June 17, 2016

Reuters and Politico feature Ari Schwartz's call for new cybersecurity flaw rules

1 min

In a June 17, 2016 articles, Reuters and Politico featured a paper written by Venable Managing Director of Cybersecurity Services Ari Schwartz and Rob Knake of the Council on Foreign Relations calling on the federal government to overhaul its rules related to reporting cybersecurity flaws. The two former White House officials said changes are needed for determining whether software flaws discovered by a government agency should be disclosed or kept secret to be used for future offensive cyber operations.

Schwartz and Knake said an executive order should clarify that it is mandatory for government agencies to report all software flaws they intend to use to an inter-agency group. They also recommended that the Department of Homeland Security, not the National Security Agency, run the process and much more should be disclosed about the process.

"It shouldn't be a policy that is created through a blog post," Schwartz told Reuters. "It should be very clear what the policy is, and it should be spelled out in an unclassified way."