(TargetLiberty.org) – Federal agencies are easy targets for cybercriminals, according to the government’s security watchdog. It’s ordered them to start plugging the holes right away.
On November 3, the Cyberspace and Infrastructure Security Agency (CISA), the Department of Homeland Security branch responsible for protecting the US from cyber attacks, released new instructions to all federal agencies. The document, titled Binding Operational Directive 22-01, identifies almost 300 vulnerabilities in government agencies’ computer systems, and it orders them to begin work immediately on fixing them.
CISA announced a new Binding Operational Directive this morning. I look forward to working with @CISAgov and @OMBPress to ensure a whole-of-government approach to mitigating the vulnerability risks associated with the BOD. https://t.co/3kzProh8WR
— Chris Inglis (@ncdinglis) November 3, 2021
CISA, set up by former President Donald Trump, has clearly focused on the newest threats. Agencies have six months to fix problems discovered from 2017 to 2020, but just two weeks to deal with those identified this year. The security agency ordered other federal departments to develop procedures for fixing weaknesses and report the status of their efforts.
The operational directive is only binding on federal agencies, but CISA Director Jen Easterly recommended that private organizations follow its advice, too. She warned, “We know that organizations across the country, including critical infrastructure entities, are targeted using these same vulnerabilities.”
Recent hacks, like the ransomware attack on Colonial Pipeline, underline her point. Organizations must fix these weaknesses – and organizations, both government and private, must accept this is an unending process. As hackers innovate and evolve, security needs to advance.
Copyright 2021, TargetLiberty.org