Homeland Security Secretary Alejandro Mayorkas said Thursday that he’s “extraordinarily concerned” about a newly revealed critical flaw in widely used software that is roiling the internet and caused the US Patent and Trademark Office to temporarily shut down external access to its computer systems.
“It’s uppermost in our minds, and, quite frankly, uppermost in our action plans,” Mayorkas said, speaking with the German Marshall Fund of the United States about ransomware.
He continued: “The challenge it presents is its prevalence, because they attacked a software that is omnipresent, and then there’s a vulnerability that has been exposed and others can jump in in the exploitation of that vulnerability and really multiply the harm.”
The secretary added that the government is working “very, very quickly” on the issue.
CNN reported earlier Thursday that the US Patent and Trademark Office on Wednesday night shut down external access to its computer systems for 12 hours in response to the flaw in Java-based software known as Log4j.
DHS’ Cybersecurity and Infrastructure Security Agency told CNN later Thursday that it remains accurate that there are no confirmed compromises across federal civilian networks relating to the Log4j vulnerability.
The agency is also not aware of any other federal agencies that conducted similar shutdowns.
The patent office said it had taken the action in light of “serious and time-sensitive concern” around the vulnerability, which is in software that organizations around the world use to log information in their applications.
The move temporarily required people to file patent applications via email, rather than the website, the agency said in an email to its website users viewed by CNN. As of Thursday morning, the patent office said its computer systems were back online.
US cybersecurity officials have sounded the alarm about the Log4j vulnerability, warning that hundreds of millions of devices around the world could be affected by the bug. The Cybersecurity and Infrastructure Security Agency said Tuesday night that there were no signs of breaches at federal agencies using the vulnerability.
But Microsoft has warned that hackers linked with the governments of China, Iran, North Korea and Turkey have moved to exploit the software flaw.
CISA has ordered all federal civilian agencies to update their software or otherwise address the flaw by December 24.
CNN has reached out to CISA for comment on the patent office’s temporary IT shutdown.
CORRECTION: An earlier version of this article misstated the consequences of the temporary shutdown for patent applicants. People were still able to file patent applications during the shutdown, via email.
This story and headline have been updated with additional developments Thursday.