Online Safety Community

Trump administration pulls back curtain on secretive cybersecurity process

The White House on Wednesday made public for the first time the rules by which the government decides to disclose or keep secret software flaws that can be turned into cyberweapons — whether by U.S. agencies hacking for foreign intelligence, money-hungry criminals or foreign spies seeking to penetrate American computers.

The move to publish an un­classified charter responds to years of criticism that the process was unnecessarily opaque, fueling suspicion that it cloaked a stockpile of software flaws that the National Security Agency was hoarding to go after foreign targets but that put Americans’ cyber­security at risk.

“This is a really big improvement and an outstanding process,” said White House cybersecurity coordinator Rob Joyce, who spoke at an Aspen Institute event and issued a blog post on the charter.

By making it public, he said, “we hope to demonstrate to the American people that the federal government is carefully weighing the risks and benefits” of disclosure vs. retention.

The rules are part of the “Vulnerabilities Equities Process,” which the Obama administration revamped in 2014 as a multi­agency forum to debate whether and when to inform companies such as Microsoft and Juniper that the government has discovered or bought a software flaw that, if weaponized, could affect the security of their product.

The Trump administration has mostly not altered the rules under which the government reaches a decision but is disclosing its process. Under the VEP, an “equities review board” of at least a dozen national security and civilian agencies will meet monthly — or more often, if a need arises — to discuss newly discovered vulnerabilities. Besides the NSA, the CIA and the FBI, the list includes the Treasury, Commerce and State departments, and the Office of Management and Budget.

The priority is on disclosure, the policy states, to protect core Internet systems, the U.S. economy and critical infrastructure, unless there is “a demonstrable, overriding interest” in using the flaw for intelligence or law enforcement purposes.

To continue Click here http://snip.ly/tykw7

Views: 16

Comment

You need to be a member of Online Safety Community to add comments!

Join Online Safety Community

Take our poll!

Take our poll!

Latest Activity

Soujanya Naganuri posted a discussion

Flow of SAP MM and SUS Portal

SAP Material Management (MM) and SAP Supplier Self Service (SUS) and some customizable features of SAP SUS.In the Plan-Driven Procurement with Supplier Integration scenario the SAP SUS is installed and configured with SAP MM/SRM. Technically, in a classic scenario SAP SUS maybe connected with one or more MM and/or SRM back-end systems.PO is sent to SAP SUS system, in which supplier can perform the follow-on procurement process, i.e. PO response, ASN, GR response and invoice response.SAP…See More
5 hours ago
John Robinson posted blog posts
5 hours ago
Emma Miah posted a blog post

Latest Men’s Fashion Trends For Winter

Most people will agree that fashion trends use to fade, but the style is the one thing that is eternal. So, it’s always suggested that you should only follow the fashion trends that actually suits your personality. Winter is coming now it’s time to…See More
9 hours ago
Training Doyens updated an event
Thumbnail

Bitcoin: Fear, Uncertainty, and Doubt (FUD) at 26468 E Walker Dr, Aurora, Colorado 80016-6104

January 30, 2018 from 1pm to 2pm
OVERVIEWBitcoins have gotten much more traction than early detractors and pundits expected. With that reality, what do banks need to do, if anything, to prepare for their existence and surprising acceptance?This session will present the fundamental workings of virtual currencies with an emphasis on bitcoin and the current state of the regulatory front.  We will get your thinking caps energized as to how bankers might approach virtual currencies and some thoughts about what the future might hold…See More
10 hours ago

Forum

Flow of SAP MM and SUS Portal

SAP Material Management (MM) and SAP Supplier Self Service (SUS) and some customizable features of SAP SUS.In the Plan-Driven Procurement with Supplier Integration scenario the SAP SUS is installed…Continue

Tags: sapmmcourse, sapmmonline, sapmm

Started by Soujanya Naganuri 5 hours ago.

PEGA Axis error: Parser already accessed

We have a PEGA frontend, from in which we're keying in double byte characters like japanese and being send to allotted java webservice through axis. this is working best when we ship singlebyte…Continue

Tags: pega_training, pega_online, pega

Started by Soujanya Naganuri Dec 6.

VMware player error on install vmware tools.

 I've installed the last version of VMware player (4.0.2) and created a virtual machine with ubuntu 10.04. However, some operations with …Continue

Tags: training, online, vmware

Started by emmablisa Dec 1.

All About QlikView

QlikViewQlik relies on sophisticated analytics that enables data discovery using an in-memory engine to analyze data for patterns not visible via SQL data structures or queries. The company’s two…Continue

Tags: Safety, Qlikview

Started by nicolewells Nov 25.

Occupational Health and Safety 5 Replies

Health and safety are important aspects of an organisation’s smooth and effective functioning.  Did you know that workplace health & safety injuries cost Australian businesses over $60 billion…Continue

Tags: Safety, and, Health, Occupational

Started by WHS Solutions. Last reply by Tara safe Nov 16.

Badge

Loading…

© 2017   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service