White House Cybersecurity Coordinator Rob Joyce announced release of unclassified portions of the Vulnerabilities Equity Process (VEP) charter Nov. 15 to guide decision makers in how to better defend against cyber attacks.
“Our public release of the unclassified portions [of the] charter will shed light on aspects of the VEP that were previously shielded from public view, including who participates in the VEP’s governing body, known as the Equities Review Board,” Joyce said in a White House release. “We also clarify what categories of vulnerabilities are submitted to the process and ensure that any decision not to disclose a vulnerability will be reevaluated regularly.”
Joyce recommended several tenets that can aid in this process. These include improved transparency, fair representation of stakeholder interest, accountability from those working in the process to foster confidence, and an ongoing dialogue so the best ideas can come to the fore.
“The challenge is to find and sustain the capability to hold rogue cyber actors at risk without increasing the likelihood that known vulnerabilities will be exploited to harm legitimate law-abiding users of cyber space,” Joyce said. “This is the root of the tension that exists between the desire to publicize every vulnerability discovered by the federal government … and the need to preserve some select capability for action against extremely capable actors whose actions might otherwise go undiscovered and unchecked.”
It’s a fine balancing act, however.
“Obtaining and maintaining the necessary cyber capabilities to protect the nation creates a tension between the government’s need to sustain the means to pursue rogue actors in cyberspace … and its obligation to share its knowledge of flaws in software and hardware with responsible parties,” he said
Read the full release from Joyce here.
© 2017 Homeland411