The Cybersecurity and Infrastructure Security Agency ordered all federal agencies on Wednesday to immediately begin addressing hundreds of cyber vulnerabilities.
The CISA warned that U.S. critical infrastructure is under threat from several factions. The Binding Operational Directive details nearly 300 known vulnerabilities, 90 of which were from 2021.
The agencies warned have six months to patch vulnerabilities found prior to 2021, and only two weeks to patch ones discovered this year, according to the directive. The directive noted that the time frames might be shortened “in the case of grave risk to the Federal Enterprise.”
The agencies will also be required to develop a process for patching the vulnerabilities and submit regular reports on their progress, the directive says.
“Every day, our adversaries are using known vulnerabilities to target federal agencies,” CISA Director Jen Easterly said in a statement. “As the operational lead for federal cybersecurity, we are using our directive authority to drive cybersecurity efforts toward mitigation of those specific vulnerabilities that we know to be actively used by malicious cyber actors.”
Easterly said private-sector organizations should also be alarmed and take action to protect themselves.
“We know that organizations across the country, including critical infrastructure entities, are targeted using these same vulnerabilities,” Easterly said. “It is therefore critical that every organization adopt this Directive and prioritize mitigation of vulnerabilities listed in CISA’s public catalog.”
CLICK HERE TO READ MORE FROM THE WASHINGTON EXAMINER
The directive comes following several major security breaches in the past year, including the SolarWinds hack involving Russian hackers breaching nine federal agencies and several private sector organizations.
