After the hacker attack on the Bernese software company Xplain, the federal government demands security from IT service providers who carry out assignments for it. 2871 companies were asked by letter to check whether they can meet the explicitly stated requirements.
Inside-IT reported on Wednesday about the letter from the Federal Bureau for Buildings and Logistics (BBL), which is available to the Keystone-SDA news agency. It says:
According to inside-it.ch, the technical requirements companies must meet include “an obligation to use multi-factor authentication, the prohibition of using unencrypted passwords, and the storage of non-anonymized productive federal data.”
In addition, inside-it.ch cites the letter stating that a test data deletion procedure must be implemented and applied after it has been used. And: Network traffic must be monitored and a VPN connection must be enforced for people working “remotely”.
An “incident response process” and the regular review of log files would also be required.
IT service providers who can only partially meet the specifically defined security requirements or who identify weaknesses in themselves must report to the contract partner at the federal government and the National Center for Cybersecurity. The aim is mainly to create awareness, according to the BBL when asked.
The letter also calls on contract partner companies to stay informed about current threats from cyberspace and measures to increase security. If the examination of the contract documents indicates that action is required, the companies concerned will be contacted again.
Following the Xplain hack, the Federal Council decided at the end of June to systematically review contracts with IT service providers with the federal government.
Hackers had stolen data from the IT service provider Xplain, which works for the federal government, Watson announced on June 23. Since the cybercriminals did not receive a ransom, they made data accessible on the dark web.
Data from the Liechtenstein National Police has also been disclosed on the leak site of the ransomware gang Play. The agency also works with Xplain. Among other things, 59 personal data sets that were stored during development and support work by Xplain have been leaked, the national police announced on Wednesday.
The personal data records include data from current and former employees as well as personal data from the register of persons. Once the people are finally verified, they would be notified of the theft of their data, state police said.
The data analysis has confirmed that there is no confidential information from operational databases between the stolen and leaked data.
(dsc/sda)
Source: Watson
I’m Ella Sammie, author specializing in the Technology sector. I have been writing for 24 Instatnt News since 2020, and am passionate about staying up to date with the latest developments in this ever-changing industry.
On the same day of the terrorist attack on the Krokus City Hall in Moscow,…
class="sc-cffd1e67-0 iQNQmc">1/4Residents of Tenerife have had enough of noisy and dirty tourists.It's too loud, the…
class="sc-cffd1e67-0 iQNQmc">1/7Packing his things in Munich in the summer: Thomas Tuchel.After just over a year,…
At least seven people have been killed and 57 injured in severe earthquakes in the…
The American space agency NASA would establish a uniform lunar time on behalf of the…
class="sc-cffd1e67-0 iQNQmc">1/8Bode Obwegeser was surprised by the earthquake while he was sleeping. “It was a…