A bipartisan group of lawmakers introduced a bill Wednesday that aims to prevent another mass leak of government-owned hacking tools, by forcing the government to present its haul of undisclosed zero-day exploits it uses to target computers and networks for surveillance and intelligence gathering activities to an independent technical review board.
The Protecting our Ability to Counter Hacking Act of 2017 (PATCH Act) would establish a Vulnerability Equities Review Board consisting of the heads of U.S. security agencies, including Presidential Cabinet members, on an ad-hoc basis.
The PATCH Act codifies current government practices to review vulnerabilities and designates the Department of Homeland Security as the chair of the interagency review board.
The Board will ensure a consistent policy for how the government evaluates vulnerability for disclosure and retention. The bill will also create new oversight mechanisms to improve transparency and accountability, while enhancing public trust in the process.
Blake Farenthold (R-Texas) and U.S. Representatives Ted Lieu (D-Calif.) and U.S. Senators Brian Schatz (D-Hawai‘i), Ron Johnson (R-Wis.), and Cory Gardner (R-Colo.) introduced the PATCH Act.
“Cyberattacks around the world have increasingly shown the vulnerabilities of both public and private sector computer systems,” said Repr. Farenthold. “The government needs to be more aggressive in helping to secure cyber vulnerabilities for everyone’s safety and security.”
“Striking the balance between U.S. national security and general cybersecurity is critical, but it’s not easy,” said Senator Schatz, lead Democrat on the Senate Subcommittee on Communications, Technology, Innovation, and the Internet. “This bill strikes that balance. Codifying a framework for the relevant agencies to review and disclose vulnerabilities will improve cybersecurity and transparency to the benefit of the public while also ensuring that the federal government has the tools it needs to protect national security.”