George W. Ingham, a partner at the law firm Hogan Lovells, said companies with mandates would potentially have to make difficult decisions.

“They are going to have to fire high performers and low performers who refuse vaccines,” he said. “They have to be consistent.” Reasons an employee could be exempted include religious beliefs or a disability, though the process of sorting those out on an individual basis promises to be an arduous one.

Companies may also have to contend with pushback from state governments. Ten states have passed legislation limiting the ability to require vaccines for students, employees or the public, according to the National Conference of State Legislatures.

Disney is among the few big companies pursuing a broad vaccine mandate for their work forces, even in the face of pushback from some employees.

In addition to mandating vaccines for nonunion workers who are on-site, Disney said all new hires — union and nonunion — would be required to be fully vaccinated before starting their jobs. Nonunion hourly workers include theme park guest-relations staff, in-park photographers, executive assistants and some seasonal theme park employees.

It was the furthest that Disney could go without a sign-off from the dozen unions that represent the bulk of its employees. Walt Disney World in Florida, for instance, has more than 65,000 workers; roughly 38,000 are union members.

Disney is now seeking union approval for the mandate both in Florida and in California, where tens of thousands of workers at the Disneyland Resort in Anaheim are unionized. Most of the leaders of Disney’s unions appear to be in favor of a mandate — as long as accommodations can be worked out for those refusing the vaccine for medical, religious or other acceptable reasons.

“Vaccinations are safe and effective and the best line of defense to protect workers, frontline or otherwise,” Eric Clinton, the president of UNITE HERE Local 362, which represents roughly 8,000 attraction workers and custodians at Disney World, said in a phone interview.

Mr. Clinton declined to comment on any pushback from his membership, but another union leader at Disney World, speaking on the condition of anonymity so he could speak candidly, said “a fair number” of his members were up in arms over Disney-mandated vaccinations, citing personal choice and fear of the vaccine.

“The company has probably done a calculation and decided that some people will unfortunately quit rather than protect themselves, and so be it,” the person said.

Lananh Nguyen contributed reporting.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

How China Transformed Into a Prime Cyber Threat to the U.S.

Nearly a decade ago, the United States began naming and shaming China for an onslaught of online espionage, the bulk of it conducted using low-level phishing emails against American companies for intellectual property theft.

On Monday, the United States again accused China of cyberattacks. But these attacks were highly aggressive, and they reveal that China has transformed into a far more sophisticated and mature digital adversary than the one that flummoxed U.S. officials a decade ago.

The Biden administration’s indictment for the cyberattacks, along with interviews with dozens of current and former American officials, shows that China has reorganized its hacking operations in the intervening years. While it once conducted relatively unsophisticated hacks of foreign companies, think tanks and government agencies, China is now perpetrating stealthy, decentralized digital assaults of American companies and interests around the world.

Hacks that were conducted via sloppily worded spearphishing emails by units of the People’s Liberation Army are now carried out by an elite satellite network of contractors at front companies and universities that work at the direction of China’s Ministry of State Security, according to U.S. officials and the indictment.

like Microsoft’s Exchange email service and Pulse VPN security devices, which are harder to defend against and allow China’s hackers to operate undetected for longer periods.

“What we’ve seen over the past two or three years is an upleveling” by China, said George Kurtz, the chief executive of the cybersecurity firm CrowdStrike. “They operate more like a professional intelligence service than the smash-and-grab operators we saw in the past.”

China has long been one of the biggest digital threats to the United States. In a 2009 classified National Intelligence Estimate, a document that represents the consensus of all 16 U.S. intelligence agencies, China and Russia topped the list of America’s online adversaries. But China was deemed the more immediate threat because of the volume of its industrial trade theft.

But that threat is even more troubling now because of China’s revamping of its hacking operations. Furthermore, the Biden administration has turned cyberattacks — including ransomware attacks — into a major diplomatic front with superpowers like Russia, and U.S. relations with China have steadily deteriorated over issues including trade and tech supremacy.

China’s prominence in hacking first came to the fore in 2010 with attacks on Google and RSA, the security company, and again in 2013 with a hack of The New York Times.

breach of the U.S. Office of Personnel Management. In that attack, Chinese hackers made off with sensitive personal information, including more than 20 million fingerprints, for Americans who had been granted a security clearance.

