Several US lawmakers have introduced a bill to Senate aimed to enhance cybersecurity and promote transparency in the process of vulnerability information sharing. Known as PATCH (Protecting our Ability To Counter Hacking) Act, the bill was inspired by the recent WannaCry ransomware attack which was perpetrated using the exploit allegedly leaked from the NSA, targeting a zero-day (unknown to the software maker) vulnerability in Microsoft Windows.
Senator Schatz, the lead Democrat on the Senate Subcommittee on Communications, Technology, Innovation, and the Internet explained the goal of the bill as “Codifying a framework for the relevant agencies to review and disclose vulnerabilities will improve cybersecurity and transparency to the benefit of the public while also ensuring that the federal government has the tools it needs to protect national security.”
The bill proposes the establishment of a cross-agency review board, and designates the Department of Homeland Security as the chair of the board. The Board would oversee the government’s existing vulnerabilities equities process (VEP), and ensure a consistent policy for how the government evaluates vulnerabilities found by its agencies and determines their disclosure or retention.
The bill would have to pass the Senate, the House of Representatives, and the President’s approval to become a law.