Under a forthcoming White House order, companies that do business with the federal government would have to meet software security standards and swiftly report cyber incidents to a new entity within the Department of Homeland Security, sources familiar with a draft version of the document said.
The order, which could be made public in a matter of weeks, is meant to improve the government’s ability to detect, coordinate, respond to and investigate cybersecurity incidents, as well as promote supply chain security and push government contractors to up their defenses. It is spurred largely by the suspected Russian campaign in which hackers exploited the update process for SolarWinds’ Orion software, which led to the compromise of nine federal agencies and roughly 100 companies, the White House previously said.
Some of the order’s measures are aimed at strengthening DHS and its Cybersecurity and Infrastructure Security Agency. The White House directive would establish a body for reporting cybersecurity incidents within CISA modeled after the National Transportation Safety Board. Under the order, DHS and the attorney general would also create a cybersecurity incident review board made up of federal officials and private sector companies for examining threats and vulnerabilities, as well as risk mitigation efforts around major incidents.
CISA would be authorized to hunt threats in agencies other than the Defense Department, something acting acting CISA Director Brandon Wales told Congress was key in testimony last month. ..
Support the originator by clicking the read the rest link below.
