Left Menu

EXCLUSIVE-Software vendors would have to disclose breaches to U.S. government users under new order -draft

A planned Biden administration executive order will require many software vendors to notify their federal government customers when the companies have a cybersecurity breach, according to a draft seen by Reuters.

Reuters | Updated: 26-03-2021 04:47 IST | Created: 26-03-2021 04:47 IST
EXCLUSIVE-Software vendors would have to disclose breaches to U.S. government users under new order -draft

A planned Biden administration executive order will require many software vendors to notify their federal government customers when the companies have a cybersecurity breach, according to a draft seen by Reuters. A National Security Council spokeswoman said no decision has been made on the final content of the executive order. The order could be released as early as next week.

The SolarWinds Corp hack, which came to light in December, showed “the federal government needs to be able to investigate and remediate threats to the services it provides the American people early and quickly. Simply put, you can’t fix what you don’t know about," the spokeswoman said. In the SolarWinds case, hackers suspected of working for the Russian government infiltrated its network management software and added code that allowed the hackers to spy on end users.

The hackers penetrated nine federal agencies and 100 companies, including Microsoft Corp and other major tech companies. The proposed order would adopt measures long sought by security experts, including requiring multi-factor authentication and encryption of data inside federal agencies.

The order would impose additional rules on programs deemed critical, such as requiring a "software bill of materials" that spells out what is inside. An increasing amount of software activates other programs, expanding the risk of hidden vulnerabilities. The notification requirement will have the most immediate impact. The rule aims to override non-disclosure agreements, which vendors have said limited information sharing, and allow officials to view more intrusions.

The order also would compel vendors to preserve more digital records and work with the FBI and the Homeland Security Department's Cybersecurity and Infrastructure Security Agency, known as CISA, when responding to incidents. In practice, the changes will occur through updates to federal acquisition rules. Major software companies that sell to the government, like Microsoft and SalesForce, will be affected by the change, said people familiar with the plans.

In the past, Congress has tried to establish a national data breach notification law but has failed because of industry resistance. Such a bill would have obligated companies that experience hacks to disclose them publicly through government agencies. If finalized in close to the draft form, the executive order would partially achieve the broad disclosure goal. A new law on public disclosure may also be introduced.

The draft order would also create a cybersecurity incident response board, with representatives from federal agencies and cybersecurity companies. The forum would encourage vendors and victims to share information, perhaps with a combination of incentives and liability protections.

(This story has not been edited by Devdiscourse staff and is auto-generated from a syndicated feed.)

TRENDING

Sex Education Season 3 has completed filming, know more in details!

FEATURE-Coronavirus fallout traps more Congolese girls in sex work

Google dedicates doodle for 200 years of Greek Independence

Huawei Launches All-new FreeBuds 4i in the UAE

OPINION / BLOG / INTERVIEW

Tectonic turns: How technology shaped healthcare over the decades

Tracing an episodic evolution, with technology at the interface of human and his health....

World Water Day sees crises of inequality in countries both rich and poor

... ...

Privacy and data protection: Reviewing notable policy frameworks

The evolved privacy principles and the resulting legislation across the world primarily aim to force the data collector to define the purpose for which the data is being collected along with the need to obtain explicit consent for the said ...

Addressing conflict-related sexual violence at long last

... ...

Videos

Latest News

UK car output falls 14% in February amid COVID-19 hit

British car production fell to its lowest February level since 2010 after an annual 14 drop as lockdown measures, global supply chain problems and new customs processes hit the industry, a trade body said on Friday. Dealerships in England w...

ANALYSIS-'Wilful ignorance': Flood-hit Australia urged to rethink climate adaptation

Severe floods have pummelled several parts of the country Climate change hiking threats fast, including from bushfires Government now working on new climate resilience plan By Michael TaylorMarch 26 Thomson Reuters Foundation - Australia,...

Reuters Sports News Summary

Following is a summary of current sports news briefs. Hamilton spoke to Bahrain officials about human rightsFormula One world champion Lewis Hamilton said he had spoken to Bahrain officials about human rights in the country after promising ...

Reuters US Domestic News Summary

Following is a summary of current US domestic news briefs. Still a mess Trauma haunts U.S. mass shooting survivors due to gaps in mental healthcareEven now, more than two decades after the Columbine school shooting, survivor Heather Martin ...
Give Feedback
Subscribe to our Newsletter  

SECTORS

EDITIONS

OTHER LINKS

OTHER PRODUCTS

CONNECT

Devdiscourse

Email: info@devdiscourse.com
Phone: +91-130-6444012, +91-7027739813, 14, 15

VisionRI | Disclaimer | Terms of use | Privacy Policy

© Copyright 2021