Online Safety Community

Trump administration pulls back curtain on secretive cybersecurity process

The White House on Wednesday made public for the first time the rules by which the government decides to disclose or keep secret software flaws that can be turned into cyberweapons — whether by U.S. agencies hacking for foreign intelligence, money-hungry criminals or foreign spies seeking to penetrate American computers.

The move to publish an un­classified charter responds to years of criticism that the process was unnecessarily opaque, fueling suspicion that it cloaked a stockpile of software flaws that the National Security Agency was hoarding to go after foreign targets but that put Americans’ cyber­security at risk.

“This is a really big improvement and an outstanding process,” said White House cybersecurity coordinator Rob Joyce, who spoke at an Aspen Institute event and issued a blog post on the charter.

By making it public, he said, “we hope to demonstrate to the American people that the federal government is carefully weighing the risks and benefits” of disclosure vs. retention.

The rules are part of the “Vulnerabilities Equities Process,” which the Obama administration revamped in 2014 as a multi­agency forum to debate whether and when to inform companies such as Microsoft and Juniper that the government has discovered or bought a software flaw that, if weaponized, could affect the security of their product.

The Trump administration has mostly not altered the rules under which the government reaches a decision but is disclosing its process. Under the VEP, an “equities review board” of at least a dozen national security and civilian agencies will meet monthly — or more often, if a need arises — to discuss newly discovered vulnerabilities. Besides the NSA, the CIA and the FBI, the list includes the Treasury, Commerce and State departments, and the Office of Management and Budget.

The priority is on disclosure, the policy states, to protect core Internet systems, the U.S. economy and critical infrastructure, unless there is “a demonstrable, overriding interest” in using the flaw for intelligence or law enforcement purposes.

To continue Click here http://snip.ly/tykw7

Views: 21

Comment

You need to be a member of Online Safety Community to add comments!

Join Online Safety Community

Take our poll!

Take our poll!

Latest Activity

swetha posted a blog post

Nebosh IGC Training course - Chennai

Nebosh course in Chennai can be obtained by the safety individual who is doing work, fresher or any engaged indiviuals. The Nebosh course period is 18 days. As we are offering both class room teaching as well as e-learning training with comprehensive of book resources. If you want to perceive a profession in Health and safety sector GWG will give you a best Nebosh training in Chennani.We are…See More
11 hours ago
Training Doyens posted events
12 hours ago
Tom Clark posted a blog post

5 Reasons Why Teens Get Addicted to Alcohol and Drugs

Teenage can be considered as the most difficult period of life. During the teenage years, boys and girls become so desperate that they can do anything they wish. It is basically a vulnerable time when teens try to navigate the bridge between adulthood and childhood. Teens are the most rebellious and as per the study, this is the reason why they get involved in anti-social activities. Not only that, they often become addicted to drug and alcohol because of their rebellious nature.Now this is not…See More
yesterday
Jam Blanco posted a blog post

Response to Marine Oil Spills

Oil spills can wreak havoc on the environment and cause irreversible damage if they aren’t controlled in a timely manner. However, emergency responders need to be trained to react to emergencies quickly and efficiently to prevent more damage. The type of training they receive should depend on their proximity to the spill and whether they need to stop, contain or recover oil from release.For instance, workers who are assigned as early responders to an oil spill should be given more training…See More
yesterday

Forum

Python Condition Objects Tutorial in 2018

If you have knowledge of other programming languages, then you would know the importance of conditional statements. Conditional statements are required for taking decisions. Whenever we operate the…Continue

Tags: course, certification, training, languages, programming

Started by Elena Lauren Apr 2.

Automation Anywhere. How do I pick a value from dropdown 1 Reply

Automation Anywhere. How do I pick a value from dropdown. I tried 'set text' from a copied variable. Its very slow, and also doesnt…Continue

Tags: anywhere, automation

Started by emmablisa. Last reply by venkatesh Mar 29.

Agile overcome common software security challenges

Paradoxically, security is a negative goal. To secure something, you must understand how insecure it is. Start by trying to break it or by figuring out how other people might break it. The same is…Continue

Tags: agile, scrum, security

Started by nicolewells Mar 23.

Understanding Data Parallelism in MapReduce

In order to understand the goals of MapReduce, it is important to realize for which scenarios MapReduce is optimized. The MapReduce programming model is created for processing data which requires…Continue

Tags: program, Implementation, Mapreduce

Started by gracylayla Mar 14.

TensorFlow serving vs TensorFlow service

I have a question regarding the difference between TensorFlow Serving versus TensorFlow service. (Sorry that I'm not familiar with this at all.)I found TensorFlow serving's definition, which is "…Continue

Tags: training, online, tensorflow

Started by emmablisa Feb 27.

Badge

Loading…

© 2018   Created by Safety Community.   Powered by

Badges  |  Report an Issue  |  Terms of Service