CISA issues sweeping federal directive for government cybersecurity

The Biden administration is ordering federal agencies to fix hundreds of vulnerabilities in software and hardware that hackers have been known to exploit, according to a new government directive released Wednesday.

The first-of-its-kind directive, issued by the DHS Cybersecurity and Infrastructure Security Agency, includes a list of vulnerabilities “that carry significant risk to the federal enterprise” with technical specifics that agency leaders are required to review and address within 60 days. Some areas will require a more immediate fix, according to CISA.

“Cybersecurity threats are among the greatest challenges facing our Nation,” Homeland Security Secretary Alejandro Mayorkas said in a statement Wednesday. “Organizations of all sizes, including the federal government, must protect against malicious cyber actors who seek to infiltrate our systems, compromise our data, and endanger American lives.”

U.S. information systems have fallen victim to an increasing number of cyber attacks in recent years targeting schools, hospitals and critical infrastructure.

A 2020 cyber intrusion into the U.S. company SolarWinds, which sells software to the federal government, was not discovered until months after malicious code was injected into a routine software update. The discovery sent government officials scrambling to determine if their systems were compromised.

Last July, the U.S. and its allies condemned China for a cyber assault on Microsoft email servers and said hackers supported by the Chinese government had carried out ransomware or cyber-extortion attacks for millions of dollars. The Chinese-backed hackers were able to string together multiple, lower-level vulnerabilities to exploit Microsoft systems, according to CISA.

Read the Full Story Here

Source: ABC