UK government homepage knocked offline by Fastly glitch


UK government homepage knocked offline by Fastly glitch

Written by 

The homepage of the U.K. government was among websites affected early Tuesday by an outage at content delivery network Fastly.

Gov.uk was unavailable to some users for more than an hour, along with those of major news organizations including the New York Times, Bloomberg, and the Financial Times.

Content delivery networks are a key part of the global internet infrastructure and provide servers that improve the performance and availability of web services to users in different locations. Media content is often cached at a CDN server so that it doesn’t have to be fetched on the original server every time a user loads a web page.

As of 9:25 am eastern time, a Fastly spokesperson said the company had identified and disabled a service configuration that triggered disruptions across local access points of its networks.

“Our global network is coming back online,” said the spokesperson.

Commenting on the outage, Matt McDermott, a senior officer at technology policy consultancy Access Partnership, said the incident served as a reminder that government agencies should have a rapid response plan in place for dealing with such outages.

“Organizations and government bodies need to look at implementing the steps that look to assess, stabilize, improve and monitor to ensure this issue do not pose further problems in the future,” he said. “Assessment is needed to determine the server’s bottleneck then stabilizing the issue with implementation of quick fixes will mitigate impact to broader stakeholders and users.”

Speaking with FedScoop, McDermott said that depending on the nature of the issue, automated early warning systems can allow serious cyber incidents to be averted.

“Even just a few minutes’ additional warning of a coming outage can help to preserve critical services. In these situations, it becomes very difficult to keep up everything, but emergency capacity can be used to protect key assets,” he said.

A spokesperson for the U.K. government’s digital service said: “We are aware of the issues with gov.uk which means that users cannot currently access the site. This is a wider issue affecting a number of other websites. We are investigating this as a matter of urgency.”

-In this Story-

CybersecurityTechnology

CISA launches platform to allow hackers to report flaws in federal tech

(Scoop News Group photo)
Written by 

The Cybersecurity and Infrastructure Security Agency (CISA) has launched a vulnerability disclosure platform (VDP) that will allow federal agencies to identify cybersecurity flaws with the help of ethical hackers.

The platform will be available to all civilian agencies overseen by CISA, and is intended to allow government departments to take advantage of the skills of civilian cybersecurity experts, often known as white-hat hackers.

In the private sector, white-hat hackers use their skills to identify and report weaknesses in companies’ cyber defenses.

The launch of the platform is designed to help agencies comply with a directive, which was published by CISA in September last year, requiring that agencies develop a procedure for reporting cybersecurity flaws and to clarify what types of security testing are allowed.

Under the directive, agencies must also provide a system for the anonymous reporting of weaknesses and commit to not pursing legal action against security research conducted in good faith.

CISA did not comment on which agencies would join the VDP first, or the timeline for onboarding.

The platform is being administered by private contractors Bugcrowd and EnDyna, through CISA’s Quality Service Management Office (QSMO).

Speaking to FedScoop, Bugcrowd CEO Ashish Gupta said the platform would allow government departments to speed up the sharing of information about a high number of vulnerabilities.

According to Gupta, in a similar program working with a large financial institution, Bugcrowd was able to identify a vulnerability that affected more than 250 domains and over 5,000 URLs.

CISA’s executive assistant director for cybersecurity, Eric Goldstein, said: “A key component of any organization’s cybersecurity program should be a transparent and clear way for security researchers to report vulnerabilities, which is why CISA issued a directive last year to require federal civilian executive branch agencies to implement a vulnerability disclosure policy.

“As we work to raise the baseline of cybersecurity across the executive branch, CISA will continue to work with federal agencies to ensure they have the support they need to strengthen their cybersecurity operations, including by quickly identifying and mitigating vulnerabilities,” added Goldstein.

CISA initially awarded Bugcrowd and EnDyna the platform contract in September, however, a series of protests delayed its first of three initial shared services being offered by its QSMO until now.

The use of VDPs could even become widespread for federal contractors should California Democratic Rep. Ted Lieu‘s Improving Contractor Cybersecurity Act, introduced on June 1, become law.

The SolarWinds hack, discovered to have compromised at least nine federal agencies in December, prompted President Biden‘s cybersecurity executive order pushing new investments in zero-trust security architectures.

More recently the Supreme Court narrowed the scope of the Computer Fraud and Abuse Act, in part, to protect well-intentioned, white-hat hackers from being unfairly prosecuted for investigating vulnerabilities.

-In this Story-

Ashish Guptabinding operational directiveBugcrowdComputer Fraud and Abuse Act (CFAA)Cybersecurity and Infrastructure Security Agency (CISA)EnDynaImproving Contractor Cybersecurity ActJoe BidenQSMOsSolarWindsSupreme CourtTed Lieuvulnerability disclosure

تعليقات