The Reuters agency revealed that an executive order proposed by the Biden administration will oblige software vendors to notify their federal government customers in case they will suffer a security breach.
The executive order is expected to be released the next week and will also require federal agencies to enhance their security posture through the implementation of measures such as multi-factor authentication and data encryption. The order seems to be part of the response of the US government to the recently disclosed SolarWinds supply chain attack.
“A planned Biden administration executive order will require many software vendors to notify their federal government customers when the companies have a cybersecurity breach, according to a draft seen by Reuters.” reads the report published by Reuters. “A National Security Council spokeswoman said no decision has been made on the final content of the executive order. The order could be released as early as next week.”
When the security breach will impact critical programs, the vendors might be forced to provide a “software bill of materials.”
The order will force victims of a security breach to work with the FBI and the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency to respond to incidents.
The order would also force the creation of a cybersecurity incident response board composed of representatives from federal agencies and private cybersecurity companies.
“The draft order would also create a cybersecurity incident response board, with representatives from federal agencies and cybersecurity companies. The forum would encourage vendors and victims to share information, perhaps with a combination of incentives and liability protections.” concludes Reuters.
If you want to receive the weekly Security Affairs Newsletter for free subscribe here.
(SecurityAffairs – hacking, data breach)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.