White House officials soon struck a deal that China would cease its hacking of American companies and interests for its industrial benefit. For 18 months during the Obama administration, security researchers and intelligence officials observed a notable drop in Chinese hacking.

After President Donald J. Trump took office and accelerated trade conflicts and other tensions with China, the hacking resumed. By 2018, U.S. intelligence officials had noted a shift: People’s Liberation Army hackers had stood down and been replaced by operatives working at the behest of the Ministry of State Security, which handles China’s intelligence, security and secret police.

Hacks of intellectual property, that benefited China’s economic plans, originated not from the P.L.A. but from a looser network of front companies and contractors, including engineers who worked for some of the country’s leading technology companies, according to intelligence officials and researchers.

It was unclear how exactly China worked with these loosely affiliated hackers. Some cybersecurity experts speculated that the engineers were paid cash to moonlight for the state, while others said those in the network had no choice but to do whatever the state asked. In 2013, a classified U.S. National Security Agency memo said, “The exact affiliation with Chinese government entities is not known, but their activities indicate a probable intelligence requirement feed from China’s Ministry of State Security.”

announced a new policy requiring Chinese security researchers to notify the state within two days when they found security holes, such as the “zero-days” that the country relied on in the breach of Microsoft Exchange systems.

arrested its founder. Two years later, Chinese police announced that they would start enforcing laws banning the “unauthorized disclosure” of vulnerabilities. That same year, Chinese hackers, who were a regular presence at big Western hacking conventions, stopped showing up, on state orders.

“If they continue to maintain this level of access, with the control that they have, their intelligence community is going to benefit,” Mr. Kurtz said of China. “It’s an arms race in cyber.”

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

Bill Gates Can Remove Melinda French Gates From Foundation in Two Years

Bill Gates and Melinda French Gates have at times referred to the foundation they established together as their “fourth child.” If over the next two years they can’t find a way to work together following their planned divorce, Mr. Gates will get full custody.

That was one of the most important takeaways from a series of announcements about the future of the world’s largest charitable foundation made on Wednesday by its chief executive, Mark Suzman, overshadowing an injection of $15 billion in resources that will be added to the $50 billion previously amassed in its endowment over two decades.

“They have agreed that if after two years either one of them decides that they cannot continue to work together, Melinda will resign as co-chair and trustee,” Mr. Suzman said in a message on Wednesday to employees of the Bill and Melinda Gates Foundation. If that happened, he added, Ms. French Gates “would receive personal resources from Bill for her philanthropic work” separate from the foundation’s endowment.

The money at stake underscores the strange mix of public significance — in global health, poverty reduction and gender equality, among other important areas — and private affairs that attends any move made by the first couple of philanthropy, even after the announcement of their split. The foundation plans to add trustees outside their close circle, a step toward better governance that philanthropy experts had urged for years.

announced their divorce in May, Mr. Gates and Ms. French Gates noted the importance of the work done by the foundation they had built and said they “continue to share a belief in that mission.” In the announcement on Wednesday, each echoed those sentiments.

“These new resources and the evolution of the foundation’s governance will sustain this ambitious mission and vital work for years to come,” Mr. Gates said in a statement.

Ms. French Gates emphasized the importance of expanding the board. “These governance changes bring more diverse perspectives and experience to the foundation’s leadership,” she said in a statement. “I believe deeply in the foundation’s mission and remain fully committed as co-chair to its work.”

In the immediate aftermath of the divorce announcement, it was unclear how they would share control of the institution. Wednesday’s announcement indicated that if they cannot work out their differences, it is the Microsoft co-founder Mr. Gates who will maintain control, as he essentially buys his ex-wife out of the foundation.

Mr. Suzman said he did not know how much Ms. French Gates would get if it came to that. But any payout would most likely be significant.

Ms. French Gates’s name since the divorce was announced. She pursues her own priorities through a separate organization known as Pivotal Ventures. Mr. Gates also has his own group, Gates Ventures.

Less than a year ago, the Gates Foundation was run by Mr. Gates, Ms. French Gates, his father and one of his closest friends, the billionaire investor Warren E. Buffett. It was a remarkable concentration of power for one of the most influential institutions in the world, a $50 billion private foundation that works in every corner of the globe.

The restructuring announced Wednesday could begin the process of making the Gates Foundation more responsive to the people its mission aims to help and loosen the grip on the reins that its founders have held for more than two decades.

