Skip to content
US to Issue ‘Emergency Directive’ Ordering Government Agencies to Fix Critical Software Flaw

 | Local News

US to Issue ‘Emergency Directive’ Ordering Government Agencies to Fix Critical Software Flaw

| Breaking News Updates | Google News

The US Cybersecurity and Infrastructure Security Agency’s order gives federal agencies until Dec. 23 to document Internet installations of the software on their networks and report the data to the CISA. It also instructs agencies to compare the large public list of software products that use the Log4J vulnerability with software running on agency networks.

It’s one of the most urgent steps yet that the Biden administration has taken to address the Log4J software flaw, which U.S. officials say could affect hundreds of millions of devices around the world.

CISA officials said this week that no federal agency had been hacked using the vulnerability, but the emergency ordinance is an effort to ensure that by gathering much more data on the exposure of federal agencies to the problem.

Big tech companies from Amazon Web Services to IBM have rushed to fix the vulnerability in their products and have published advice on how to fix the flaw for their customers.

The ordinance goes further than a previous CISA directive because it obliges agencies to deal with instances of Log4J which are not only directly exposed to the Internet, but could be deeper in agency networks.

“This vulnerability is one of the most serious I have seen in my entire career, if not the most serious,” CISA director Jen Easterly said on Monday in a phone call with leaders of the industry.

On Wednesday night, the US Patent and Trademark Office shut down external access to its computer systems for 12 hours over “serious and urgent concern” about the vulnerability.

Microsoft warned this week that hackers with links to China, Iran, North Korea and Turkey were exploiting the vulnerable software.

The Pentagon is taking “swift action now to identify and mitigate vulnerabilities in Log4J by monitoring malicious cyber activity and directing mitigation against potential exploitation,” press secretary John Kirby said on Friday.

The Pentagon, he added, continues “to work with the Cybersecurity and Infrastructure Security Agency, CISA, on a comprehensive government response.”

This story was updated with additional details on Friday.

CNN’s Michael Conte contributed to this report.

News Today News Today US to Issue ‘Emergency Directive’ Ordering Government Agencies to Fix Critical Software Flaw

Not all news on the site expresses the point of view of the site, but we transmit this news automatically and translate it through programmatic technology on the site and not from a human editor.