Government agencies need to address cybersecurity vulnerabilities

Washington (CNN) – Cyber ​​security officials in the United States on Friday issued an “emergency order” directing all federal civil agencies to find a solution as soon as possible. Critical software failure It affects large technology companies around the world.

The U.S. Cyber ​​Security and Infrastructure Agency (CISA) mandate gives federal agencies until December 23 to document and report to the CISA about software installations on their networks connected to the Internet. It is advisable for agencies to compare Extensive general list Software products that use Log4J vulnerabilities with software running on agency networks.

This is one of the most urgent steps taken by the Biden government to address the vulnerability of Log4J software, which could affect hundreds of millions of devices worldwide, according to U.S. officials.

CISA officials said this week that no federal agency had been hacked using the vulnerability, but that the emergency order was an attempt to confirm by gathering additional information about the federal agencies’ revelation of the problem.

Large technology companies ranging from Amazon Web Services to IBM have worked hard to fix vulnerabilities in their products and have issued guidelines on how to fix vulnerabilities for their customers.

This order extends the previous CISA mandate, with agents dealing with Log4J’s events that may not be directly disclosed on the Internet, but may be at deeper levels within the agency’s networks.

“This vulnerability is one of the most serious I’ve ever seen in my entire life, if not the most serious,” CISA Director Jen Easterly said Monday. In a phone call with business executives.

On Wednesday night, the U.S. Patent and Trademark Office closed external access to its systems for 12 hours due to “serious and urgent concerns” surrounding the vulnerability.

Microsoft Warned this week Cybercriminals associated with China, Iran, North Korea and Turkey use vulnerable software.