US firms may soon have to disclose data breaches to government

News
By published

New order seeks to avoid SolarWinds-type supply chain attacks

Privacy
(Image credit: Shutterstock / Valery Brozhinsky)

A rumored new US presidential order could force software vendors to notify their government customers of any cybersecurity breaches.

According to Reuters, the order, which could come into force as early as next week, makes several key changes to federal software acquisition rules, mainly in light of the SolarWinds supply-chain attack late last year.

The SolarWinds hack affected hundreds of public and private networks across the globe, including dozens of federal networks in the US. Instead of directly attacking the federal networks, the threat actors targeted a third-party vendor, SolarWinds, which supplies software to them. 

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

Software bill of materials

By compromising a piece of software in the supply chain, the hackers created multiple entry points to get inside secured networks.

To correct this, the proposed order calls for vendors supplying software solutions to US government agencies, to submit a software bill of materials, which lists details about other software and tools that have been rolled into the solution.

While this wouldn’t be an issue for open source software, for a majority of proprietary software, compiling and sharing such details would entail breaking non-disclosure agreements (NDA).

“The federal government needs to be able to investigate and remediate threats to the services it provides the American people early and quickly. Simply put, you can’t fix what you don’t know about,” the spokeswoman reportedly told Reuters.

It’s also reported that the order compels government software suppliers to increase their digital record keeping and coordinate with the FBI and the Homeland Security Department’s Cybersecurity and Infrastructure Security Agency (CISA) when responding to any future cybersecurity attacks. 

This would be similar to the GDPR currently in force in Europe, under which any company that is hit by a data breach has to inform the relevant authorities within 72 hours of becoming aware of the incident.

Some of the world's biggest names, including the likes of British AirwaysMarriott and EasyJet, have suffered data breaches recently, potentially meaning millions of users could potentially be at risk of fraud.

Via: Reuters

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
Digital US flag
Biden orders review, new rules governing US national cybersecurity
China
US Government officials urged to lock down devices amid telecoms breach
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
NIS2: the GDPR of cybersecurity
healthcare
US government wants to toughen up cybersecurity rules for healthcare organizations
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
US government urges federal agencies to patch Microsoft 365 now
IT
US government says companies are no longer allowed to send bulk data to these nations
Latest in Security
China
Juniper patches security flaws which could have let hackers take over your router
Representational image depecting cybersecurity protection
GitLab has patched a host of worrying security issues
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
China
Volt Typhoon threat group had access to American utility networks for the best part of a year
Abstract image of cyber security in action.
MassJacker malware targets those looking for pirated software
Code Skull
US government warns Medusa ransomware has hit hundreds of critical infrastructure targets
Latest in News
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
Man using iMessage on an iPhone
Apple will finally enable encrypted RCS messages between iOS and Android, and it's about time
Jason Sudeikis&#039; Ted Lasso pointing at someone in Ted Lasso season 2
Believe it, baby: Ted Lasso season 4 is officially in development for Apple TV+ and Jason Sudeikis will reprise his role as the titular soccer coach
Quordle on a smartphone held in a hand
Quordle hints and answers for Saturday, March 15 (game #1146)
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Saturday, March 15 (game #377)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Saturday, March 15 (game #643)
More about security
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.

AI agents can be hijacked to write and send phishing attacks
China

Juniper patches security flaws which could have let hackers take over your router
Nvidia RTX 6000

Details of Nvidia's fastest video card ever leak; RTX Pro 6000 Blackwell GPU will have 96GB GDDR7 ECC memory
See more latest
Most Popular
Nvidia RTX 6000
Details of Nvidia's fastest video card ever leak; RTX Pro 6000 Blackwell GPU will have 96GB GDDR7 ECC memory
Ai tech, businessman show virtual graphic Global Internet connect Chatgpt Chat with AI, Artificial Intelligence.
AI agents can be hijacked to write and send phishing attacks
Hasselblad X2D 100C camera in user&#039;s hand, their blue jacket in background
My dream Hasselblad camera is getting a sequel soon, according to new leaks – here are 5 upgrades I’m hoping for
Harry Halpin, CEO and co-founder of Nym Technologies, and Chelsea Manning, Nym Technlogies&#039; security consultant, on stage at the Frontline Club in London during the NymVPN launch on March 13, 2025.
NymVPN is now live – here's everything you need to know
Sony UBP-X700/K shown from the front
Sony launches new version of the best cheap 4K Blu-ray player that drops the streaming tech – but the price looks odd
Ethernet cables with IP addresses in the background
You can now use an IPv4 address as business collateral - and it could be worth millions
Close-up of woman using AirPods Pro 2
AirPods could catch up with Samsung buds with a live translation free upgrade in iOS 19
Image showing detail of the Leica D-Lux 8
Still can't get a Fujifilm X100VI? This premium Leica compact costs less, and it's in stock
China
Juniper patches security flaws which could have let hackers take over your router
A character riding their horse through the Japanese landscape of in Rise of the Ronin
Another day, another dreadful PC port - Rise of the Ronin joins the list of woeful PC launches with even an Nvidia RTX 4090 succumbing to stutters