In this interview with Elizabeth Vargas, Friday, June 16, Michael Chertoff explains the implications of a rapidly evolving cyberattack attributed to Russian cybercriminals’ exploitation of a previously unknown vulnerability in the MOVEit file-transfer software platform. The incident has impacted numerous federal government and private sector organizations.
“It demonstrates that when the supply chain, which provides the individual software tools, or even the hardware that can be used to build our IT systems, gets compromised, it is like giving the bad guys a skeleton key that allows them to open all the doors of the customer agencies and companies that use that software,” he said.
Software security has been the focus of a number of recent Administration initiatives: the Administration is attempting to use its procurement authorities to drive minimum secure software standards for Federal vendors, as explained in our recent blog. The March 2023 National Cybersecurity Strategy also aims to incentivize more secure software by shifting legal liability to software providers that fail to take “reasonable precautions” to secure their software, as detailed in another recent Chertoff Group blog.
Watch the full story on NewsNation.
Read our blog post on the Russian cybercriminal MOVEit attack and learn what measures to take to lower the likelihood of a successful compromise.
