Trump Administration formulates new laws for disclosing Cyber Security Flaws


US President Donald Trump’s administration has formulated new laws for disclosing cybersecurity flaws or to keep them as secret. The newly designed laws which are now reflecting on website are intended to shed light on the process for how various federal agencies will have to face consequences for keeping cyber flaws as a secret.

Previously, under the leadership of Barack Obama, the US Government used to order an interagency review known as the Vulnerabilities Equities Process. The review was held to primarily find out the facts when Intelligence Agencies such as NSA used to unearth security flaws of big firms.

Now, the new guidelines are designed to help balance law enforcement and US intelligence to hack into devices with the need to warn manufacturers so that they can fix security holes, to nullify the effect of all future cyber attacks launched by hackers and state-funded actors.

Speaking at the Aspen Institute Event in Washington, Rob Joyce, the Cyber Security Coordinator of White House said that the rules were the most sophisticated in the world and will help keep the United States in the lead from most other nations.

Trump’s administration has also mentioned the functions and naming process of agencies involved in the vulnerability reviews. The agency list includes various civilian departments, such as Departments of Commerce, Treasury, Energy, and State.

The National Security Agency (NSA) will stand as a neutral committee for debating over flaws submitted by the various agencies if there is discord on whether to disclose them.
White House has also suggested for an annual report on the laws, parts of which will be made public.

“Donald Trump’s move to publicize a charter will help to curb state-funded cyber attacks”, said Ari Schwartz, coordinator of the Coalition for Cybersecurity Policy and Law.

When few reporter enthusiasts quizzed Joyce on whether the windows flaw detected by the NSA went through any such vulnerability process, he remained silent and said that he was not authorized to speak on the WannaCry cyber attack.

Please log on to website for more details!

Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display