“We still believe that public-private partnership is foundational in cybersecurity and we want to ensure we’re taking every opportunity to include key private-sector participants early and directly in our remediation efforts,” a senior administration official said.
It’s a major step towards transparency for the Biden administration, which is stressing strengthening relations between the private and public sector in the fallout from the Russian SolarWinds hacking campaign that infiltrated at least nine government agencies and about 100 companies.
The more recent Microsoft hack has added urgency to fixing those relations. Microsoft announced earlier this month a group of hackers tied to China exploited a vulnerability in its Microsoft Exchange product. Other cybercriminals have since swooped in to take advantage of servers that have not yet been updated to fix the vulnerability.
The situation escalated last week when Microsoft reported that hackers were targeting vulnerable servers with ransomware, a software loaded with a program allowing hackers to lock up computer systems and data for money. Vulnerable Microsoft users include hundreds of banks, health-care and government servers, researchers at the cybersecurity firm RiskIQ found. Pulling off a successful ransomware attack against any one of them could create major chaos.
A White House team is examining how to address concerns from the private sector over information-sharing with the government, the official said. Congress also is slated to roll out proposals regarding cybersecurity incident sharing in the coming weeks.
The White House is also readying a slew of proposals to strengthen cybersecurity.
The Biden administration is weighing a number of potential solutions, including a ratings system for software, the official said. The grading system would be similar to that used by local health departments for restaurants. The idea of a cybersecurity rating has been pushed by Congress’s bipartisan Cyberspace Solarium Commission as well as some industry groups.
The administration also is mulling a law such as the one introduced in Singapore requiring home devices to come with security labels.
Executive orders addressing the two…