On his last full day of office, President Donald Trump signed a director to order According to the White House, it was intended to prevent foreign malicious cyber actors from using the US online infrastructure to conduct their activities.
The injunction, which empowers the trade department to impose accounting obligations on foreign transactions, is seen as a response to the recent hacking campaign that SolarWinds Corp. and infected targeted organizations, including government agencies.
"Foreign malicious cyber actors are threatening our economy and national security through theft of intellectual property and sensitive data and targeting the critical infrastructure of the United States," national security adviser Robert O'Brien said in a statement. He said misuse of US infrastructure service products – such as those offered by cloud outfits such as Amazon Web Services and Microsoft Azure – "has played a role in every cyber incident in the past four years, including the actions that led to the intrusion of US companies. FireEye. and Solar Winds. "
It was a "much-needed step, unfortunately it takes an important and public compromise such as SolarWinds' breach of the US government infrastructure to drive such changes," said Jon DiMaggio, chief security strategist at Analyst1, a cyber threat analysis firm in Reston. , Virginia.
"It is certainly not the first time that supply chain attacks have occurred, nor is it the first time that the US government has become aware of the problem. It is time we started looking beyond supplier costs to determine which technology we use. allow it to support critical government infrastructure, ”he said.
The order allows the Department of Commerce to prevent US infrastructure companies from operating in countries where those products are used for malicious cyber activities, whether by individuals or when the country's own government is a source of that activity.
The injunction also grants powers to prohibit or impose conditions on foreigners opening or maintaining accounts with US companies in the US if they are found to be involved in malicious cyber activity.
The Commerce Department is charged with proposing regulations within six months of the warrant being issued, but it is not clear that the incoming administration led by Joe Biden will implement it.
"I could see they added a comment period or something from the affected companies," said Alex Stamos, a Stanford University professor who helped SolarWinds recover from the breach, who was Facebook's Chief Security Officer until 2018. Biden "wholesale also voids any executing order."
In December, SolarWinds of Austin, Texas, was at the center of the largest cyber security attack in recent history. Suspected Russian hackers have breached the internal networks of at least 200 customers, including US government agencies and an as-yet unknown number of private companies, a cybersecurity company and people familiar with the investigation, Bloomberg News told Bloomberg News.
In an operation that cybersecurity experts have described as extraordinarily advanced and difficult to detect, the hackers installed malicious code in updates to SolarWinds' widely used Orion software, which was sent to as many as 18,000 customers.
–With the help of Kartikay Mehrotra.
Top photo: A person types on a backlit keyboard set up in Danbury, UK, on Thursday, January 7, 2021. In the spring, hackers managed to insert malicious code into a software product from an IT provider called SolarWinds Corp., whose client list contains 300,000 settings. Photographer: Chris Ratcliffe / Bloomberg
Copyright 2021 Bloomberg.
The most important insurance news, delivered to your inbox every working day.
Receive the trusted newsletter from the insurance industry