“We’re trying to do this in a very careful and deliberate manner, thinking for the long term,” Mr. Suzman said in an interview.

In a larger sense, the planned changes at the Gates Foundation reflect the tensions within philanthropy as a whole — between the wishes of the wealthy, powerful donors who provide the millions and even billions of dollars and the nonprofits using those funds to feed, shelter and treat those in need.

“The problems with the governance predated the separation and divorce just as those problems are an issue with all family foundations,” said Rob Reich, co-director of the Center on Philanthropy and Civil Society at Stanford.

Two former senior Gates Foundation officials called for an expanded board in an article a few weeks after the divorce announcement, including “a chair who is not the foundation’s C.E.O., founder or a founder’s family member.”

“Given that founders receive a substantial tax benefit for their donations, the assets the board oversees should be regarded as belonging to the public, with the board being held accountable to a fiduciary standard of care,” wrote Alex Friedman, the former chief financial officer, and Julie Sunderland, the former director of the foundation’s Strategic Investment Fund.

The Gates Foundation is trying to fight Covid-19, eradicate polio and reshape the struggle for gender equality, even as its two co-chairs extricate themselves from a 27-year marriage. The foundation has more than 1,700 employees and makes grants in countries around the world. Since 2000, the foundation has made grants totaling more than $55 billion, much of it from Mr. Gates and Ms. French Gates, but tens of billions also came from Mr. Buffett, the chief executive of Berkshire Hathaway.

Yet, in significant ways, the future of such an influential institution, one that touches the lives of millions of people through its grant recipients, is being decided in a separation agreement between two billionaires.

Mr. Buffett’s announcement last month that he was stepping down as the third trustee of the foundation made clear that the divorce had set significant changes in motion. Mr. Suzman promised at the time that governance changes would be announced this month, with many observers anticipating that a new slate of independent trustees would be revealed.

Details on what that might look like remained few on Wednesday, with neither names of candidates for the board of trustees nor even the ultimate number of new trustees released. Mr. Gates and Ms. French Gates will approve changes to the foundation’s governance structures by the end of the year and the new trustees will be announced in January, according to the statement.

At the center of the impending changes stands Mr. Suzman, a 14-year veteran of the Gates Foundation, who was named chief executive just as the spread of Covid-19 in the United States was becoming apparent. Born in South Africa, the Harvard- and Oxford-educated Mr. Suzman served as a correspondent for The Financial Times in London, South Africa and Washington before going to work at the United Nations. He joined the foundation in 2007 to work on global development policy before claiming the top post last year.

Mr. Suzman said in an interview that he had heard that Mr. Gates and Ms. French Gates would be divorcing only about 24 hours before the news was announced. He said they had started talking about possible governance changes “almost right away” after that.

He said he was in regular contact with both. “I’m having three-way conversations with them,” Mr. Suzman said. “We’re having regular three-way email exchanges and other discussions.”

He noted that the hands-on leadership of Mr. Gates and Ms. French Gates meant the changes will take some time to enact.

“The degree and depth of engagement of our co-chairs and trustees goes significantly beyond what a traditional board does and how it does it,” he said in the interview. “So we’ll need some time to think through how we balance that with the people we bring on board.”

Mr. Suzman will work with Connie Collingsworth, the foundation’s chief operating officer and chief legal officer, to handle the process. The final decisions on both the new trustees and the changes to the foundation’s governance documents will be made by Mr. Gates and Ms. French Gates. It is a reminder that, at least for now, power remains concentrated in the former couple.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

‘Crucial Time’ for Cloud Gaming, Which Wants to Change How You Play

Mr. Buser declined to comment on February’s changes.

Amazon also unveiled a cloud service, Luna, in September. It is so far available only to invitees, who pay $6 a month to play the 85 games on the platform. The games can be streamed from the cloud to phones, computers and Amazon’s Fire TV.

Like Google, Amazon has struggled to assemble a vast library of appealing games, though it does offer games from the French publisher Ubisoft for an added fee. Amazon has also had trouble developing its own games, which Mr. van Dreunen said showed that the creative artistry necessary to make enticing games was at odds with the more corporate style of the tech giants.

“They may have an interesting technological solution, but it totally lacks personality,” he said.

Amazon said it remained dedicated to game development: It opened a game studio in Montreal in March and, after a long delay, is releasing a game called New World this summer.

