Earlier this month Rep. Jackson-Lee (D,TX) introduced HR
3202, the Cyber Vulnerability Disclosure Reporting Act. The bill would require
a report to Congress on procedures that DHS has developed in regards to
vulnerability disclosures.
Section 2 of the bill requires DHS (within 240 days of
passage of the bill) to report to Congress that describes “the policies and
procedures developed for coordinating cyber vulnerability disclosures, in accordance
with section 227(m) of the Homeland
Security Act of 2002 (6
U.S.C. 148(m) [Link Added; Note: it is §148(l) at this link, an amendment changing that para
to (m) has not yet been published])” {§2(a)}.
Moving Forward
Jackson-Lee is an influential member of the House Homeland
Security Committee, the committee to which the bill was assigned for
consideration. It is very likely that she has enough influence to have this
bill considered in Committee. There is nothing in the bill that would draw the
ire of any organization. Since it just requires a very legitimate report to
Congress it is likely that this bill would have enough bipartisan support to
allow it to be considered under the suspension of the rules procedures in the
House. If it were to be considered in the Senate, it would likely be considered
under their unanimous consent procedure.
Commentary
Since the bill specifies that the main report will be
unclassified (with a potential classified annex) I would have liked to have
seen the bill include a provision for DHS to post a copy of the unclassified
version of the report to the NCCIC web site. That would allow these policies
and procedures to become public knowledge, as they should be. Without that sort
of provision we may never see this report; it certainly will not show up on a
congressional web site.
Posts
No comments:
Post a Comment