US #rules on #reporting #cybersecurity #flaws set to change #according to #source

The Trump administration is set to release its rules for determining whether to disclose t that they find, according to a national security official in the US.

Speaking to the Reuters news agency, the anonymous source stated that the revised rules would be released on whitehouse.gov on Wednesday. The changes are expected to make the process, which federal agencies go through when dealing with finding cybersecurity flaws, more transparent.

The move is seen as an attempt by the US government to fend off criticism that it routinely exposes internet security by keeping cybersecurity flaws and vulnerabilities secret. for

According to the report on Reuters.com, the proposed rule change will name the agencies involved in the process, such as the Departments of Commerce, Treasury and State.

Currently the US government employs an inter-agency review, created under former President Barack Obama. Known as the Vulnerability Equities Process, it is tasked with deciding what happens to any cybersecurity flaws that is discovered by the National Security Agency (NSA).

This approach to online security has received criticism from experts who claim a failure to disclose findings has a more negative impact on the industry, with Reuters pointing out the dangers experts find with the approach:

“The criticism grew earlier this year when a global ransomware attack known as WannaCry infected computers in at least 150 countries, knocking hospitals offline and disrupting services at factories.

The attack was made possible because of a flaw in Microsoft’s Windows software that the NSA had used to build a hacking tool for its own use.

Named WannaCryptor, but also referred to as WannaCry, it spread rapidly by utilizing the eternalblue SMB exploit, part of a large collection of files that leaked from the NSA.