Categories: CyberCrimeSecurity

White House To Meet With Tech Firms Over Cyber-Security Crisis

The White House is to host a meeting with tech executives over cyber-security in January, amidst an escalation in disruptive cyber-attacks over the past year.

White House national security adviser Jake Sullivan wrote to the chief executives of tech companies inviting them to the event, following the appearance of a critical vulnerability in Log4j, a widely-used software component.

In the letter, excerpts of which were shared with the press, Sullivan said open source software, which is critical to computing infrastructure but is maintained by volunteers, has become a “a key national security concern”.

The White House said software companies and cloud services providers were invited, without naming the firms.

Major incidents

“The SolarWinds and Hafnium incidents serve as recent reminders that strategic adversaries actively exploit vulnerabilities for malicious purposes,” Sullivan wrote in the letter.

The attack on software maker SolarWinds, discovered a year ago, gave attackers access to its many customers, including US government departments, while the cyber-gang Hafnium used a flaw in Microsoft’s email server software to attack more than 20,000 organisations.

The SolarWinds attack has been blamed on the Russian government, while Hafnium has alleged ties to the Chinese government.

The deputy national security advisor for cyber & emerging technology, Anne Neuberger, is to host a one-day discussion in January with company officials responsible for security and open source projects, the White House said.

Security investment

Amidst the escalation in cyber-attacks, the administration in May issued an executive order creating a review board and new software standards for government agencies.

The order aims to set minimum security standards for software used by the governent, and in turn to spur investment in security.

President Joe Biden called cyber-security a “core national security challenge” at an August meeting with the executives of Microsoft, JPMorgan and other major US firms. At the time Google and Microsoft said they would invest billions of dollars in cyber-security initiatives.

The US Cybersecurity and Infrastructure Security Agency on 17 December issued an “emergency directive” ordering federal civilian agencies to update their systems to patch against the Log4j exploit, which is known as Log4Shell.

The bug affects hundreds of millions of internet-connected devies, with computer security firm Mandiant calling it “one of the most pervasive security vulnerabilities that organizations have had to deal with over the past decade”.

Broad impact

“Log4j is ubiquitous and used by applications and systems deployed across organizations of all sizes,” the company wrote in an advisory earlier this month.

“Organisations are struggling to assess the scope and impact of the exposure, given it is not obvious which applications and systems even use Log4j.

“Software vendors are actively determining whether their software uses Log4j and are communicating the impact to their customers.”

Mandiant said organisations should monitor for the availability of security patches and apply them “as quickly as possible”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Twitter To Hide Tweets That Share False Information During A Crisis

Potentially risking Elon's wrath over free speech, Twitter says it will hide tweets spreading misinformation…

11 hours ago

Boeing Starliner Test Flight Readied For Tonight

Third time the charm? Main rival to SpaceX's Dragon capsule, the embattled Boeing Starliner spacecraft,…

13 hours ago

September 13 Slated For iPhone 14 Launch – Report

No surprise there. Apple is slated to launch the iPhone 14 on 13 September according…

15 hours ago

Texas Social Media Law Battle Heads To Supreme Court

Battle between Texas and social networking giants reaches US Supreme Court, and it could decide…

16 hours ago

UK Can Legally Launch Cyberattacks Against Hostile Nations, Says AG

Chief legal advisor to government says UK can legally launch cyberattacks against hostile nations, and…

20 hours ago