Friday, January 11, 2019

HR 43 Introduced – Cyber Vulnerability Disclosure Coordination

Last week Rep. Jackson-Lee (D,TX) introduced HR 43, the Cyber Vulnerability Disclosure Reporting Act. The bill would require a report to Congress on the DHS policies and procedures for coordinating cyber vulnerability disclosures. This is essentially the same bill as HR 3202 that Jackson-Lee introduced in the 115th Congress. That bill was passed in the House on a voice vote but was never taken up by the Senate.

The unclassified report would be submitted to Congress within 240 days of the date of enactment. The requirement for establishing the policies and procedures is found in 6 USC 148(m) {or 6 USC 659(m) in the yet to be published 2018 version of the USC; modified by last year’s CISA authorization bill}.

The bill would require an annex to the report that would contain information on {§2(a)}:

• Instances in which such policies and procedures were used to disclose cyber vulnerabilities in the prior year; and
The degree to which such information was acted upon by industry and other stakeholders.

Moving Forward

Committee assignments have not yet been completed, but I suspect that Ms. Jackson-Lee will return to the House Homeland Security Committee (the committee to which this bill was assigned for consideration) and will probably be a Subcommittee Chair. If that comes to pass, this bill will receive quick attention from the Committee and will probably be considered by the full House under suspension of the rules. It would be expected to receive wide bipartisan support once again. Whether or not it will be taken up by the Senate is a completely different question.

No comments:

/* Use this with templates/template-twocol.html */