“We still believe that public-private partnership is foundational in cybersecurity and we want to ensure we're taking every opportunity to include key private-sector participants early and directly in our remediation efforts,” a senior administration official said.

It's a major step towards transparency for the Biden administration, which is stressing strengthening relations between the private and public sector in the fallout from the Russian SolarWinds hacking campaign that infiltrated at least nine government agencies and about 100 companies.

The more recent Microsoft hack has added urgency to fixing those relations. Microsoft announced earlier this month a group of hackers tied to China exploited a vulnerability in its Microsoft Exchange product. Other cybercriminals have since swooped in to take advantage of servers that have not yet been updated to fix the vulnerability.

The situation escalated last week when Microsoft reported that hackers were targeting vulnerable servers with ransomware, a software loaded with a program allowing hackers to lock up computer systems and data for money. Vulnerable Microsoft users include hundreds of banks, health-care and government servers, researchers at the cybersecurity firm RiskIQ found. Pulling off a successful ransomware attack against any one of them could create major chaos.

A White House team is examining how to address concerns from the private sector over information-sharing with the government, the official said. Congress also is slated to roll out proposals regarding cybersecurity incident sharing in the coming weeks.

The White House is also readying a slew of proposals to strengthen cybersecurity.

The Biden administration is weighing a number of potential solutions, including a ratings system for software, the official said. The grading system would be similar to that used by local health departments for restaurants. The idea of a cybersecurity rating has been pushed by Congress's bipartisan Cyberspace Solarium Commission as well as some industry groups.

The administration also is mulling a law such as the one introduced in Singapore requiring home devices to come with security labels.

Executive orders addressing the two ideas are forthcoming, the senior official said.

The administration is not considering granting the government additional authorities to surveil domestic Internet traffic for hackers. Some experts and lawmakers worry that the blind spot created by the limited authorities has created an easy way for international hackers to avoid detection by using U.S. networks. The Biden official said the government is not exploring any expansion of domestic surveillance to make it easier for U.S. intelligence to monitor domestic traffic for hackers, a proposal that probably would spark an outcry from privacy advocates and in Congress.

The forthcoming measures come as the White House advances its SolarWinds investigation.

The nine agencies breached by Russian hackers are on week three of a four-week cleanup program, the official said. The review of the circumstances leading to the attack turned up “significant gaps in modernization and in technology of cybersecurity across the federal government,” the official said.

The administration intends to respond with a new initiative, which will include rolling out fresh technology for federal agencies.

“We want to make the federal government a leader, not a laggard, in cybersecurity,” the official said.

The recent coronavirus relief package included $650 million for Cybersecurity and Infrastructure Security Agency to improve cybersecurity defenses. Up to a quarter of that money could be going to a beleaguered Microsoft to secure federal agencies' cloud systems, Joseph Menn, Christopher Bing and Raphael Satter at Reuters report. The spending plans have angered some lawmakers who say the government shouldn't reward the company at the heart of two major recent hacks.

“If the only solution to a major breach in which hackers exploited a design flaw long ignored by Microsoft is to give Microsoft more money, the government needs to reevaluate its dependence on Microsoft,” Sen. Ron Wyden (D-Ore.) told Reuters.

The keys

A grand jury indicted two encrypted chat company executives for profiting off their criminal clients.

Two Canadian men, Jean-Francois Eap and Thomas Herdman, are accused of committing a racketeering conspiracy to distribute illegal drugs with their encrypted app company, Sky, the Justice Department said. It’s only the second time the U.S. government has filed charges against an encrypted messaging company, Motherboard’s Joseph Cox reports.

The indictment said the men, who ran the company and distributed encrypted devices, facilitated their users’ illegal activities and conspired to aid and abet illegal cocaine distribution. Eap, Sky’s CEO, said “the unfounded allegations of involvement in criminal activity by me and our company are entirely false” and added that “in the coming days, my efforts will be focused on clearing my name of these allegations.”

The indictment came days after European police arrested dozens of users of the app, which was popular among criminals who coordinated their activities. Authorities say they monitored the apps’ encrypted communications for a month before the raids and were able to collect information on more than 100 “planned large-scale criminal operations.”

Swiss police raided the home of a hacker who accessed hundreds of thousands of surveillance camera feeds.

Tillie Kottmann’s Lucerne apartment was raided in connection with an FBI investigation into hacking and leaking confidential information from Mercedes-Benz, Intel and other companies, Bloomberg News’s William Turton and Corinne Gretler report. The raid came just days after Kottmann said their hacker collective conducted an unrelated hack, breaching surveillance camera company Verkada.

Australia, India, Japan and the United States agreed to form a cybersecurity task force.

The cybersecurity working group’s formation comes as the Biden administration attempts to shore up its cybersecurity cooperation with allies, which it has focused on as an element of global diplomacy.

“The impetus behind this new Cyber Working Group is not just the SolarWinds incident or the Microsoft Exchange incident — both of which the United States is responding to with urgency — but also cyberattacks that have hit Japan, India and Australia just in the past few weeks and months,” national security adviser Jake Sullivan said.

Chris Painter, the former cyber coordinator at the State Department, praised the move:

Industry report

A Google executive said Microsoft criticized the company to distract from a hack of Microsoft software.

Google’s senior vice president of global affairs, Kent Walker, blasted Microsoft for “naked corporate opportunism” and said it was “no coincidence” that the company was attacking Google over how it treats online news as it manages the fallout of the devastating hack, the Wall Street Journal’s Tripp Mickle and Aaron Tilley report. Microsoft and Google declined to comment, although Microsoft president Brad Smith discussed Google at length at a congressional hearing on Friday.

Daybook

Homeland Security Secretary Alejandro Mayorkas testifies before the House Homeland Security Committee at 9:30 a.m. on Wednesday.

Paul Zajac, the head of strategic affairs and cybersecurity at France’s foreign ministry, speaks at a German Marshall Fund of the United States event on cyber norms on Wednesday at 10 a.m.

The Senate Homeland Security and Governmental Affairs Committee holds a hearing on the cyberattack on SolarWinds and other software on Thursday at 10:15 a.m.

Secure log off