Even console makers have jumped into cloud gaming. Microsoft, which makes the Xbox console, released a cloud offering, xCloud or Xbox Cloud Gaming, last fall. For a $15 monthly subscription, users can play more than 200 games on various devices.

Sony also has a cloud gaming service, PlayStation Now, where games can be streamed to PlayStation consoles and computers.

Satya Nadella, Microsoft’s chief executive, said in an interview last month that he did not think it was possible to be a gaming company “with any level of big ambition” without cloud gaming. Sony declined to comment.

Other companies have waded in, too. Nvidia, the chip maker that produces gaming hardware, has a $10-a-month cloud program, GeForce Now.

View Source

>>> Don’t Miss Today’s BEST Amazon Deals! <<<<

In Antitrust Trial, Tim Cook Argues Apple Doesn’t Hurt App Makers

At another point, the Apple lawyer questioned Mr. Cook on Apple’s competition in the app market. Mr. Cook said he believed digital marketplaces that distributed games, including Epic’s and those of the gaming-console makers like Sony and Microsoft, were direct competitors to the App Store. Though, he admitted, “I’m not a gamer.”

Throughout the trial, Judge Gonzalez Rogers frequently sought clarification on technical jargon and pressed witnesses further on their answers. She asked about the difference in business models for Fortnite, Epic’s most popular game, and games like Roblox and Minecraft from other companies, and asked how Apple’s security compared with that of third-party companies.

Earlier this week, she said she had not seen much evidence for one of Epic’s nine claims that accuses Apple of violating the essential facilities doctrine, which bans business from denying other businesses access to certain markets. Apple quickly filed a motion to have the essential facilities claim dismissed.

The biggest challenge in deciding the case may be defining the market that Epic and Apple are fighting over. Apple argued that Epic has many options for game distribution including web browsers, gaming consoles and personal computers. Many of those platforms charge a commission similar to that of the App Store. If gaming is the market, Apple argued, then there are many competitors — like Microsoft, Sony and Nintendo — and Apple cannot have a monopoly.

Epic responded that Fortnite is more than a game. It is something the company calls the metaverse — an infinite digital universe with activities, social media and even concerts. The argument led to a lengthy and detailed debate over what a game actually is. The point? This case, Epic’s lawyers argued, is about all mobile apps, which can only reach the iPhone’s one billion users through Apple’s App Store.

Judge Gonzalez Rogers expressed frustration over the market semantics. “One side will say it’s black, the other says it’s white — typically it’s somewhere in the gray,” she said last week.

Apple argued that its fees were necessary to maintain security for its customers. The company’s lawyers said the App Store’s restrictions protected against malware and data breaches for iPhone users.

View Source

Bill Gates Had Reputation for Questionable Behavior Before Divorce

By the time Melinda French Gates decided to end her 27-year marriage, her husband was known globally as a software pioneer, a billionaire and a leading philanthropist.

But in some circles, Bill Gates had also developed a reputation for questionable conduct in work-related settings. That is attracting new scrutiny amid the breakup of one of the world’s richest, most powerful couples.

In 2018, Ms. French Gates wasn’t satisfied with her husband’s handling of a previously undisclosed sexual harassment claim against his longtime money manager, according to two people familiar with the matter. After Mr. Gates moved to settle the matter confidentially, Ms. French Gates insisted on an outside investigation. The money manager, Michael Larson, remains in his job.

On at least a few occasions, Mr. Gates pursued women who worked for him at Microsoft and the Bill and Melinda Gates Foundation, according to people with direct knowledge of his overtures. In meetings at the foundation, he was at times dismissive toward his wife, witnesses said.

public view, Ms. French Gates was unhappy. She hired divorce lawyers, setting in motion a process that culminated this month with the announcement that their marriage was ending.

a public appearance in 2016.

Long after they married in 1994, Mr. Gates would on occasion pursue women in the office.

In 2006, for example, he attended a presentation by a female Microsoft employee. Mr. Gates, who at the time was the company’s chairman, left the meeting and immediately emailed the woman to ask her out to dinner, according to two people familiar with the exchange.

