In the wake of the SolarWinds hack, a former presidential adviser was emphatic about the government’s need to require more from providers of software and cloud services.
Researchers agree about the level of sophistication the perpetrators of the hacking campaign have employed in order to pull off the level of access they now have to sensitive systems and communications. But news reports have also suggested the attackers were able to take advantage of weak cybersecurity practices at SolarWinds, the software company which distributed the malware-laced update to its broad customer base. The update server’s password was “solarwinds123,” a security researcher told Reuters.
That led to a question during the event Auburn University’s McCrary Institute hosted Tuesday of whether the government should require tougher standards for the software industry.
“Tougher standards on the software companies? Absolutely,” Melissa Hathaway, a cybersecurity adviser to Presidents George W. Bush and Barack Obama, said. “To have 'solarwinds123' on the development software and on the enterprise was, is, irresponsible if not negligent. While they're working with customers, I don't actually see them owning the responsibility of how much risk they brought to so many different enterprises. We have to hold all of the software companies to a higher standard.”
At the end of 2018, Congress passed legislation to implement the Federal Acquisition Security Council. The body would be able to recommend exclusion and removal orders to protect the federal government’s supply chain from compromise. It will rely on technical expertise< ..
Support the originator by clicking the read the rest link below.
