Categories: CyberCrimeSecurity

White House To Meet With Tech Firms Over Cyber-Security Crisis

The White House is to host a meeting with tech executives over cyber-security in January, amidst an escalation in disruptive cyber-attacks over the past year.

White House national security adviser Jake Sullivan wrote to the chief executives of tech companies inviting them to the event, following the appearance of a critical vulnerability in Log4j, a widely-used software component.

In the letter, excerpts of which were shared with the press, Sullivan said open source software, which is critical to computing infrastructure but is maintained by volunteers, has become a “a key national security concern”.

The White House said software companies and cloud services providers were invited, without naming the firms.

Major incidents

“The SolarWinds and Hafnium incidents serve as recent reminders that strategic adversaries actively exploit vulnerabilities for malicious purposes,” Sullivan wrote in the letter.

The attack on software maker SolarWinds, discovered a year ago, gave attackers access to its many customers, including US government departments, while the cyber-gang Hafnium used a flaw in Microsoft’s email server software to attack more than 20,000 organisations.

The SolarWinds attack has been blamed on the Russian government, while Hafnium has alleged ties to the Chinese government.

The deputy national security advisor for cyber & emerging technology, Anne Neuberger, is to host a one-day discussion in January with company officials responsible for security and open source projects, the White House said.

Security investment

Amidst the escalation in cyber-attacks, the administration in May issued an executive order creating a review board and new software standards for government agencies.

The order aims to set minimum security standards for software used by the governent, and in turn to spur investment in security.

President Joe Biden called cyber-security a “core national security challenge” at an August meeting with the executives of Microsoft, JPMorgan and other major US firms. At the time Google and Microsoft said they would invest billions of dollars in cyber-security initiatives.

The US Cybersecurity and Infrastructure Security Agency on 17 December issued an “emergency directive” ordering federal civilian agencies to update their systems to patch against the Log4j exploit, which is known as Log4Shell.

The bug affects hundreds of millions of internet-connected devies, with computer security firm Mandiant calling it “one of the most pervasive security vulnerabilities that organizations have had to deal with over the past decade”.

Broad impact

“Log4j is ubiquitous and used by applications and systems deployed across organizations of all sizes,” the company wrote in an advisory earlier this month.

“Organisations are struggling to assess the scope and impact of the exposure, given it is not obvious which applications and systems even use Log4j.

“Software vendors are actively determining whether their software uses Log4j and are communicating the impact to their customers.”

Mandiant said organisations should monitor for the availability of security patches and apply them “as quickly as possible”.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

4 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

7 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

8 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

9 hours ago