A planned executive order of US President Joe Biden would require many software vendors to notify their federal government customers when the companies have a cybersecurity breach, according to a draft seen by Reuters.
A US National Security Council spokeswoman said that no decision has been made on the final content of the executive order, which could be released as early as next week.
The SolarWinds Corp hack, which came to light in December last year, showed that “the federal government needs to be able to investigate and remediate threats to the services it provides the American people early and quickly. Simply put, you can’t fix what you don’t know about,” the spokeswoman said.
Photo: Reuters
In the SolarWinds case, hackers suspected of working for the Russian government infiltrated its network management software and added code that allowed hackers to spy on end users.
The hackers penetrated nine federal agencies and 100 companies, including Microsoft Corp and other major tech companies.
The proposed order would adopt measures long sought by security experts, including requiring multifactor authentication and encryption of data inside federal agencies.
The order would impose additional rules on programs deemed critical, such as requiring a “software bill of materials” that spells out what is inside.
An increasing amount of software activates other programs, expanding the risk of hidden vulnerabilities.
The notification requirement would have the most immediate impact.
The rule aims to override nondisclosure agreements, which vendors have said limited information sharing, and allow officials to view more intrusions.
The order also would compel vendors to preserve more digital records and work with the FBI and the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency when responding to incidents.
In practice, the changes would occur through updates to federal acquisition rules. Major software companies that sell to the government, like Microsoft and SalesForce, would be affected by the change, people familiar with the plans said.
In the past, the US Congress has tried to establish a national data breach notification law, but has failed because of industry resistance. Such a bill would have obligated companies that experience hacks to disclose them publicly through government agencies.
If finalized in close to the draft form, the executive order would partially achieve the broad disclosure goal. A new law on public disclosure might also be introduced.
The draft order would also create a cybersecurity incident response board, with representatives from federal agencies and cybersecurity companies.
The forum would encourage vendors and victims to share information, perhaps with a combination of incentives and liability protections.
CHIP WAR: Tariffs on Taiwanese chips would prompt companies to move their factories, but not necessarily to the US, unleashing a ‘global cross-sector tariff war’ US President Donald Trump would “shoot himself in the foot” if he follows through on his recent pledge to impose higher tariffs on Taiwanese and other foreign semiconductors entering the US, analysts said. Trump’s plans to raise tariffs on chips manufactured in Taiwan to as high as 100 percent would backfire, macroeconomist Henry Wu (吳嘉隆) said. He would “shoot himself in the foot,” Wu said on Saturday, as such economic measures would lead Taiwanese chip suppliers to pass on additional costs to their US clients and consumers, and ultimately cause another wave of inflation. Trump has claimed that Taiwan took up to
A start-up in Mexico is trying to help get a handle on one coastal city’s plastic waste problem by converting it into gasoline, diesel and other fuels. With less than 10 percent of the world’s plastics being recycled, Petgas’ idea is that rather than letting discarded plastic become waste, it can become productive again as fuel. Petgas developed a machine in the port city of Boca del Rio that uses pyrolysis, a thermodynamic process that heats plastics in the absence of oxygen, breaking it down to produce gasoline, diesel, kerosene, paraffin and coke. Petgas chief technology officer Carlos Parraguirre Diaz said that in
SUPPORT: The government said it would help firms deal with supply disruptions, after Trump signed orders imposing tariffs of 25 percent on imports from Canada and Mexico The government pledged to help companies with operations in Mexico, such as iPhone assembler Hon Hai Precision Industry Co (鴻海精密), also known as Foxconn Technology Group (富士康科技集團), shift production lines and investment if needed to deal with higher US tariffs. The Ministry of Economic Affairs yesterday announced measures to help local firms cope with the US tariff increases on Canada, Mexico, China and other potential areas. The ministry said that it would establish an investment and trade service center in the US to help Taiwanese firms assess the investment environment in different US states, plan supply chain relocation strategies and
Japan intends to closely monitor the impact on its currency of US President Donald Trump’s new tariffs and is worried about the international fallout from the trade imposts, Japanese Minister of Finance Katsunobu Kato said. “We need to carefully see how the exchange rate and other factors will be affected and what form US monetary policy will take in the future,” Kato said yesterday in an interview with Fuji Television. Japan is very concerned about how the tariffs might impact the global economy, he added. Kato spoke as nations and firms brace for potential repercussions after Trump unleashed the first salvo of