The Biden administration is ordering federal agencies to fix hundreds of vulnerabilities in software and hardware that hackers have been known to exploit, according to a new government directive released Wednesday.<\/p>\n
The first-of-its-kind directive, issued by the DHS Cybersecurity and Infrastructure Security Agency, includes a list of vulnerabilities “that carry significant risk to the federal enterprise” with technical specifics that agency leaders are required to review and address within 60 days. Some areas will require a more immediate fix, according to CISA.<\/p>\n
\u201cCybersecurity threats are among the greatest challenges facing our Nation,” Homeland Security Secretary Alejandro Mayorkas said in a statement Wednesday. “Organizations of all sizes, including the federal government, must protect against malicious cyber actors who seek to infiltrate our systems, compromise our data, and endanger American lives.\u201d<\/p>\n
U.S. information systems have fallen victim to an increasing number of cyber attacks in recent years targeting schools, hospitals and critical infrastructure.<\/p>\n
A 2020 cyber intrusion into the U.S. company SolarWinds, which sells software to the federal government, was not discovered until months after malicious code was injected into a routine software update. The discovery sent government officials scrambling to determine if their systems were compromised.<\/p>\n
Last July, the U.S. and its allies condemned China for a cyber assault on Microsoft email servers and said hackers supported by the Chinese government had carried out ransomware or cyber-extortion attacks for millions of dollars. The Chinese-backed hackers were able to string together multiple, lower-level vulnerabilities to exploit Microsoft systems, according to CISA.<\/p>\n