As per a new draft order under Biden administration, the software vendors may have to inform about any cybersecurity breach. The draft was seen and reported by Reuters. However, a spokeswoman from National Security Council said no such decision has been made on the executive order's final content. The order could possibly be released as early as next week.This order comes after the SolarWinds Corp hack, which occurred in December. The hack showed why the government needs to investigate and prevent further similar potential hacks.
In the SolarWinds case, the hackers are suspected to be working for the Russian government. The hackers infiltrated the network management software and added a code that allowed the hackers to spy on end-users.The hackers penetrated nine federal agencies and 100 companies, including Microsoft Corp and other major tech companies.The proposed order will take several measures to safeguard the data by making multi-factor authentication and encryption of data compulsory inside federal agencies.
The order will impose additional rules on programs deemed critical, such as requiring a "software bill of materials."An increasing amount of software activates other programs, expanding the risk of hidden vulnerabilities.The notification requirement will have the most immediate impact. The rule aims to override non-disclosure agreements, in which vendors have limited information sharing, and allow officials to view more intrusions.The order also would compel vendors to preserve more digital records and work with the FBI and the Homeland Security Department's Cybersecurity and Infrastructure Security Agency, known as CISA, when responding to incidents.