ZDNet is reporting that several bipartisan lawmakers have introduced a bill that aims to prevent the mass leaking of government-owned hacking tools. The bicameral bill would force the government to turn over its arsenal of cyber weapons to an independent review board that would decide which vulnerabilities to secure.
It specifically states: “(A) In General. – The Board shall establish policies on matters relating to whether, when, how, to whom, and to what degree information about a vulnerability that is not publicly known should be shared or released by the Federal Government to a non-Federal entity. (B) Availability to the Public – To the degree that the policies established under subparagraph (A) are unclassified, the Board shall make such policies available to the public. “
The bill, which is labeled “Protecting Our Ability to Counter Hacking Act” or PATCH Act for short, is aimed at strengthening America’s overall cybersecurity health, according to the lawmakers. The bill is sponsored by Sen. Brian Schatz and Sen. Ron Johnson, and cosponsored by Sen. Corey Gardner and Rep. Ted Lieu and Blake Farenthold.
According to the ZDNet article: “It is essential that government agencies make zero-day vulnerabilities known to vendors whenever possible, and the PATCH Act requires the government to swiftly balance the need to disclose vulnerabilities with other national security interests while increasing transparency and accountability to maintain public trust in the process,” said Sen. Ron Johnson (R-WI), chairman of the Senate Homeland Security.
This bill comes on the heels of the recent WCry ransomware attack that leveraged exploits the Shadow Brokers leaked from the NSA. To learn more, read the entire ZDNet article here.
Want up-to-date information on the recent WCry attack? Check out these resources:
- Daily Security Byte – Potential Ransomworm
- GeekWire – What You Need To Know About WannaCry
- Seattle Times – An inside look at the attack in “Cyberattack Scramble“
Only for the U.S. agencies, if at all.