Cybersecurity experts struggle to answer lawmakers’ questions on Log4J hacking

Cybersecurity experts struggled Tuesday to answer lawmakers’ basic questions about the danger of a flaw in the open-source logging platform Apache Log4J that could plague computer network defenders for years to come.

The vulnerability was discovered in December, and the software’s widespread use led the FBI to tell victims in the immediate aftermath that it may not respond to them because of how large the pool of potential victims had grown.

After nearly two more months since its revelation, cybersecurity professionals said they were unable to answer senators’ questions about how the vulnerability may have been weaponized for years without detection and about the full picture of who was at-risk.

Potential victims reside in a range of industries including electric power, water, transportation, food, and manufacturing, according to the cybersecurity firm Dragos.

…