Friday, May 14, 2021
The Colonial Pipeline cyberattack prompted the issuance of a long-awaited executive order (EO) on improving U.S. cybersecurity. The EO mandates that, within six months, all federal agencies implement multi-factor authentication (MFA) and both at-rest and in-transit encryption. It also calls for agencies to comprehensively log, share, and analyze information about cyber incidents and creates a Cyber Safety Review Board to that end. The EO sets deadlines for agencies to write guidelines for securing software and detecting threats.
Bradley has authored prior articles and alerts regarding the U.S. governments’ increasing attention to cybersecurity including at the Department of Defense, federal government as a whole, and even at the state level. With its focus on timelines and deadlines, this EO emphasizes the urgency of improving cybersecurity across industries.
By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:Section 1.
Dive Brief:
Following a series of cyberattacks that exposed vulnerabilities in the United States critical infrastructure, President Joe Biden signed an executive order May 12 aimed at bolstering defenses and transparency, including development of a Cyber Safety Review Board (CSRB) to assess major intrusions.
The recent Colonial Pipeline attack and SolarWinds supply chain hack illustrate that software procurement and distribution is a major vulnerability, according to a senior White House official. We routinely install software with significant vulnerabilities into some of our most critical systems and infrastructure, they said in a Wednesday evening briefing with reporters.
To address this, the executive order requires the use of a Software Bill of Materials (SBOM) in government procurements, to allow for more efficient tracking of known vulnerabilities. The Edison Electric Institute (EEI), which represents investor-owned utilities, and the North American Transmission Forum (
New pack helps developers manage open source licenses and compliance
Although many organizations rely on the software, managing open source licenses and compliance can be a difficult and time-consuming task.
Supply chain management tools specialist Sonatype is launching an Advanced Legal Pack using machine learning and artificial intelligence to automate open source license compliance.
Most teams rely on manual processes to collect, compile, and review all of the necessary legal data to both comply with open source license obligations and generate accurate attribution reports. Given that each manual review of a component and its corresponding license can take up to two hours and a typical application contains 100 components, legal and compliance teams can be spending hundreds of hours completing reviews for just one application.
Wireless Roundup (April 2021) | Wiley Rein LLP jdsupra.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from jdsupra.com Daily Mail and Mail on Sunday newspapers.