House lawmakers have passed legislation that will require DHS to tell Congress how known cyber vulnerabilities are being disclosed to the private sector.
The bill directs DHS to submit a report to Congress that contains “a description of the policies and procedures developed for coordinating cyber vulnerability disclosures.”
It also asks for an annex outlining where such policies and procedures were used to disclose such vulnerabilities in the year prior to the report, and how stakeholders acted on the information.
The bill, introduced by Rep. Sheila Jackson Lee (D-Texas), aims to clarify some of the red tape surrounding the vulnerabilities equities process, the charter by which the government decides whether to disclose ‘zero day’ vulnerabilities. The agencies that meet to collaborate on the vulnerabilities equities process include the Office of Management and Budget, the Office of the Director of National Intelligence and the Departments of Commerce, State, Treasury, Energy, Defense and Homeland Security, as well as the FBI and the CIA.