“If this makes you uncomfortable, pretend it never happened,” Mr. Gates wrote in an email, according to a person who read it to The New York Times.

in a column in Time magazine announcing the pledge.

money manager, earning solid returns on the Gateses’ and the foundation’s combined $174 billion investment portfolio through a secretive operation called Cascade Investment. Cascade owned assets like stocks, bonds, hotels and vast tracts of farmland, and it also put the Gateses’ money in other investment vehicles. One was a venture capital firm called Rally Capital, which is in the same building that Cascade occupies in Kirkland, Wash.

Rally Capital had an ownership stake in a nearby bicycle shop. In 2017, the woman who managed the bike shop hired a lawyer, who wrote a letter to Mr. Gates and Ms. French Gates.

The letter said that Mr. Larson had been sexually harassing the manager of the bike shop, according to three people familiar with the claim. The letter said the woman had tried to handle the situation on her own, without success, and she asked the Gateses for help. If they didn’t resolve the situation, the letter said, she might pursue legal action.

The woman reached a settlement in 2018 in which she signed a nondisclosure agreement in exchange for a payment, the three people said.

While Mr. Gates thought that brought the matter to an end, Ms. French Gates was not satisfied with the outcome, two of the people said. She called for a law firm to conduct an independent review of the woman’s allegations, and of Cascade’s culture. Mr. Larson was put on leave while the investigation was underway, but he was eventually reinstated. (It is unclear whether the investigation exonerated Mr. Larson.) He remains in charge of Cascade.

published an article detailing Mr. Gates’s relationship with Mr. Epstein. The article reported that the two men had spent time together on multiple occasions, flying on Mr. Epstein’s private jet and attending a late-night gathering at his Manhattan townhouse. “His lifestyle is very different and kind of intriguing although it would not work for me,” Mr. Gates emailed colleagues in 2011, after he first met Mr. Epstein.

(Ms. Arnold, the spokeswoman for Mr. Gates, said at the time that he regretted the relationship with Mr. Epstein. She said that Mr. Gates had been unaware that the plane belonged to Mr. Epstein and that Mr. Gates had been referring to the unique décor of Mr. Epstein’s home.)

The Times article included details about Mr. Gates’s interactions with Mr. Epstein that Ms. French Gates had not previously known, according to people familiar with the matter. Soon after its publication she began consulting with divorce lawyers and other advisers who would help the couple divide their assets, one of the people said. The Wall Street Journal previously reported the timing of her lawyers’ hiring.

The revelations in The Times were especially upsetting to Ms. French Gates because she had previously voiced her discomfort with her husband associating with Mr. Epstein, who died by suicide in federal custody in 2019, shortly after being charged with sex trafficking of girls. Ms. French Gates expressed her unease in the fall of 2013 after she and Mr. Gates had dinner with Mr. Epstein at his townhouse, according to people briefed on the dinner and its aftermath. (The incident was reported earlier by The Daily Beast.)

For years, Mr. Gates continued to go to dinners and meetings at Mr. Epstein’s home, where Mr. Epstein usually surrounded himself with young and attractive women, said two people who were there and two others who were told about the gatherings.

Ms. Arnold said Mr. Gates never socialized or attended parties with Mr. Epstein, and she denied that young and attractive women participated at their meetings. “Bill only met with Epstein to discuss philanthropy,” Ms. Arnold said.

On at least one occasion, Mr. Gates remarked in Mr. Epstein’s presence that he was unhappy in his marriage, according to people who heard the comments.

Leon Black, the head of Apollo Investments who had a multifaceted business and personal relationship with Mr. Epstein, according to two people familiar with the meeting. The meeting was held at Apollo’s New York offices.

It is unclear whether Ms. French Gates was aware of the latest meetings with Mr. Epstein. A person who recently spoke to her said that “she decided that it was best for her to leave her marriage as she moved into the next phase of her life.”

Steve Eder and Jodi Kantor contributed reporting.

View Source

The Gateses’ Public Split Spotlights a Secretive Fortune

The fortune of Bill Gates and Melinda French Gates exceeds the size of Morocco’s annual economy, combines the value of Ford, Twitter and Marriott International and is triple the endowment of Harvard. While few know how their wealth will be divided in the divorce, one thing is clear: breaking it up can’t be easy.

Mr. Gates built one of the great fortunes in human history when he founded Microsoft in 1975 with Paul Allen. The Gateses’ net worth is estimated to be more than $124 billion, and includes assets as varied as trophy real estate, public company stocks and rare artifacts.

