Congress just proposed a bill to address cyberattacks that utilize government-sourced vulnerabilities, as hackers threaten to leak more of them.
The legislation would require the National Security Agency to disclose the security flaws found in software, called exploits, with other government agencies. Two recent widespread cyberattacks, Wannacry and Adylkuzz, used exploits that were found and weaponized by the NSA. A group of hackers is threatening to expose more of them each month, MIT Technology Review reports.
Under former President Obama, the debate surrounding what government does with exploits was quelled with an inter-agency review board. However, the board’s recommendations were not legally binding nor reviewed by the NSA.
According to Reuters, Wednesday’s bill was proposed by Republican Senator Ron Johnson and Democratic Senator Brian Schatz in the U.S. Senate Homeland Security and Governmental Affairs Committee. Shifting power away from the spy agency, the legislation calls for a review each time agencies find a crack in cybersecurity that it wants to use for esponiage, instead of notifying the manufacturer.
Former NSA director Keith Alexander weighed in on the topic at a tech conference Tuesday, saying the NSA “releases 90 percent of the exploits they find, but to go out and catch a terrorist, you need an exploit.”
This article was featured in the InsideHook newsletter. Sign up now.