The US government is working to address the risk of a commodity risk, a problem that was widely addressed late last year after Russian suspects attacked access to government agencies and private companies by smuggling malicious code into widely used software.
The National Counterintelligence and Security Center warned on Thursday that hackers were increasingly targeting vendors and suppliers working with the government to endanger their products with the intent to steal intellectual property and conduct fraud. The NCSC said it was working with other agencies, including the Cybersecurity and Infrastructure Security Agency, to raise awareness of the issue.
April marks what the government describes as the Fourth Month of National Unity. This year’s event comes as government officials face the consequences of the SolarWinds intrusion, in which hackers delay the purchase of software with malware.
At least nine government agencies have been hacked, as well as many private companies.
The NCSC says it plans to issue guidelines throughout the month on how certain sectors, such as health care and energy, can protect themselves.
“If the Covid-19 epidemic and shortage of products were not a cause enough grief, the recent cyber attacks on the United States industry and government should be a major voice for action,” NCSC acting director Michael Orlando said in a statement. , and the security of our supply chains. The resilience of our nation depends on it. ”
Orlando and officials from the United Kingdom, Canada and Australia took part in next week’s Harvard University discussion on international defense protection.
Many of the steps in the procurement process give criminals who want to enter businesses, agencies and infrastructure more access points and can mean that no company or manager is responsible for protecting the entire procurement industry.
Perhaps the most popular chain entry before the SolarWinds was the NotPetya attack, in which a malicious code found to be planted by Russian military invaders was exposed with an automatic update of Ukrainian tax preparation software, called MeDoc.