LISTEN TO TLR’S LATEST PODCAST:
By Eric Lieberman
A bipartisan bill introduced Wednesday in Congress would force the NSA to share any security vulnerabilities it finds in software with other government agencies.
Known as the PATCH Act (Protecting Our Ability To Counter Hacking), the legislation mandates a larger review when a federal agency discovers a security hole in a computer system.
The government sometimes coordinates with tech companies and creators of technology vendors, but in certain instances it chooses to keep the exploits for itself and use them for national security purposes.
Such a policy would essentially compel the U.S. government’s top spying agency to turn over its arsenal of cyber weapons and hacking tools, seemingly sacrificing offense for the prospect of better defense.
“Do you get to listen to the Chinese politburo chatting and get credit from the president?” said Richard Clayton, a cyber-security researcher at the University of Cambridge, according to Reuters. “Or do you notify the public to help defend everyone else and get less kudos?”
While co-sponsors of the bill at least partially agree that it can be difficult to find a middle ground, they apparently want the equilibrium shifted more towards domestic virtual security. (RELATED: The Internet Has Officially Become A Domain Of Warfare)
“Striking the balance between U.S. national security and general cybersecurity is critical, but it’s not easy,” Hawaiian Sen. Brian Schatz said in an official statement. “This bill strikes that balance.”
The review meetings would reportedly still be a secret, and only data pursuant to the law would be made public once each year.
“The latest global ransomware attack revealed the importance of locating and patching vulnerabilities before malicious actors can attack our most critical systems,” says Rep. Sen. Cory Gardner of Colorado, one of the original sponsors of the bill, referring to the recent incident that allegedly affected more than 150 countries. (RELATED: Massive Cyber Attack Reportedly Hits 16 British Health Facilities, Causing Chaos In Emergency Rooms)
Republican Reps. Ted Lieu of California and Blake Farenthold of Texas, and Republican Sen. Ron Johnson of Wisconsin, all co-sponsored the bill with Schatz and Gardner.
“This legislation ensures the American public has greater transparency into how vulnerabilities and threats are shared between federal government actors, intelligence organizations, and the private sector,” Gardner concludes.