Biden Wants Software Vendors to Report Breaches to the Government

  • The U.S. government is pushing for a new order that will compel all software vendors to report breaches immediately.
  • This will save time and money as the investigation and remediation process will occur in an earlier phase.
  • Software firms may also have to share internal records with the FBI, CISA, and a group of federal agents.

The Biden administration is readying a new executive order that will compel all software vendors to disclose any data breaches to the U.S. government immediately. Reuters is reporting on this new executive order, claiming to have seen a draft, and according to it, we may see it in its final form as early as by next week. There’s apparently great disquietude in the government about the potential threats that could be coming from numerous directions, and an order like the one reported could help get things under control.

Obviously, the December SolarWinds supply chain attacks that resulted in the compromise of hundreds of high-level organizations and firms was a clear warning about the need for a fundamentally different reporting system. Then came the Microsoft Exchange problem that was soon discovered to be a known thing for a least a couple of months. If the infosec agencies knew about either case earlier, their effects would be greatly mitigated, and the subsequent costs from the disruption would be way lower.

According to sources invoked by Reuters in the same report, the breach notification requirement would override any non-disclosure agreement that may be in place, so there will be no excuses based on protecting property or anything like that. Only major software companies that supply the government with products may be obliged to comply with the order, but at this point, nothing is certain.

Also, the software vendors will have to preserve digital records that will be at least partially accessible by the FBI, the CISA, and possibly also the NSA. When incidents occur, this access could be opened up to “full,” accelerating the development of defensive mechanisms and preventing threats from becoming a widespread and a lot more expensive problem.

In addition to all the above, the final executive order may also include the creation of a cybersecurity incident response board that will comprise representatives from key federal agencies as well as private infosec companies. Along the way, and after having done with all that is still in containment, this forum may pass to a precautionary and advisory role.

REVIEW OVERVIEW

Latest

How to Watch Golden State Warriors vs. Phoenix Suns: Live Stream, Start Time, TV Channel, Odds, Predictions

Two of the best teams in the NBA will battle it out on Tuesday as the Western Conference heats up with this...

How to Watch New York Knicks vs. Brooklyn Nets: Live Stream, Start Time, TV Channel, Odds, Predictions

Two New York based teams face off in this thrilling NBA derby on Tuesday evening, as it is the New York Knicks...

How to Watch Denver Nuggets vs. Miami Heat: Live Stream, Start Time, TV Channel, Odds, Predictions

Another blockbuster NBA clash awaits us on Monday night as the Miami Heat and the Denver Nuggets collide at the FTX Arena....
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari