The House Energy & Commerce Committee has released a white paper on cybersecurity practices following its investigation into coordinated vulnerability disclosure (CVD), i.e, outside parties tipping companies or agencies off to those vulnerabilities.
Those third parties could be law enforcement, business partners, financial firms, or independent researchers, but they are an essential part of the discovery process given the "complexity of modern information systems and networks," says the committee, which translates to the growing "internet of everything" world.
Its two main recommendations were that "1) Congress should explore ways to clarify the differences between 'hacking' and CVD practices, to incentivize organizations to adopt CVD programs, and to offer protections to CVD participants who perform CVDs in accordance with modern best practices; and 2) that "Congress should explore ways to encourage federal agencies and private sector stakeholders to address and minimize the negative public responses to CVDs."
“The growth of the Internet and connected technologies comes with an inescapable increase in the complexity and vulnerability of modern systems. These risks are shared across all facets and sectors of society, and no one organization is truly capable of managing these risks on its own.
“The nature of our modern connected society requires collaboration, and thus—as recent years have manifestly demonstrated—CVD rem."
The committee has been conducting oversight of "cybersecurity strategies and incidents both at federal agencies and in the private sector."