White House to discuss software development with tech executives, calling it a ‘key national security concern’

January’s discussion between tech leaders and White House officials is necessary because open-source software is widely used but is maintained by volunteers, making it “a key national security issue,” Sullivan said. in a letter to tech companies, including excerpts. House shared with journalists.

Guests include software development companies and cloud service providers, according to the White House. A spokesman for the National Security Council declined to say which companies had been invited.

The letter follows the discovery this month of a vulnerability in software known as Log4j that organizations around the world use to log data in their applications.

Ransomware gangs and hackers linked to the governments of China, Iran, North Korea and Turkey moved to exploit the flaw as tech companies and government agencies rushed to apply software patches.
The U.S. Cybersecurity and Infrastructure Security Agency, which said hundreds of millions of devices could be exposed to the vulnerability, issued an “emergency directive” on Dec. 17 directing federal civilian agencies to update their systems.

A spokesperson for the agency told CNN on Thursday that there are no indications that any agency has been hacked using the Log4j vulnerability.

Although no US agency has confirmed a breach via the vulnerability, Belgium’s Ministry of Defense told local media this week that it shut down parts of its computer network in response to a hack using the flaw.

Cybersecurity officials called the vulnerability one of the most critical software bugs in years and warned it could take weeks or months to fully assess the impact.

While the world’s wealthiest companies depend on it, Log4j software is maintained by a group of volunteers from the nonprofit Apache Software Foundation, who worked long hours to fix the flaw.

The Log4j vulnerability “will define computing as we know it, separating those who make the effort to protect themselves and those who feel comfortable being careless,” said Amit Yoran, the company’s CEO. Maryland-based Tenable security.

It is precisely this lack of investment in critical software that the White House wants to remedy.

President Joe Biden issued an executive order in May requiring software purchased by the government to meet a minimum set of security standards. The goal is to use the purchasing power of the federal government to create greater demand for secure software development in the private sector as well.

Sullivan’s new letter isn’t the first time the Biden administration has used the White House bully pulpit to pressure tech companies to take action on pressing cybersecurity issues.

Biden called cybersecurity a “major national security challenge” during an August meeting with leaders from Microsoft, JPMorgan and other major U.S. companies. Google and Microsoft pledged to invest billions of dollars in cybersecurity initiatives in announcements associated with this meeting at the White House.

Gordon K. Morehouse