White House to discuss software development with technical leaders, calling it “top national security concern”

0


The January discussion between technical executives and White House officials is necessary because open source software is widely used but is maintained by volunteers, making it “a major national security concern,” Sullivan said in a report. letter to technology companies, including extracts House shared with journalists.

Guests include software development companies and cloud service providers, according to the White House. A spokesperson for the National Security Council declined to say which companies were invited.

The letter follows the discovery this month of a vulnerability in software known as Log4j that organizations around the world use to store data in their applications.

Ransomware gangs and hackers linked to the governments of China, Iran, North Korea and Turkey have moved on to exploit the loophole as tech companies and government agencies rushed to apply software fixes.
The US Agency for Cybersecurity and Infrastructure Security, which has said hundreds of millions of devices could be exposed to the vulnerability, issued an “emergency directive” on December 17 ordering federal civilian agencies to update their systems.

A spokesperson for the agency told CNN on Thursday that there is no indication that an agency was hacked using the Log4j vulnerability.

Although no U.S. agency has confirmed a breach via the vulnerability, the Belgian Defense Ministry told local media this week that it had shut down parts of its computer network in response to a hack using the vulnerability.

Cyber ​​security officials have called the vulnerability one of the most critical software bugs in years and warned that it could take weeks or months to fully assess the impact.

While the world’s richest companies depend on it, the Log4j software is maintained by a group of volunteers from the nonprofit Apache Software Foundation, who worked long hours to correct the flaw.

The vulnerability of Log4j “will define IT as we know it, separating those who go out of their way to protect themselves and those who feel comfortable being careless,” said Amit Yoran, CEO of the security company. Tenable, based in Maryland.

It is precisely this shortage of investment in critical software that the White House wants to remedy.

President Joe Biden issued an executive order in May requiring government-purchased software to meet a minimum set of security standards. The goal is to use the purchasing power of the federal government to trigger increased demand for secure software development in the private sector as well.

Sullivan’s new letter is not the first time the Biden administration has used the White House intimidation chair to lobby tech companies to take action on pressing cybersecurity issues.

Biden called cybersecurity a “major national security challenge” during a meeting in August with executives from Microsoft, JPMorgan and other major U.S. companies. Google and Microsoft have pledged to invest billions of dollars in cybersecurity initiatives in announcements associated with this White House meeting.


Share.

Comments are closed.