Online Safety Community

Trump administration pulls back curtain on secretive cybersecurity process

The White House on Wednesday made public for the first time the rules by which the government decides to disclose or keep secret software flaws that can be turned into cyberweapons — whether by U.S. agencies hacking for foreign intelligence, money-hungry criminals or foreign spies seeking to penetrate American computers.

The move to publish an un­classified charter responds to years of criticism that the process was unnecessarily opaque, fueling suspicion that it cloaked a stockpile of software flaws that the National Security Agency was hoarding to go after foreign targets but that put Americans’ cyber­security at risk.

“This is a really big improvement and an outstanding process,” said White House cybersecurity coordinator Rob Joyce, who spoke at an Aspen Institute event and issued a blog post on the charter.

By making it public, he said, “we hope to demonstrate to the American people that the federal government is carefully weighing the risks and benefits” of disclosure vs. retention.

The rules are part of the “Vulnerabilities Equities Process,” which the Obama administration revamped in 2014 as a multi­agency forum to debate whether and when to inform companies such as Microsoft and Juniper that the government has discovered or bought a software flaw that, if weaponized, could affect the security of their product.

The Trump administration has mostly not altered the rules under which the government reaches a decision but is disclosing its process. Under the VEP, an “equities review board” of at least a dozen national security and civilian agencies will meet monthly — or more often, if a need arises — to discuss newly discovered vulnerabilities. Besides the NSA, the CIA and the FBI, the list includes the Treasury, Commerce and State departments, and the Office of Management and Budget.

The priority is on disclosure, the policy states, to protect core Internet systems, the U.S. economy and critical infrastructure, unless there is “a demonstrable, overriding interest” in using the flaw for intelligence or law enforcement purposes.

To continue Click here http://snip.ly/tykw7

Views: 21

Comment

You need to be a member of Online Safety Community to add comments!

Join Online Safety Community

Take our poll!

Take our poll!

Latest Activity

knorr kendra posted a blog post

How To Find Safe And Secure Auto Loan Company For Bad Credit

Car is a luxury and everyone desires to have a car but everyone cannot afford due to bad credit or no credit history. People want to purchase cars but due to bad credit history, they are unable to get a loan from the company. Thus it is important to find a car loan finance company that provides car loans to people even with bad…See More
1 hour ago
Training Doyens posted an event
Thumbnail

Executive Presence - Key to Getting Promoted at 26468 E Walker Dr, Aurora, Colorado 80016-6104

March 7, 2018 from 1pm to 2pm
OVERVIEWToo many managers do not have the promotable trait called Executive Presence. There are numerous definitions – some focus simply on the communication skills others focus on skills that are too tactical. Leaders need to project the Executive Presence to motivate and challenge their direct reports. Learn the key skills for Executive Presence – that reflect your readiness to be promoted.WHY SHOULD YOU ATTENDHas this happened to you?  You realize that everyone around you is getting promoted…See More
2 hours ago
HrishikeshRam posted a photo

Nebosh course in Chrennai | Safety training institute

Learners seeing for NEBOSH Training Course in Chennai and other safety officer course in Chennai should direct their requests to the below mentioned address details.In Green World Group we provide NEBOSH, IOSH, HAZOP and various Customized and…
18 hours ago
G L Deepa posted photos
18 hours ago

Forum

Gig Economy

The career world has rapidly changed and these days, long-term careers and people working in just one job are slowly but steadily becoming a thing of the past. In fact, according to research, in the…Continue

Tags: field, engineer, IT, freelance, economy

Started by Mohd Azher 18 hours ago.

How to Repair MySQL InnoDB Table That Has Issues?

When trying to run: delete IdentityRequest *I get an error of sailpoint.tools.GeneralException: null index column for collection: sailpoint.object.IdentityRequest.itemsDoing a select * from…Continue

Tags: course, sailpointonline, sailpoint

Started by Soujanya Naganuri yesterday.

Occupational Health and Safety 7 Replies

Health and safety are important aspects of an organisation’s smooth and effective functioning.  Did you know that workplace health & safety injuries cost Australian businesses over $60 billion…Continue

Tags: Safety, and, Health, Occupational

Started by WHS Solutions. Last reply by Tony Ferraro on Sunday.

About sailpoint software

An identity management system refers to an information system, or to a set of technologies that can be used for enterprise or cross-network identity management. Additional terms are used synonymously…Continue

Tags: sailpoint

Started by sujathayarlagadda on Friday.

What can be essentials safety measures taken to secure campus?

Students safety inside and outside the school premises is a huge concern in today's risk environment. what measures should be taken to ensure campus security?Continue

Tags: security, campus

Started by Jen McDade Feb 6.

Badge

Loading…

© 2018   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service