US federal agencies threatened by 300 security breaches

Since taking office, President Joe Biden has made cybersecurity one of his priorities.

In May, he notably signed a decree to prevent and avoid future cybersecurity disasters.

The entire federal government must now use a two-factor authentication system to avoid basic hacks.

The decree also establishes a protocol to respond to cyber attacks and forms a review committee dedicated to cybersecurity.

Correct security flaws known for a long time

The Biden administration is now requiring civilian federal agencies to correct long-known security loopholes.

The directive from the US Agency for Cybersecurity and Infrastructure Security (CISA) lists nearly 200 security flaws known since 2017 and 90 other flaws discovered in 2021.

Federal agencies have six months to correct older threats and two weeks to correct those discovered this year.

The

points out that federal agencies are generally on their own when it comes to security, which can cause significant management problems.

The goal behind this directive is to force federal agencies to correct known threats and establish a watch list for other private and public organizations.

There are no more "small" threats

In 2015, an ordinance required federal agencies to correct threats considered “critical risks” within one month. In 2019, it was amended to include threats classified as “high risk”. This new mandate moves away from this categorization of threats and believes that small vulnerabilities can also cause significant problems if exploited effectively by hackers.

"The directive sets out clear requirements for federal civilian agencies to take immediate action to improve their vulnerability management practices and significantly reduce their exposure to cyber attacks," said Jen Easterly, director of CISA. “While this directive applies to federal civilian agencies, we know that organizations across the country, including critical infrastructure entities, are being targeted using these same vulnerabilities. It is therefore essential that every organization adopts this guideline and prioritizes the mitigation of vulnerabilities listed in the CISA public catalog. "

This new directive aims to prevent incidents like the one in March from happening again.

During this event, more than 30,000 US government and business organizations had their emails hacked.

The hackers had taken advantage of four known security holes.

This mishap could therefore have been avoided if these new measures had been taken earlier.

World

United States: Joe Biden trapped by overheating inflation

World

United States: False messages warning of cyber attacks sent from secure FBI server

• Cyber ​​attack

• United States

• High-Tech

• Cybersecurity

• Joe biden

• Cybercriminality

• 0 comment

• 0 share

  • Share on Messenger

  • Share on Facebook

  • Share on twitter

  • Share on Flipboard

  • Share on Pinterest

  • Share on Linkedin

  • Send by Mail

• To safeguard

• A fault ?

• To print