Government

Wyden asks federal agencies to ditch Adobe Flash

The senator wants agencies charged with issuing federal cybersecurity guidance to get Flash off of government systems before 2020.

By Sean Lyngaas

July 25, 2018

(logo from Wikicommons/remixed by Greg Otto)

Sen. Ron Wyden has called on federal agencies to stop using Adobe Flash, multimedia software that has consistently proven vulnerable over the years.

Adobe will stop providing security updates for Flash in 2020, and Wyden, D-Ore., wants agencies charged with issuing federal cybersecurity guidance to get Flash off government systems before then.

“At that point, Flash’s existing cybersecurity risks will only be compounded,” Wyden wrote in a July 25 letter to the heads of the Department of Homeland Security, National Security Agency, and National Institute of Standards and Technology. “The federal government has too often failed to promptly transition away from software that has been decommissioned.”

The missive asks DHS, NIST, and the NSA to work together to produce a policy, effective within 60 days of its issuance, that bans the use of new Flash-based content on federal websites.

For Wyden, agencies should not just refrain from deploying Flash but also rid existing Flash-based content from their websites by August 1, 2019. To that end, Wyden asked DHS to “promptly expand the routine cyber-hygiene scans” it does of agency assets to include Flash content. He also called for the letter’s recipients to help produce an inventory of Flash content on each agency’s website, along with guidance to eradicate it.

Further, Wyden is proposing that agencies clear their desktops of Flash, staring with a “small number” of them via a pilot, and then all agency desktops by August 1, 2019.

“A critical deadline is looming,” Wyden wrote, referring to the end of technical support for Flash in 2020, and “the government must act to prevent the security risk posed by Flash from reaching catastrophic levels.”

Flash’s over two-decade history has been plagued by vulnerabilities, and popular web browsers’ abandonment of the software in recent years has hastened its demise.

Flash accounted for eight of the 10 vulnerabilities used in exploit kits over nine months in 2015, according to cybersecurity company Recorded Future. In May 2018, security researchers disclosed a vulnerability that they deemed a high risk to large and medium-size government organizations.

You can read Wyden’s full letter below.

[documentcloud url=”http://www.documentcloud.org/documents/4618702-Wyden-Flash-Letter-to-Nsa-Dhs-Nist.html” responsive=true height=500]

Wyden asks federal agencies to ditch Adobe Flash

More Like This

FBI director warns of China’s preparations for disruptive infrastructure attacks

House passes bill to limit personal data purchases by law enforcement, intelligence agencies

With a mysterious surveillance target identified, calls for Congress to change course

Top Stories

Treasury official: Small financial institutions have ‘growth to do’ in using AI against threats

‘Large volume’ of data stolen from UN agency after ransomware attack

More Scoops

Federal agencies are falling behind on meeting key privacy goal set five years ago

NIST is preparing guidance on how to share .zip files in a more secure way

How secure is that .zip file? One senator is urging NIST to weigh in

NIST wants to the federal government to pay more attention to the supply chain

NIST releases updated cybersecurity framework

DHS leaders push cybersecurity risk assessment program for critical infrastructure companies

No longer ‘federal,’ no longer exclusively ‘cyber’ — NIST security controls break out

Latest Podcasts

How Troy Hunt knows if you’ve been hacked and Washington tries to understand AI

Why pig butchering is the worst kind of online scam

How the FBI fights ransomware

Rumman Chowdhury on AI red-teaming; a Sisense supply chain attack

Government

Technology

Threats

Geopolitics