There’s a big stake in the luxury Four Seasons hotel chain. There are hundreds of thousands of acres of farmland and ranch land, including Buffalo Bill’s historic Wyoming ranch. There are billions of dollars’ worth of shares in companies like AutoNation and Waste Management. There’s a beachfront mansion in Southern California. And one of Leonardo da Vinci’s notebooks.

“The amount of money and the diversity of assets that are involved in this divorce boggles the imagination,” said David Aronson, a lawyer who has represented wealthy clients in divorce cases. “There have rarely been cases that are even close to this in size.”

2019 divorce between the Amazon founder Jeff Bezos and his now ex-wife, the novelist and philanthropist MacKenzie Scott, was bigger. Mr. Bezos had an estimated fortune of $137 billion, though mostly in Amazon stock, and Ms. Scott kept 4 percent of Amazon’s shares, worth $36 billion at the time.

But Mr. Gates has for decades been diversifying his holdings; he owns just 1.3 percent of Microsoft. Instead, his stock portfolio includes stakes in dozens of publicly traded companies. He is the largest private owner of farmland in the country, according to The Land Report. In addition to the Four Seasons, he has stakes in other luxury hotels and a company that caters to private jet owners. His real estate portfolio includes one of the largest houses in the country and several equestrian facilities. He owns stakes in a clean energy investment fund and a nuclear energy start-up.

Forbes, or $146 billion, according to the research firm Wealth-X. Including the Gates Foundation’s endowment and the Gates personal fortune, Cascade most likely oversees assets that put it on par or beyond some of the world’s biggest hedge funds in size.

Mr. Larson operates Cascade with an obsessive level of secrecy, going to great lengths to cloak the firm’s transactions so that they can’t easily be traced back to the Gateses. In a 1999 interview with Fortune magazine, Mr. Larson said he chose the name “Cascade” because it was a generic-sounding name in the Pacific Northwest.

that questions about the future of the Gates Foundation immediately arose following news of the divorce. The foundation directs billions to 135 countries to help fight poverty and disease. As of 2019, it had given away nearly $55 billion. (In 2006, Mr. Buffett pledged $31 billion of his fortune to the Gates Foundation, greatly increasing its grant making.)

Since he stepped down from day-to-day operations at Microsoft in 2008, Mr. Gates has devoted much of his time to the foundation. He also runs Gates Ventures, a firm that invests in companies working on climate change and other issues. Over the decades, Mr. Gates shed the image of a ruthless tech executive battling the United States government on antitrust to be viewed as a global do-gooder. And he appears to be keenly aware of the stark contrast between the scale of his wealth and his role as a philanthropist. “I’ve been disproportionately rewarded for the work I’ve done — while many others who work just as hard struggle to get by,” he acknowledged in a year-end blog post from 2019.

told The New York Times last year. “There’s just none.”

Matthew Goldstein contributed reporting.

View Source

WeWork’s CEO: ‘Least Engaged’ Employees Work From Home

If you’ve enjoyed working from home during the pandemic — no commute, cooking lunch in your own kitchen or being around family more often — the chief executive of WeWork has some thoughts about you.

“Those who are least engaged are very comfortable working from home,” Sandeep Mathrani, the C.E.O. of the coworking company said at a Wall Street Journal event on Wednesday. “Those who are überly engaged with the company want to go to the office two-thirds of the time, at least.”

“People are happier when they come to work,” he added. The company is betting on people wanting to — or being required to — work outside of their homes once it is safe to do so widely.

His comments were not received well by many online as many companies and employees consider the post-Covid-19 workplace after more than a year of doing their jobs from home.

wrote one Twitter user.

Others noted that working from home has benefited parents, and that working from home has improved some workers’ mental health.

Ann Johnson, a corporate vice president at Microsoft, wrote: “If the only way you can keep your employees engaged is by being in the office with them, you have a leadership issue — not an employee engagement issue.”

Google said this month it would relax its remote work protocols, and that it expected 20 percent of its employees to work remotely after its offices reopen. The tech giant had previously been one of the industry’s holdouts on flexible remote work, and Insider reported that some employees had threatened to quit if they couldn’t keep working from home.

View Source

Biden Signs Executive Order to Bolster Federal Government’s Cybersecurity

WASHINGTON — As the East Coast suffered from the effects of a ransomware attack on a major petroleum pipeline, President Biden signed an executive order on Wednesday that placed strict new standards on the cybersecurity of any software sold to the federal government.

The move is part of a broad effort to strengthen the United States’ defenses by encouraging private companies to practice better cybersecurity or risk being locked out of federal contracts. But the bigger effect may arise from what could, over time, become akin to a government rating of the security of software products, much the way automobiles get a safety rating or restaurants in New York get a health safety grade.

The order comes amid a wave of new cyberattacks, more sophisticated and far-reaching than ever before. Over the past year, roughly 2,400 ransomware attacks have hit corporate, local and federal offices in extortion plots that lock up victims’ data — or publish it — unless they pay a ransom.

The most urgent fear is an attack on critical infrastructure, a point made clear this week to Americans, who were panic-buying gasoline. A ransomware attack on Colonial Pipeline’s information systems forced the company to shut down a critical pipeline that supplies 45 percent of the East Coast’s gasoline, diesel and jet fuel for several days.

SolarWinds hack, in which Russia’s premier intelligence agency altered the computer code of an American company’s network management software. It gave Russia broad access to 18,000 agencies, organizations and companies, mostly in the United States.

The new order also requires all federal agencies to encrypt data, whether it is in storage or while it is being transmitted — two very different challenges. When China stole 21.5 million files about federal employees and contractors holding security clearances, none of the files were encrypted, meaning they could be easily read. (Chinese hackers, investigators later concluded, encrypted the files themselves — to avoid being detected as they sent the sensitive records back to Beijing.)

Previous efforts to mandate minimum standards on software have failed to get through Congress, notably in a major showdown nine years ago. Small businesses have said the changes are not affordable, and larger ones have opposed an intrusive role of the federal government inside their systems.

But Mr. Biden decided it was more important to move quickly than to try to fight for broader mandates on Capitol Hill. His aides said it was a first step, and industry officials said it was bolder than they expected.

Amit Yoran, the chief executive of Tenable and a former cybersecurity official in the Department of Homeland Security, said the question on everyone’s mind was whether Mr. Biden’s order would stop the next Colonial or SolarWinds attacks.

“No one policy, government initiative or technology can do that,” Mr. Yoran said. “But this is a great start.”

Government officials have complained that Colonial had poor defenses, and while it established a hard shell around its computer networks, it had no way of monitoring an adversary who got inside. The Biden administration hopes the standards set out in the executive order, requiring multifactor authentication and other safeguards, will become widespread and improve security globally.

Senator Mark Warner, Democrat of Virginia and the chairman of the Senate Intelligence Committee, praised the order but said it would need to be followed by congressional action.

Mr. Warner said recent attacks “have highlighted what has become increasingly obvious in recent years: that the United States is simply not prepared to fend off state-sponsored or even criminal hackers intent on compromising our systems for profit or espionage.”

The new order is the first major public part of a multilayered review of defensive, offensive and legal strategies to take on adversaries around the world. This executive order, however, focuses entirely on deepening defenses, in hopes of deterring attackers because they fear they would fail — or run a higher risk of being detected.

The Justice Department is ramping up a new task force to take on ransomware, after the discovery in recent months that such attacks are more than just extortion, they can bring down sectors of the economy.

Mr. Biden announced sanctions against Russia for the SolarWinds hack, and his national security adviser, Jake Sullivan, has said there will also be “unseen” consequences. So far, the United States has not taken similar action against China’s government for its presumed involvement in another attack, exploiting holes in a Microsoft system used by large companies around the world.

The executive order was first drafted in February in response to the SolarWinds intrusion. That attack was especially sophisticated because hackers working for the Russian government managed to change code under development by the company, which unsuspectingly distributed the malware in an update to its software packages. It was discovered during Mr. Biden’s transition and led him to declare he could not trust the integrity of federal computer systems.

The review board created under the executive order will be co-led by the secretary of homeland security and a private-sector official, based on the specific episode it is investigating at the time, in an effort to win over industry executives who fear the investigations could be fodder for lawsuits.

Because it was created by an executive order, not an act of Congress, the new board will not have the same broad powers as a safety board. But officials are still hopeful it will be valuable in learning of vulnerabilities, improving security practices and urging companies to invest more in improving their networks.

Much of the executive order is focused on information sharing and transparency. It aims to speed the time companies that have been victimized by a hack or discover vulnerabilities share that information with the Cybersecurity and Infrastructure Security Agency.

View Source