Washington, Nov 4 (SocialNews.XYZ) The US government has ordered all civilian federal agencies to patch, in six months time, hundreds of cybersecurity vulnerabilities found between 2017 and 2020.
The new order, by the Joe Biden administration on Wednesday, is one of the most wide-reaching cybersecurity mandates ever imposed on the federal government, the Wall Street Journal reported.
The cybersecurity vulnerabilities are considered major risks for damaging intrusions into government computer systems.
The directive from the Cybersecurity and Infrastructure Security Agency (CISA) covers about 200 known security flaws identified by cybersecurity professionals between 2017 and 2020 and an additional 90 discovered in 2021 alone that have been observed being used by malicious hackers. Those flaws were listed in a new federal catalogue as carrying "significant risk to the federal enterprises", the report said.
"Every day, our adversaries are using known vulnerabilities to target federal agencies. As the operational lead for federal cybersecurity, we are using our directive authority to drive cybersecurity efforts toward mitigation of those specific vulnerabilities that we know to be actively used by malicious cyber actors," said CISA Director Jen Easterly, in a statement.
"The Directive lays out clear requirements for federal civilian agencies to take immediate action to improve their vulnerability management practices and dramatically reduce their exposure to cyber attacks," Easterly added.
Federal agencies have six months to patch older threats and just two weeks to fix the ones that were discovered within the past year.
The goal is to force federal agencies to fix all potential threats, whether they're major or not, and establish a basic list for other private and public organisations to follow.
"While this Directive applies to federal civilian agencies, we know that organisations across the country, including critical infrastructure entities, are targeted using these same vulnerabilities. It is therefore critical that every organisation adopt this Directive and prioritise mitigation of vulnerabilities listed in CISA's public catalog," Easterly said.
In 2015, a similar order gave federal agencies one month to fix threats deemed "critical risks". This was, however, changed in 2019 to include threats categorised as "high risk".
The new mandate does not prioritise based on threat levels, but emphasises the need to recognise small flaws that can quickly cause larger problems if hackers can find a way to take advantage of them.
Since President Biden entered office in January, this year, cybersecurity has been a major concern. In May, he signed an executive order to help prevent future cybersecurity disasters.
The order mandates two-factor authentication across the federal government, establishes a protocol for responding to cyberattacks, and forms a Cybersecurity Safety Review Board, among other safety measures.
Source: IANS
Gopi Adusumilli is a Programmer. He is the editor of SocialNews.XYZ and President of AGK Fire Inc.
He enjoys designing websites, developing mobile applications and publishing news articles on current events from various authenticated news sources.
When it comes to writing he likes to write about current world politics and Indian Movies. His future plans include developing SocialNews.XYZ into a News website that has no bias or judgment towards any.
He can be reached at gopi@socialnews.xyz
This website uses cookies.
