Categories: CyberCrimeSecurity

White House To Meet With Tech Firms Over Cyber-Security Crisis

The White House is to host a meeting with tech executives over cyber-security in January, amidst an escalation in disruptive cyber-attacks over the past year.

White House national security adviser Jake Sullivan wrote to the chief executives of tech companies inviting them to the event, following the appearance of a critical vulnerability in Log4j, a widely-used software component.

In the letter, excerpts of which were shared with the press, Sullivan said open source software, which is critical to computing infrastructure but is maintained by volunteers, has become a “a key national security concern”.

The White House said software companies and cloud services providers were invited, without naming the firms.

Major incidents

“The SolarWinds and Hafnium incidents serve as recent reminders that strategic adversaries actively exploit vulnerabilities for malicious purposes,” Sullivan wrote in the letter.

The attack on software maker SolarWinds, discovered a year ago, gave attackers access to its many customers, including US government departments, while the cyber-gang Hafnium used a flaw in Microsoft’s email server software to attack more than 20,000 organisations.

The SolarWinds attack has been blamed on the Russian government, while Hafnium has alleged ties to the Chinese government.

The deputy national security advisor for cyber & emerging technology, Anne Neuberger, is to host a one-day discussion in January with company officials responsible for security and open source projects, the White House said.

Security investment

Amidst the escalation in cyber-attacks, the administration in May issued an executive order creating a review board and new software standards for government agencies.

The order aims to set minimum security standards for software used by the governent, and in turn to spur investment in security.

President Joe Biden called cyber-security a “core national security challenge” at an August meeting with the executives of Microsoft, JPMorgan and other major US firms. At the time Google and Microsoft said they would invest billions of dollars in cyber-security initiatives.

The US Cybersecurity and Infrastructure Security Agency on 17 December issued an “emergency directive” ordering federal civilian agencies to update their systems to patch against the Log4j exploit, which is known as Log4Shell.

The bug affects hundreds of millions of internet-connected devies, with computer security firm Mandiant calling it “one of the most pervasive security vulnerabilities that organizations have had to deal with over the past decade”.

Broad impact

“Log4j is ubiquitous and used by applications and systems deployed across organizations of all sizes,” the company wrote in an advisory earlier this month.

“Organisations are struggling to assess the scope and impact of the exposure, given it is not obvious which applications and systems even use Log4j.

“Software vendors are actively determining whether their software uses Log4j and are communicating the impact to their customers.”

Mandiant said organisations should monitor for the availability of security patches and apply them “as quickly as possible”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

20 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

21 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

21 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

23 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago