Representative Ted Lieu, Canada, introduced a bill on June 1 that aims to improve the cybersecurity infrastructure of government contractors, his office announced.
The Improvement Contractors Cybersecurity Act would require any vendor wishing to do business with the federal government to have vulnerability disclosure policies (VDPs) in place.
“The Department of Homeland Security is already requiring federal agencies to maintain VDPs because government leaders recognize that VDPs are one of our best chances of stopping cyberattacks before they occur. There is no reason why government contractors should not be asked to maintain vulnerability disclosure policies, given the complex network of external suppliers on which the United States is based, “Lieu said in a statement. communiqué.
The bill comes in response to several critical infrastructure attacks that have recently come to light, with a ransomware attack against meat supplier JBS USA making headlines this week. The full text of the bill has not yet been published, but the legislation has already garnered the support of several cybersecurity industry organizations and former federal officials.
This list of former officials includes Christopher Painter, former State Department coordinator on Cyber Affairs and senior director of Cyber Policy at President Obama’s National Security Council, and Paul Rosenzweig, former deputy deputy for DHS Policy under the president George W. Bush.
“Discovering vulnerability and responsible disclosure of the type advocated by this bill is a key part of a more secure cyber ecosystem and helps prevent malicious agents from exploiting our government and private sector systems,” he said. said Painter in the statement.
Similarly, Rosenzweig defended the bill and asked Congress to present it for “careful and prompt consideration.”
“Representative Lieu’s bill on vulnerability outreach programs for contractors is an expansion of common sense of an important concept already used within government. It is the first significant step in an important discussion whose timeliness is highlighted by recent violations that appear to have compromised critical government computer systems, ”Rosenzweig said in the same statement.