I-United States ibheja ekuthuthukiseni ikhwalithi nokuvikeleka komthombo ovulekile
I-Los USenators UGary Peters noRob Portman, uSihlalo kanye neLungu Eliphezulu LeKomidi Lezokuphepha Kwezwe Nezindaba Zikahulumeni, wethula umthetho we-bipartisan vikela izinhlelo zikahulumeni kanye nengqalasizinda ebalulekile ngokusebenzisa ukuqinisa ukuphepha kwesofthiwe yamahhala.
Ngomthetho Wokuphepha womthombo ovulekile (Ukuvikela Umthetho Wesoftware Yomthombo Ovulekile) I-CISA izoqondiswa ukuthi yakhe uhlaka lwengozi ukuhlola ukuthi uhulumeni wobumbano usebenzisa kanjani isofthiwe yomthombo ovulekile, izophinde ihlole ukuthi uhlaka olufanayo lungasetshenziswa kanjani ngokuzithandela ngabanikazi bengqalasizinda ebalulekile kanye nabaqhubi.
Lokhu kuzokhomba izindlela zokunciphisa ubungozi kumasistimu asebenzisa isofthiwe yomthombo ovulekile. umthetho iphinde iphoqe i-CISA ukuthi iqashe ochwepheshe abanolwazi lokuthuthukisa isofthiwe yomthombo ovulekile ukuqinisekisa ukuthi uhulumeni nomphakathi bayasebenzisana futhi bazimisele ukubhekana nezigameko ezifana nokuba sengozini kwe-Log4j. Ukwengeza, umthetho udinga iHhovisi Lokuphatha Nesabelomali (i-OMB) ukuthi linikeze isiqondiso kuma-ejensi kahulumeni mayelana nokusetshenziswa okuphephile kwesofthiwe yomthombo ovulekile futhi limise ikomidi elincane lokuphepha kwesofthiwe ku-Cybersecurity Advisory Committee ye-CISA.
Umthetho Ulandela Ukulalelwa umbuki zindwendwe ngu Peters & Portman mayelana nesigameko se-Log4j ekuqaleni kwalo nyaka, futhi kuzodinga i-Cybersecurity and Infrastructure Security Agency (CISA) ukuthi iqinisekise ukuthi uhulumeni wobumbano, ingqalasizinda ebalulekile kanye nabanye basebenzisa isofthiwe yamahhala ngokuphepha.
Futhi ukuthi ukuba sengozini kwe-Log4j kuthinte izigidi yamakhompyutha emhlabeni jikelele, okuhlanganisa nengqalasizinda ebalulekile kanye nezinhlelo zikahulumeni. Lokhu kuholele ekutheni ochwepheshe bezokuphepha ku-inthanethi abaphambili bakhulume ngomunye wobungozi bokuphepha ku-inthanethi obubucayi kakhulu obake babonwa.
Ithimba lemithombo evulekile yakwaGoogle lithe lihlaziye iMaven Central, indawo yokugcina iphakheji ye-Java enkulukazi, lathola ukuthi amaphakheji e-Java angama-35,863 asebenzisa izinguqulo ezisengozini zomtapo wezincwadi we-Apache Log4j. Lokhu kufaka phakathi amaphakheji e-Java asebenzisa izinguqulo ze-Log4j engcupheni yokuxhashazwa kwangempela kwe-Log4Shell (CVE-2021-44228) kanye nesiphazamisi sesibili sokukhishwa kwekhodi yesilawuli kude esitholwe kusichibi se-Log4Shell (CVE-2021-45046). Ukuba sengozini kuvezwe yi-Tenable "njengobungozi obukhulu kakhulu nobubucayi beshumi leminyaka eledlule."
“Isoftware yamahhala iyisisekelo sezwe ledijithali futhi ukuba sengozini kwe-Log4j kukhombisile ukuthi sincike kangakanani kuyo. Lesi sigameko sibe yingozi enkulu ezinhlelweni zikahulumeni kanye namabhizinisi engqalasizinda abalulekile, okuhlanganisa amabhange, izibhedlela kanye nezinsiza, abantu baseMelika abathembele kuzo nsuku zonke ukuze bathole izinsiza ezibalulekile, ”kusho uSenator Peters. “Lo mthetho we-bipartisan, onomqondo ojwayelekile uzosiza ukuvikela isoftware yamahhala futhi uqinise futhi ukuzivikela kwethu ku-cybersecurity kuma-cybercriminals kanye nezitha zakwamanye amazwe eziqala ukuhlasela okungapheli kumanethiwekhi ezweni lonke. »
“Njengoba sibonile ngokuba sengozini kwe-log4shell, amakhompyutha, amafoni namawebhusayithi sonke esiwasebenzisa nsuku zonke aqukethe isoftware yomthombo ovulekile esengozini yokuhlaselwa nge-inthanethi,” kusho uSenator Portman. “I-bipartisan Open Source Software Security Act izoqinisekisa ukuthi uhulumeni wase-US ulindele futhi unciphise ubungozi bokuphepha ku-software yomthombo ovulekile ukuze kuvikelwe idatha yabantu baseMelika ebucayi kakhulu. »
Osenenja bayakusho lokho inesisindo esikhulu, leso amakhompyutha amaningi kakhulu emhlabeni ngendlela eyodwa noma enye isoftware yomthombo ovulekile, ngaphezu kwalokho ukuthi kushiwo ukuthi uhulumeni wobumbano, ongomunye wabasebenzisi abakhulu be-software yamahhala emhlabeni, kufanele ikwazi ukulawula ubungozi bayo futhi ifake isandla ekuvikelekeni kwesofthiwe yamahhala emkhakheni ozimele kanye nayo yonke ingxenye yomphakathi.
Ukwengeza, umthetho udinga iHhovisi Lokuphatha Nesabelomali ukuthi likhiphele izinhlaka zikahulumeni iziqondiso mayelana nokusetshenziswa okuphephile kwesofthiwe yamahhala futhi lidale Ikomidi Elingaphansi Lokuphepha Kwesofthiwe ngaphakathi kweKomidi Lokweluleka Nge-Cybersecurity le-CISA.
U-Peters no-Portman bahole imizamo eminingana yokuqinisa ukuphepha ku-inthanethi kwesizwe sakithi. Ukunikezwa kwayo okungokomlando kwe-bipartisan edinga abanikazi nabasebenzisi bengqalasizinda ebalulekile ukuthi babike ku-CISA uma behlangabezana nokuhlaselwa okubalulekile kwe-cyberattack noma benza inkokhelo ye-ransomware kusayinwe kwaba umthetho.
Umthetho wamasenenja wokuqinisa ukuphepha kwe-inthanethi kohulumeni basekhaya nowasekhaya nawo wasayinwa waba umthetho. Okunye okuphawulekayo ukuthi izikweletu zikaPeters kanye nezakwaPortman zokuvikela amanethiwekhi ombuso nokuqinisekisa ukuthi uhulumeni angakwazi ukusebenzisa ngokuphepha ubuchwepheshe bamafu nawo aphasiswe ngazwi linye eSenate.
Okokugcina Uma unesifiso sokwazi okwengeziwe ngakho, ungabonisana imininingwane ekulesi sixhumanisi esilandelayo.