iTnews

US cyber bill would make NSA report zero-days to govt

By Staff Writers on May 18, 2017 12:24PM
US cyber bill would make NSA report zero-days to govt

Review process to shift power away from spy agency.

A bill proposed in the US Congress would require the country's National Security Agency to inform other government agencies about security holes it finds in software like the one that allowed the recent WannaCrypt attacks.

Under former President Barack Obama, the government created a similar inter-agency review, but it was not required by law and was administered by the NSA itself.

The new bill would mandate a review when a government agency discovers a security hole in a technology product and does not want to alert the manufacturer because it hopes to use the flaw to spy on rivals.

It also calls for the review process to be chaired by the defense-oriented Department of Homeland Security rather than the NSA, which spends 90 percent of its budget on offensive capabilities and spying.

Republican senator Ron Johnson of Wisconsin and Democratic senator Brian Schatz of Hawaii introduced the Protecting our Ability To Counter Hacking (PATCH) Act.

“Striking the balance between US national security and general cyber security is critical, but it’s not easy,” Senator Schatz said in a statement. “This bill strikes that balance.”

Tech companies have long criticised the practice of withholding information about software flaws so they can be used by government intelligence agencies for attacks.

Hackers attacked 200,000 Windows computers across more than 150 countries this past week using an exploit that had been developed by the NSA and later leaked online.

Microsoft president Brad Smith harshly criticised government practices on security flaws in the wake of the ransomware attacks.

"Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Smith wrote in a blog post.

Agencies like the NSA often have greater incentives to exploit any security holes they find for spying, instead of helping companies protect customers, cyber security experts say.

"Do you get to listen to the Chinese politburo chatting and get credit from the president?" said Richard Clayton, a cyber security researcher at the University of Cambridge.

"Or do you notify the public to help defend everyone else and get less kudos?"

The new committee's meetings would still be secret. But once a year it would issue a public version of a secret annual report.

The NSA did not immediately respond to a request for comment.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright Reuters
© 2019 Thomson Reuters. Click for Restrictions.
Tags:
cyber nsa security wannacrypt

Partner Content

Resetting cyber security for the new threat landscape
Partner Content Resetting cyber security for the new threat landscape
Why companies fail at picking cloud modernisation partners
Promoted Content Why companies fail at picking cloud modernisation partners
What conversations should executives be having about cyber security?
Partner Content What conversations should executives be having about cyber security?
What is zero trust cybersecurity?
Partner Content What is zero trust cybersecurity?

Sponsored Whitepapers

The top 5 tech trends to deliver business outcomes
The top 5 tech trends to deliver business outcomes
10 reasons why businesses need to invest in cloud security training
10 reasons why businesses need to invest in cloud security training
Your guide to application security solutions
Your guide to application security solutions
State of Software Security: Open Source Edition
State of Software Security: Open Source Edition
Five questions to ask before you upgrade to a SIEM solution
Five questions to ask before you upgrade to a SIEM solution

Events

  • On-Demand Webinar: How Poly and Microsoft are Embracing Future Work Environments
  • [iTnews and Micro Focus] Navigating the cloud modernisation minefield
By Staff Writers
May 18 2017
12:24PM
0 Comments

Related Articles

  • NSA, FBI expose Russian intelligence hacking tool
  • Britain's GCHQ cyber spies embrace the AI revolution
  • Australia's ex-cyber warfare head lands at ParaFlare
  • Transport for NSW data stolen in Accellion breach
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

TPG Telecom to start enticing NBN customers to move

TPG Telecom to start enticing NBN customers to move

Infosys scores another $40m for Centrelink payments engine build

Infosys scores another $40m for Centrelink payments engine build

Telstra InfraCo opens up telco's own fibre network

Telstra InfraCo opens up telco's own fibre network

Transport for NSW data stolen in Accellion breach

Transport for NSW data stolen in Accellion breach

You must be a registered member of iTnews to post a comment.
Log In | Register
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.