US to Issue ‘Emergency Directive’ Ordering Government Agencies to Fix Critical Software Flaw
| Breaking News Updates | Google News
It’s one of the most urgent steps yet that the Biden administration has taken to address the Log4J software flaw, which U.S. officials say could affect hundreds of millions of devices around the world.
CISA officials said this week that no federal agency had been hacked using the vulnerability, but the emergency ordinance is an effort to ensure that by gathering much more data on the exposure of federal agencies to the problem.
Big tech companies from Amazon Web Services to IBM have rushed to fix the vulnerability in their products and have published advice on how to fix the flaw for their customers.
The ordinance goes further than a previous CISA directive because it obliges agencies to deal with instances of Log4J which are not only directly exposed to the Internet, but could be deeper in agency networks.
On Wednesday night, the US Patent and Trademark Office shut down external access to its computer systems for 12 hours over “serious and urgent concern” about the vulnerability.
The Pentagon is taking “swift action now to identify and mitigate vulnerabilities in Log4J by monitoring malicious cyber activity and directing mitigation against potential exploitation,” press secretary John Kirby said on Friday.
The Pentagon, he added, continues “to work with the Cybersecurity and Infrastructure Security Agency, CISA, on a comprehensive government response.”
This story was updated with additional details on Friday.
CNN’s Michael Conte contributed to this report.
News Today News Today US to Issue ‘Emergency Directive’ Ordering Government Agencies to Fix Critical Software Flaw