Trump administration to publish rules on cyber security flaws

Written by on November 15, 2017 in News with 0 Comments

REUTERS/Kacper Pempel/Illustration/File Photo

WASHINGTON (Reuters) – The Trump administration is expected to publicly release on Wednesday its rules for deciding whether to disclose cyber security flaws or keep them secret, a national security official told Reuters.

The move is an attempt by the U.S. government to address criticism that it too often jeopardizes internet security by stockpiling the cyber vulnerabilities it detects in order to preserve its ability to launch its own attacks on computer systems.

The revised rules, expected to be published on whitehouse.gov, are intended to make the process for how various federal agencies weigh the costs of keeping a flaw secret more transparent, said the official, who spoke on condition of anonymity because the rules were not yet public.

Under former President Barack Obama, the U.S. government created an inter-agency review, known as the Vulnerability Equities Process, to determine what to do with flaws unearthed primarily by the National Security Agency.

The process is designed to balance law enforcement and U.S. intelligence desires to hack into devices with the need to warn manufacturers so that they can patch holes before criminals and other hackers take advantage of them.

The new Trump administration rules will name the agencies involved in the process and include more of them than before, such as the Departments of Commerce, Treasury and State, the official said.

Rob Joyce, the White House cyber security coordinator, has previewed the new rules in recent public appearances.

“It will include the criteria that the panel weighs, and it will also include the participants,” Joyce said last month at a Washington Post event. He said the Trump administration wanted to end the “smoke-filled room mystery” surrounding the process.

Some security experts have long criticized the process as overly secretive and too often erring against disclosure.

The criticism grew earlier this year when a global ransomware attack known as WannaCry infected computers in at least 150 countries, knocking hospitals offline and disrupting services at factories.

The attack was made possible because of a flaw in Microsoft’s Windows software that the NSA had used to build a hacking tool for its own use.

But in a breach U.S. investigators are still working to understand, that tool and others ended up in the hands of a mysterious group called the Shadow Brokers, which then published them online.

Suspected North Korean hackers spotted the Windows flaw and repurposed it to unleash the WannaCry attack, according to cyber experts. North Korea has routinely denied involvement in cyber attacks against other countries.

(Reporting by Dustin Volz; editing by Grant McCool)

Tags: ,

Reuters

About the Author

About the Author: Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. .

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Top
%d bloggers like this: