US firms may soon have to disclose data breaches to government

News
By published

New order seeks to avoid SolarWinds-type supply chain attacks

Privacy
(Image credit: Shutterstock / Valery Brozhinsky)

A rumored new US presidential order could force software vendors to notify their government customers of any cybersecurity breaches.

According to Reuters, the order, which could come into force as early as next week, makes several key changes to federal software acquisition rules, mainly in light of the SolarWinds supply-chain attack late last year.

The SolarWinds hack affected hundreds of public and private networks across the globe, including dozens of federal networks in the US. Instead of directly attacking the federal networks, the threat actors targeted a third-party vendor, SolarWinds, which supplies software to them. 

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Software bill of materials

By compromising a piece of software in the supply chain, the hackers created multiple entry points to get inside secured networks.

To correct this, the proposed order calls for vendors supplying software solutions to US government agencies, to submit a software bill of materials, which lists details about other software and tools that have been rolled into the solution.

While this wouldn’t be an issue for open source software, for a majority of proprietary software, compiling and sharing such details would entail breaking non-disclosure agreements (NDA).

“The federal government needs to be able to investigate and remediate threats to the services it provides the American people early and quickly. Simply put, you can’t fix what you don’t know about,” the spokeswoman reportedly told Reuters.

It’s also reported that the order compels government software suppliers to increase their digital record keeping and coordinate with the FBI and the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) when responding to any future cybersecurity attacks. 

This would be similar to the GDPR currently in force in Europe, under which any company that is hit by a data breach has to inform the relevant authorities within 72 hours of becoming aware of the incident.

Some of the world's biggest names, including the likes of British AirwaysMarriott and EasyJet, have suffered data breaches recently, potentially meaning millions of users could potentially be at risk of fraud.

Via: Reuters

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Digital US flag
Biden orders review, new rules governing US national cybersecurity
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
NIS2: the GDPR of cybersecurity
healthcare
US government wants to toughen up cybersecurity rules for healthcare organizations
IT
US government says companies are no longer allowed to send bulk data to these nations
Security
Removing software supply chain blind spots that put public sector organizations at risk
US President Donald Trump speaks to the press as he signs an executive order to create a US sovereign wealth fund, in the Oval Office of the White House on February 3, 2025, in Washington, DC.
The US privacy nightmare? What's changed after 30 days of President Trump's new administration
Latest in Security
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Oracle
Oracle denies data breach after hacker claims to hold six million records
Hacker silhouette working on a laptop with North Korean flag on the background
North Korea unveils new military unit targeting AI attacks
Latest in News
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
A phone showing a ChatGPT app error message
ChatGPT was down for many – here's what happened
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
A woman sitting in a chair looking at a Windows 11 laptop
It looks like Microsoft might have thought better about banishing Copilot AI shortcut from Windows 11
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
More about security
Lock on Laptop Screen

Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg

Key trusted Microsoft platform exploited to enable malware, experts warn
Cassian Andor looking nervously over his shoulder in Andor season 2

New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
See more latest
Most Popular
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
A screenshot from Indiana Jones and the Great Circle showing Indiana Jones
Indiana Jones and the Great Circle finally gets PS5 release date and I can't wait to don the fedora and crack the whip
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Tuesday, March 25 (game #387)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Tuesday, March 25 (game #653)
Quordle on a smartphone held in a hand
Quordle hints and answers for Tuesday, March 25 (game #1156)
AirPods Max with USB-C in every color
Apple's AirPods Max with USB-C will get lossless audio in April, but you'll need to go wired
US flags
US government IT contracts set to be centralized in new Trump order