For the first time, the United States will require all software purchased by the federal government to meet, within six months, a series of new cybersecurity standards. The order also establishes an incident review board, much like the teams that investigate airline accidents, to learn lessons from major hacking episodes. The new order also requires all federal agencies to encrypt data, whether it is in storage or while it is being transmitted — two very different challenges. When China stole 21.5 million files about federal employees and contractors holding security clearances, none of the files were encrypted, meaning they could be easily read. Previous efforts to mandate minimum standards on software have failed to get through Congress, notably in a major showdown nine years ago.

Source: New York Times May 13, 2021 01:30 UTC