You are currently viewing Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order – draft

Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order – draft


 Exclusive: Software vendors would have to disclose breaches to U.S. government users under new order - draft

By Christopher Bing, Nandita Bose and Joseph Menn

SAN FRANCISCO (Reuters) – A planned Biden administration executive order will require many software vendors to notify their federal government customers when the companies have a cybersecurity breach, according to a draft seen by Reuters.

A National Security Council spokeswoman said no decision has been made on the final content of the executive order.

The SolarWinds hack, which came to light in December, showed “the federal government needs to be able to investigate and remediate threats to the services it provides the American people early and quickly. Simply put, you can’t fix what you don’t know about,” the spokeswoman said.

The proposed order outlines several digital security recommendations, including the notification requirements for service providers, according to four people familiar with the plan.

The order also will require vendors to preserve more digital records for investigating hacks and work with the FBI and the Homeland Security Department’s Cybersecurity Infrastructure Security Agency, known as CISA, when responding to incidents.

In practice, the change will occur through updates to federal acquisition rules. Major software companies that sell to the government, like Microsoft or SalesForce, would be affected by the change, said two of the people familiar with the plans.

In the past, Congress has tried to establish a national data breach notification law but has failed because of industry resistance. Such a bill would have compelled companies who experience hacks to disclose them publicly through government agencies, rather than keep them secret.

Software from the U.S. tech company SolarWinds was used as a springboard to compromise a raft of U.S. government agencies. The operation, which was identified in December and which the U.S. government has said was likely orchestrated by Russia, gave hackers access to thousands of companies and government offices that used its products.

(Reporting by Christopher Bing, Nandita Bose and Joseph Menn; editing by Cynthia Osterman)

This story has not been edited by FP staff and is generated by auto-feed.





Source link

Leave a Reply