DHS secretary ‘extraordinarily concerned’ about latest software vulnerability that forced US Patent office to take its systems offline for 12 hours

By Geneva Sands, Sean Lyngaas and Gregory Wallace, CNN

Homeland Security Secretary Alejandro Mayorkas said Thursday that he’s “extraordinarily concerned” about a newly revealed critical flaw in widely used software that is roiling the internet and caused the US Patent and Trademark Office to temporarily shut down external access to its computer systems.

“It’s uppermost in our minds, and, quite frankly, uppermost in our action plans,” Mayorkas said, speaking with the German Marshall Fund of the United States about ransomware.

He continued: “The challenge it presents is its prevalence, because they attacked a software that is omnipresent, and then there’s a vulnerability that has been exposed and others can jump in in the exploitation of that vulnerability and really multiply the harm.”

The secretary added that the government is working “very, very quickly” on the issue.

CNN reported earlier Thursday that the US Patent and Trademark Office on Wednesday night shut down external access to its computer systems for 12 hours in response to the flaw in Java-based software known as Log4j.

DHS’ Cybersecurity and Infrastructure Security Agency told CNN later Thursday that it remains accurate that there are no confirmed compromises across federal civilian networks relating to the Log4j vulnerability.

The agency is also not aware of any other federal agencies that conducted similar shutdowns.

The patent office said it had taken the action in light of “serious and time-sensitive concern” around the vulnerability, which is in software that organizations around the world use to log information in their applications.

The move temporarily prevented people from filing patent applications with the office, the agency said in an email to its website users viewed by CNN. As of Thursday morning, the patent office said its computer systems were back online.

US cybersecurity officials have sounded the alarm about the Log4j vulnerability, warning that hundreds of millions of devices around the world could be affected by the bug. The Cybersecurity and Infrastructure Security Agency said Tuesday night that there were no signs of breaches at federal agencies using the vulnerability.

But Microsoft has warned that hackers linked with the governments of China, Iran, North Korea and Turkey have moved to exploit the software flaw.

CISA has ordered all federal civilian agencies to update their software or otherwise address the flaw by December 24.

CNN has reached out to CISA for comment on the patent office’s temporary IT shutdown.

This story and headline have been updated with additional developments Thursday.

The-CNN-Wire
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.