Last week Rep. Jackson-Lee (D,TX) introduced HR 43, the Cyber
Vulnerability Disclosure Reporting Act. The bill would require a report to Congress
on the DHS policies and procedures for coordinating cyber vulnerability
disclosures. This is essentially the same bill as HR
3202 that Jackson-Lee introduced in the 115th Congress. That
bill was passed in the House on a voice
vote but was never taken up by the Senate.
The unclassified report would be submitted to Congress
within 240 days of the date of enactment. The requirement for establishing the
policies and procedures is found in 6 USC 148(m) {or 6 USC 659(m) in the yet to
be published 2018 version of the USC; modified by last year’s CISA
authorization bill}.
The bill would require an annex to the report that would
contain information on {§2(a)}:
• Instances in which such policies
and procedures were used to disclose cyber vulnerabilities in the prior year;
and
• The degree to which such information was acted upon
by industry and other stakeholders.
Moving Forward
Committee assignments have not yet been completed, but I
suspect that Ms. Jackson-Lee will return to the House Homeland Security
Committee (the committee to which this bill was assigned for consideration) and
will probably be a Subcommittee Chair. If that comes to pass, this bill will
receive quick attention from the Committee and will probably be considered by
the full House under suspension of the rules. It would be expected to receive wide
bipartisan support once again. Whether or not it will be taken up by the Senate
is a completely different question.
Posts
No comments:
Post a Comment