Bipartisan bill calls for transparency in federal stockpiling of IT flaws post-WannaCry

Jessica Kim Cohen -

Five lawmakers on May 17 introduced bipartisan legislation to add transparency measures to the federal government's policies for addressing IT vulnerabilities.

The Protecting our Ability To Counter Hacking Act — nicknamed the PATCH Act — aims to enhance cybersecurity by creating a framework and review board for relevant agencies to ensure consistent processes for disclosing flaws in IT applications, products, services and systems. The Department of Homeland Security would chair this interagency review board.

Sens. Brian Schatz, D-Hawaii; Ron Johnson, R-Wis.; and Cory Gardner, R-Colo.; teamed up with Reps. Ted Lieu, D-Calif., and Blake Farenthold, R-Texas, to introduce the bill following the worldwide ransomware attack that launched May 12, which infected more than 200,000 computers in more than 150 countries.

Security experts have since reported the ransomware variant, WannaCry, exploits a vulnerability discovered by the National Security Agency, which a hacking group released online in April. The U.S. government regularly researches technology flaws, which it typically discloses to the relevant vendor. However, it sometimes develops the vulnerability to use for national security weapons, according to a news release on Mr. Schatz's website.

"It is essential that government agencies make 'zero-day vulnerabilities' known to vendors whenever possible," said Mr. Johnson, chairman of the Senate Homeland Security and Governmental Affairs Committee and a senior member of the Senate Subcommittee on Communications, Technology, Innovation and the Internet. "The PATCH Act requires the government to swiftly balance the need to disclose vulnerabilities with other national security interests."

Click here to view the full bill.

Copyright © 2024 Becker's Healthcare. All Rights Reserved. Privacy Policy. Cookie Policy. Linking and Reprinting Policy.