U.S. cyber bill would shift power away from spy agency | Reuters

By Joel Schectman | WASHINGTON WASHINGTON A bill proposed in Congress on Wednesday would require the U.S. National Security Agency to inform representatives of other government agencies about security holes it finds in software like the one that allowed last week's 'ransomware' attacks.Under former President Barack Obama, the government created a similar inter-agency review, but it was not required by law and was administered by the NSA itself.The new bill would mandate a review when a government agency discovers a security hole in a computer product and does not want to alert the manufacturer because it hopes to use the flaw to spy on rivals.

Reuters May 18, 2017 04:45:05 IST
U.S. cyber bill would shift power away from spy agency
| Reuters

US cyber bill would shift power away from spy agency
 Reuters

By Joel Schectman
| WASHINGTON

WASHINGTON A bill proposed in Congress on Wednesday would require the U.S. National Security Agency to inform representatives of other government agencies about security holes it finds in software like the one that allowed last week's "ransomware" attacks.Under former President Barack Obama, the government created a similar inter-agency review, but it was not required by law and was administered by the NSA itself.The new bill would mandate a review when a government agency discovers a security hole in a computer product and does not want to alert the manufacturer because it hopes to use the flaw to spy on rivals. It also calls for the review process to be chaired by the defense-oriented Department of Homeland Security rather than the NSA, which spends 90 percent of its budget on offensive capabilities and spying.Republican Senator Ron Johnson of Wisconsin and Democratic Senator Brian Schatz of Hawaii introduced the legislation in the U.S. Senate Homeland Security and Governmental Affairs Committee.“Striking the balance between U.S. national security and general cyber security is critical, but it’s not easy,” said Senator Schatz in a statement. “This bill strikes that balance.”

Tech companies have long criticized the practice of withholding information about software flaws so they can be used by government intelligence agencies for attacks.Hackers attacked 200,000 in more than 150 countries last week using a Microsoft Windows software vulnerability that had been developed by the NSA and later leaked online.

Microsoft President Brad Smith harshly criticized government practices on security flaws in the wake of the ransomware attacks. "Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage," Smith wrote in a blog post.Agencies like the NSA often have greater incentives to exploit any security holes they find for spying, instead of helping companies protect customers, cyber security experts say. "Do you get to listen to the Chinese politburo chatting and get credit from the president?" said Richard Clayton a cyber-security researcher at the University of Cambridge. "Or do you notify the public to help defend everyone else and get less kudos?"

Susan Landau, a cyber security policy expert at Worcester Polytechnic Institute, said that in putting DHS in charge of the process, the new bill was an effort to put the process "into civilian control."The new committee's meetings would still be secret. But once a year it would issue a public version of a secret annual report. The NSA did not immediately respond to a request for comment. (Reporting by Joel Schectman; Editing by Jonathan Weber and David Gregorio)

This story has not been edited by Firstpost staff and is generated by auto-feed.

Updated Date:

TAGS:

Find latest and upcoming tech gadgets online on Tech2 Gadgets. Get technology news, gadgets reviews & ratings. Popular gadgets including laptop, tablet and mobile specifications, features, prices, comparison.

also read

Target holiday sales jump 17% as shoppers splurge online
Business

Target holiday sales jump 17% as shoppers splurge online

By Uday Sampath Kumar (Reuters) - Target Corp reported a 17.2% rise in comparable sales for the holiday season on Wednesday as its online sales more than doubled, thanks to faster deliveries and higher demand for home goods, electronics and beauty products.

S&P 500, Nasdaq tick higher on Intel boost
Business

S&P 500, Nasdaq tick higher on Intel boost

By Medha Singh and Devik Jain (Reuters) - The S&P 500 and the Nasdaq rose in choppy trading on Wednesday as Intel shares jumped thanks to a change in management while broader sentiment was muted after a recent run to record highs. Intel said it would replace Chief Executive Officer Bob Swan with VMware Inc CEO Pat Gelsinger next month

Bolivia signs contract with India's Serum Institute for 5 million AstraZeneca vaccine doses
Business

Bolivia signs contract with India's Serum Institute for 5 million AstraZeneca vaccine doses

By Danny Ramos LA PAZ (Reuters) - The Bolivian government said on Wednesday it had signed a contract with India's Serum Institute for the supply of 5 million doses of AstraZeneca's COVID-19 vaccine. President Luis Arce said that combined with a recent deal to buy 5.2 million Sputnik V vaccine doses from Russia, Bolivia now expected to be able to inoculate all of its vaccinable population. Both vaccines require two doses to be given, meaning they would be used to inoculate a total of 5.1 million people from Bolivia's 11.51 million-strong population.