Hi everyone, this is a progress update. We met with the information security consultancy msdd to identify potential vulnerabilities in our architecture and processes as well as to implement changes.
In total, msdd made 18 recommendations and helped us to realise them, the most important ones being:
-
Distributed key manager:
A problem in the past was that the signing keys needed to be accessible in the event of a key server failure. In our new architecture, we use a distributed setup. Each of the key servers only holds shards of the keys and an attacker would need to control several of them in order to reconstruct the original keys. -
Fully offline signing key backups:
This distributed setup also improves redundancy and means that some key servers are allowed to fail without affecting validation operations. As a result, the signing keys can be kept permanently offline, greatly reducing security risks. -
Security information and event management system:
A software that helps recognize and address potential security threats and vulnerabilities before they have a chance to disrupt operations. When new vulnerabilities are discovered or anomalies (such as attacks) are detected, this software would notify us. -
Other improvements include, e.g., generally closer alignment with ISO27001, stronger passwords and encryption keys, use of biometrics where possible, further anti-malware protections.
Looking ahead, we have taken steps to keep up to date with cybersecurity and plan a follow-up security review.
On the advice of msdd, we can only provide a general overview as to not undermine our security measures. Overall, we are confident that the vulnerabilities that led to the incident have been addressed. And that robustness and security of our infrastructure have been strengthened.