Biden Administration Orders Federal Agencies to Fix Hundreds of Cyber Flaws
Source: The Wall Street Journal.
POLITICS * NATIONAL SECURITY
Biden Administration Orders Federal Agencies to Fix Hundreds of Cyber Flaws
Agencies come under new pressure to close cybersecurity flaws after sometimes balking at such measures in the past
By Dustin Volz
https://twitter.com/dnvolz
dustin.volz@wsj.com
Updated Nov. 3, 2021 11:18 am ET
WASHINGTONThe Biden administration on Wednesday issued a sweeping new order mandating that nearly all federal agencies patch hundreds of cybersecurity vulnerabilities that are considered major risks for damaging intrusions into government computer systems.
The new requirement is one of the most wide-reaching cybersecurity mandates ever imposed on the federal government. It covers about 200 known security flaws identified by cybersecurity professionals between 2017 and 2020 and an additional 90 discovered in 2021 alone that have generally been observed being used by malicious hackers. Those flaws were listed in a new federal catalog as carrying significant risk to the federal enterprise.
TO READ THE FULL STORY
SUBSCRIBE
SIGN IN
Read more: https://www.wsj.com/articles/biden-administration-to-order-federal-agencies-to-fix-hundreds-of-cyber-flaws-11635937200
I posted the article saying that this would happen in GD this morning.
Biden Administration to Order Federal Agencies to Fix Hundreds of Cyber Flaws
https://www.democraticunderground.com/100216011579
napi21
(45,806 posts)mahatmakanejeeves
(57,567 posts)There are links within the .pdf.
OVERVIEW
The impact of cybersecurity intrusions that leverage vulnerabilities in information technology and operational technology products threaten the public sector, the private sector, and ultimately the American peoples security and privacy. In 2020, industry partners identified a total of 18,358 new cybersecurity vulnerabilities, or Common Vulnerabilities and Exposures (CVEs). Of these, 10,342an average of 28 per dayare classified critical or high severity vulnerabilities.
Organizations across both public and private sectors struggle to find time to test and implement remediations to these vulnerabilitiessuch as patches and updatesacross complex infrastructures. Additionally, the effort and subject matter expertise required to research the degree of risk posed by a given vulnerability makes prioritizing CVEs a challenge.
In response to these challenges, the Cybersecurity and Infrastructure Security Agency (CISA), via Binding Operational Directive (BOD) 22-01, Reducing the Significant Risk of Known Exploited Vulnerabilities, has createdand published on CISA.gova living catalog of known exploited vulnerabilities that carry significant risk. Approximately 200 vulnerabilities from 2017-2020 and 90 from 2021 make up the initial publication. CISA will regularly update the catalog with new known exploited vulnerabilities that meet specified thresholds.
{snip}
OneCrazyDiamond
(2,032 posts)Unpatched.