From: FederalNewsRadio.com 1500AM
By Jared Serbu
An untold number of federal IT systems potentially were left vulnerable to one of the most serious cybersecurity flaws in history for several days longer than necessary, not because federal officials didn’t know how to fix it, but because it wasn’t clear that they had the legal authority to do so.
The Heartbleed vulnerability originated from a programming flaw in OpenSSL, a widely-deployed variant of the encryption system used to protect web traffic around the world. Security researchers estimated it could affect up to two-thirds of all Web servers, and agencies weren’t immune. The software’s makers issued a fix on April 7, the same day the vulnerability was made public. Cybersecurity professionals scrambled in the hours after to determine whether their systems were subject to the flaw and to patch them if necessary.
But inside the federal government, that process took several days longer than it needed to because the agency in charge of protecting civilian agency IT systems, the Department of Homeland Security, didn’t have clear legal authority to scan other agencies’ networks, even though it had the technical ability to do so.
Leave a Reply