The US House approved a bill on Tuesday, January 9, 2017, that is ostensibly designed to force the state to give private businesses a notice when they identify cyber vulnerabilities. The House passed the legislation on a simple voice vote.
This legislation follows on the heels of a charter issued by the Trump administration that describes VEP, or the Vulnerability Equities Process, that the government uses to determine cyber vulnerabilities.
If this legislation passes the Senate and is signed by the President, the Department of Homeland Security (DHS) would be required to report to Congress all of the policies and procedures the department uses to notify private entities of cyber security vulnerabilities.
The legislation is intended to express concern from multiple interests, including private companies and public advocacy groups, over the existence of what amounts to a black box the government uses to determine if and when it will notify private interests of cyber security risks.
The government has been accused of identifying cyber security risks and not notifying private companies. Their reason for not notifying the companies of cyber security risks is they planned on using these breaches in security for their own intelligence gathering purposes.
It remains to be seen how effective this bill will be in actually creating transparency or whether it will, more likely than not, simply create more government jobs, more layers, and a frontal placation that will continue to conceal what’s really going on in that black box.