Category Archives: Michael Daniel

Senators draft bill to turn government’s vulnerabilities equities process into law

Posted on by

There’s a bill in the works that would codify the U.S. government’s vulnerabilities equities process into law, CyberScoop has learned. The legislation intends to add clarity, transparency and a level of consistency to the VEP, a secretive framework which guides when and if a federal agency will notify a technology firm of an unknown, exploitable software flaw discovered by the U.S. government. The bill is being sponsored by Sen. Brian Schatz, D-Hawaii, and Sen. Ron Johnson, R-Wis. Spokespeople for both senators confirmed the existence of the bill, but would not provide additional details. The VEP has come under fire in recent years due, at least in part, to the exposure of classified material concerning government hacking operations. Exasperating this situation is the fact that the private sector remains largely in the dark with regard to the VEP’s disclosure criteria and the identify of individuals who sit on its multi-agency review […]

The post Senators draft bill to turn government’s vulnerabilities equities process into law appeared first on Cyberscoop.

Continue reading Senators draft bill to turn government’s vulnerabilities equities process into law

WikiLeaks dump reignites debate over feds hoarding zero days

Posted on by

The document dump by anti-secrecy group WikiLeaks that identifies alleged CIA hacking tools has reopened a vigorous debate about whether the U.S. government should secretly stockpile cyber-weapons. Critics say the publication of source code for the CIA cyber-weapons would be a cybersecurity disaster akin to the release of anthrax from a government laboratory — and are calling for a new policy. Defenders of U.S. policy say there is already a process in place to weigh the risks any time the government decides to keep a newly discovered software vulnerability to itself and weaponize it, rather than sharing it with the vendor so it can be fixed. And a former White House official tells CyberScoop that U.S. agencies should be reaching out to the manufacturers of the products CIA hackers owned to help them fix the holes they have been using. “Time is of the essence,” former White House Cybersecurity Coordinator J. Michael Daniel, told CyberScoop. In a blog […]

The post WikiLeaks dump reignites debate over feds hoarding zero days appeared first on Cyberscoop.

Continue reading WikiLeaks dump reignites debate over feds hoarding zero days

Former NSA director: It’s time to trash the federal cybersecurity hierarchy

Posted on by

Former NSA Director Keith Alexander told senators Thursday that the government should undertake a massive reorganization effort that would consolidate some current cybersecurity responsibilities split between the FBI, Homeland Security Department, Defense Department and intelligence community, into a single entity. “When we talk to the agencies they don’t understand their roles and responsibilities,” said Alexander, […]

The post Former NSA director: It’s time to trash the federal cybersecurity hierarchy appeared first on Cyberscoop.

Continue reading Former NSA director: It’s time to trash the federal cybersecurity hierarchy