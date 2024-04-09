



A new bill led by Sen. Ron Wyden, D-Ore., would require new interoperability and cybersecurity standards for online collaboration tools acquired by the federal government. Wyden, who has a reputation as a privacy advocate, sponsors the Secure and Interoperable Government Collaboration Technologies Act following what his office called multiple disastrous hacks of U.S. government systems that occurred over the past year. These include a high-profile Chinese state-backed cyberattack that allowed hackers to access the Microsoft email accounts of senior government officials last year, leading to a scathing report from a DHS oversight board that criticized the company for an inadequate security culture. The measure directs the National Institute of Standards and Technology and the General Services Administration to establish minimum standards for commonly used workplace collaboration tools under government contract, such as Zoom or Slack, to that they meet certain interoperability requirements and use end-to-end encryption or other techniques. to prevent platforms from being hijacked by hackers or foreign spies. Common collaboration tools will need to adopt the standards within four years of their definition by NIST. DHS would be responsible for conducting compliance reviews of collaboration suites. The timeline for how often these assessments would occur is not provided, but DHS will be required to provide its findings to Congress within one month of their administration, according to the text of the bill. The aftermath of the Microsoft email cyberattack has led to several rounds of congressional oversight of U.S. governments. Strong dependency on the tech giants' products and services, which are used on Capitol Hill, in federal agencies and at the Department of Defense. The company has secured billions of dollars in government contracts over the past decade, according to data from federal contracting information provider GovTribe. Federal login data has repeatedly been targeted by malicious actors. In early March, the Federal Communications Commission confirmed that it was the target of a phishing scheme in which hackers built a cloned version of an agency verification site to siphon staff login information. The State Department also recently warned current and former employees to be wary of a fraudulent scheme targeting workers' payroll accounts.

