Popular collaboration tools such as Microsoft Teams, Zoom, Slack and Google may be required to implement end-to-end encryption and interoperability if used by US federal agencies.
Legislation put forward by US Senator Ron Wyden, titled as the Secure and Interoperable Government Collaboration Technology Act is looking to boost security for such tools following a number of high-profile recent incidents.
Federal agencies don’t seem to use a single standard collaboration tool between them, making it necessary that when inter-agency communication does happen, it should be fully secure.
Communication is key
If written into law - which would most likely happen in 2025 due to the upcoming elections - the bill would require each collaboration tool used by federal agencies to be assessed by the National Institute of Standards and Technology (NIST) in order to understand how they can interoperate securely.
Email accounts linked to several agencies have been cracked by Russian hackers exploiting a chain of vulnerabilities linked to Microsoft corporate email accounts, and other government agencies have succumbed to a cascade of Ivanti VPN vulnerabilities that resulted in data exfiltration and persistent system access affecting businesses and government departments alike.
Speaking on the proposal, Wyden said, “My bill will secure the US government's communications from foreign hackers, while protecting taxpayer wallets. Vendor lock-in, bundling, and other anticompetitive practices result in the government spending vast sums of money on insecure software.”
“It's time to break the chokehold of big tech companies like Microsoft on government software, set high cybersecurity standards and reap the many benefits of a competitive market,” he concluded.
Once signed into law, federal agencies would have up to four years to ensure their collaboration software meets the standards and requirements set by NIST, so while it isn’t an immediate fix to some of the security issues the federal government is experiencing, it's certainly a step in the right direction.
Via The Register
More from TechRadar Pro
- This is the best DDoS protection software
- The cyber landscape in 2024: AI, cyber attacks and disinformation
- Here is our guide to the best endpoint protection software