The US Cybersecurity and Infrastructure Security Agency
, which has said that hundreds of millions of devices could be exposed to the vulnerability
, issued an “emergency directive”
en diciembre 17 ordering federal civilian agencies to update their systems
An agency spokesperson told CNN on Thursday that there is no indication that any agency has been hacked using the vulnerability in Log4j.
While no US agencies have confirmed a breach via the vulnerability, the Belgian Defense Ministry told local media outlets this week that it had shut down parts of its computer network in response to a hack using the flaw.
Cybersecurity executives have called the vulnerability one of the most critical software bugs in years and warned that it could take weeks or months to fully assess the impact.
While the world’s richest companies rely on it, the Log4j software is maintained by a group of volunteers at the nonprofit Apache Software Foundation, who have worked long hours to address the flaw.
The vulnerability in Log4j “will define computing as we know it, separating those that put in the effort to protect themselves and those comfortable being negligent,” said Amit Yoran, the CEO of the Maryland-based security firm Tenable.
It’s precisely that dearth of investment in critical software that the White House wants to address.
President Joe Biden in May issued an executive order that requires software the government buys to meet a minimum set of security standards. The goal is to use the federal government’s buying power to trigger more demand for secure software development in the private sector, también.
The new letter from Sullivan is not the first time that the Biden administration has used the bully pulpit of the White House to prod tech firms into taking action on pressing cybersecurity issues.
Biden called cybersecurity a “core national security challenge” in an August meeting with the executives of Microsoft
, JPMorgan and other major US firms
. Google and Microsoft pledged to invest billions of dollars in cybersecurity initiatives in announcements paired with that White House meeting