GOP lawmakers urge improvements to cyber vulnerabilities resource

GOP lawmakers urge improvements to cyber vulnerabilities resource
© Greg Nash

GOP lawmakers on the House Energy and Commerce Committee are urging the Department of Homeland Security (DHS) to improve a platform listing common cyber vulnerabilities.

Committee Chairman Greg WaldenGregory (Greg) Paul WaldenThe 25 Republicans who defied Trump on emergency declaration House GOP lawmaker says Green New Deal is like genocide Overnight Health Care — Presented by PCMA — FDA issues proposal to limit sales of flavored e-cigs | Trump health chief gets grilling | Divisions emerge over House drug pricing bills | Dems launch investigation into short-term health plans MORE (R-Ore.) joined Reps. Gregg HarperGregory (Gregg) Livingston HarperCongress sends bill overhauling sexual harassment policy to Trump's desk Dems cry foul in undecided N.C. race Mississippi New Members 2019 MORE (R-Miss.), Marsha BlackburnMarsha BlackburnTaylor Swift says she wants to get more involved in politics Bipartisan lawmakers introduce resolution supporting vaccines Hillicon Valley: Cohen stuns Washington with testimony | Claims Trump knew Stone spoke to WikiLeaks | Stone, WikiLeaks deny | TikTok gets record fine | Senators take on tech over privacy MORE (R-Tenn.) and Rob Latta (R-Ohio) to write a letter to Homeland Security Secretary Kirstjen NielsenKirstjen Michele NielsenHillicon Valley: Nunes sues Twitter for 0 million | Trump links tech giants to 'Radical Left Democrats' | Facebook settles suits over ad discrimination | Dems want answers over spread of New Zealand shooting video Nielsen calls for greater public-private collaboration on cyber threats The Hill's Morning Report - Dems contemplate big election and court reforms MORE on Monday suggesting that the program is granted a line item in the DHS budget instead of receiving uneven funding through contracts.

The lawmakers also recommended that the program be reviewed biennially by both DHS and MITRE, the nonprofit that also manages the platform.

ADVERTISEMENT

The platform — known as the Comment Vulnerabilities and Exposures (CVE) program — was established nearly two decades ago to help companies, groups, agencies and others identify and share bugs.

“The historical practices for managing the CVE program are clearly insufficient. Barring significant improvements, they will likely lead again to challenges that have direct, negative impacts on stakeholders across society,” the lawmakers wrote in the letter.

The Republicans noted that they had requested copies of all reviews of the program by DHS or MITRE, but received none from the department and only a few slides from the federal contractor. “The Committee finds the lack of documentation produced by DHS and MITRE to be revealing in and of itself,” the letter reads.

The committee members also called the current funding mechanisms for the resource “unstable and prone to acute fluctuations,” asking how officials “were expected to maintain a stable and effective program” under the conditions.

DHS declined to comment on the letter to The Hill, citing an agency policy on not commenting on congressional correspondence.

The committees had requested the documents after media reports stated that those who submitted bugs to the platform were not receiving numbers for the vulnerabilities, meaning that they were not formally being added to the list and shared with others who lean on the resource.

The reports also stated that the platform could no longer keep up with the number of requests for CVE numbers, citing the different kinds of devices that were now open to vulnerabilities.