two HDMI ports and one DisplayPort. It’s a lot of ports in a relatively small package, though the basic plastic case isn’t exactly inspiring.
Power up with unlimited access to WIRED. Get best-in-class reporting and exclusive subscriber content that’s too important to ignore. Subscribe Today.
Global oil and gas prices have skyrocketed following the US attack on Iran last weekend. But another key global supply chain is also at risk, one that may directly impact American farmers who have already been squeezed for months by tariff wars. The conflict in the Middle East is choking global supplies of fertilizer right before the crucial spring planting season.
“This literally could not be happening at a worse time,” says Josh Linville, the vice president of fertilizer at financial services company StoneX.
The global fertilizer market focuses on three main macronutrients: phosphates, nitrogen, and potash. All of them are produced in different ways, with different countries leading in exports. Farmers consider a variety of factors, including crop type and soil conditions, when deciding which of these types of fertilizer to apply to their fields.
Potash and phosphates are both mined from different kinds of natural deposits; nitrogen fertilizers, by contrast, are produced with natural gas. QatarLNG, a subsidiary of Qatar Energy, a state-run oil and gas company, said on Monday that it would halt production following drone strikes on some of its facilities. This effectively took nearly a fifth of the world’s natural gas supply offline, causing gas prices in Europe to spike.
That shutdown puts supplies of urea, a popular type of nitrogen fertilizer, particularly at risk. On Tuesday, Qatar Energy said that it would also stop production of downstream products, including urea. Qatar was the second-largest exporter of urea in 2024. (Iran was the third-largest; it’s also a key exporter of ammonia, another type of nitrogen fertilizer.) Prices on urea sold in the US out of New Orleans, a key commodity port, were up nearly 15 percent on Monday compared to prices last week, according to data provided by Linville to WIRED. The blockage of the Strait of Hormuz is also preventing other countries in the region from exporting nitrogen products.
“When we look at ammonia, we’re looking at almost 30 percent of global production being either involved or at risk in this conflict,” says Veronica Nigh, a senior economist at the Fertilizer Institute, a US-based industry advocacy organization. “It gets worse when we think about urea. Urea is almost 50 percent.”
Other types of fertilizer are also at risk. Saudi Arabia, Nigh says, supplies about 40 percent of all US phosphate imports; taking them out of the equation for more than a few days could create “a really challenging situation” for the US. Other countries in the region, including Jordan, Egypt, and Israel, also play a big role in these markets.
“We are already hearing reports that some of those Persian Gulf manufacturers are shutting down production, because they’re saying, ‘I have a finite amount of storage for my supply,’” Linville says. “‘Once I reach the top of it, I can’t do anything else. So I’m going to shut down my production in order to make sure I don’t go over above that.’”
Conflict in the strait has intensified in the early part of this week, as the Islamic Revolutionary Guard Corps have reportedly threatened any ship passing through the strait. Traffic has slowed to a crawl. The Trump administration announced initiatives on Tuesday meant to protect oil tankers traveling through the strait, including providing a naval escort. Even if those initiatives succeed—which the shipping industry has expressed doubt about—much of the initial energy will probably go toward shepherding oil and gas assets out of the region.
“Fertilizer is not going to be the most valuable thing that’s gonna transit the strait,” says Nigh.
CCPIT to facilitate exchanges, collaboration between Chinese, US firms
These $500 Windows Laptops Show That the MacBook Neo Has Serious Competition
US Senate rejects bid to limit Trump’s Iran war powers
India Us Trade Deal: Fresh look at India-US trade deal? May be ‘rebalanced’ if circumstances change, says Piyush Goyal – The Times of India
What are Iran’s ballistic missile capabilities?
US arrests ex-Air Force pilot for ‘training’ Chinese military
-
Business6 days ago
India Us Trade Deal: Fresh look at India-US trade deal? May be ‘rebalanced’ if circumstances change, says Piyush Goyal – The Times of India
-
Politics7 days agoWhat are Iran’s ballistic missile capabilities?
-
Business1 week agoHouseholds set for lower energy bills amid price cap shake-up
-
Politics7 days agoUS arrests ex-Air Force pilot for ‘training’ Chinese military
-
Business6 days agoAttock Cement’s acquisition approved | The Express Tribune
-
Fashion1 week agoOECD GDP growth slows to 0.3% in Q4 amid mixed trends
-
Fashion6 days agoPolicy easing drives Argentina’s garment import surge in 2025
-
Sports5 days agoLPGA legend shares her feelings about US women’s Olympic wins: ‘Gets me really emotional’