Home Warner emphasizes importance of vulnerability disclosure programs
Virginia

Warner emphasizes importance of vulnerability disclosure programs

Chris Graham
congress
(© W. Scott McGill – stock.adobe.com)

A vulnerability disclosure program allowed a researcher to tell the Department of Defense that malware was exploiting a security misconfiguration on a DoD server.

U.S. Sen. Mark Warner, D-Va., thinks there is an obvious lesson to be learned here.

“This incident demonstrates the inherent value of vulnerability disclosure programs for information technology products operated by federal agencies,” Warner wrote in a letter to the DoD, in which he highlighted his Internet of Things (IoT) Cybersecurity Improvement Act, noting that the piece of legislation would help advance similar coordinated vulnerability programs and work in conjunction with the procedures in place at DoD.

“These programs are a crucial force multiplier for federal cybersecurity efforts,” Warner wrote. “Clear guidelines and a process for security researchers to find and share vulnerabilities enabled this malware discovery, and ultimately prompt remedial action by DoD. Continuing to encourage the responsible discovery and disclosure of bugs or vulnerabilities on federal information technology systems with both internal and outside security researchers can only strengthen the cybersecurity posture of federal and DoD systems.”

The bipartisan, bicameral legislation, which successfully passed through the Senate Homeland Security and Governmental Affairs Committee in June, would improve the cybersecurity of Internet-connected devices and require that devices purchased by the U.S. government meet certain minimum security requirements.

According to ZDNet, a security researcher searching for bots discovered that a DoD automation server running on an Amazon Web Services (AWS) cloud-computing platform was publicly accessible and did not require login credentials.

Later on, the researcher discovered that the server had been compromised and was being used to mine cryptocurrency by a botnet.

In his letter, Warner also emphasized the need to utilize proper cybersecurity measures and monitoring, including on commercial cloud-computing platforms and open source software, such as the server involved in the DoD incident.

“I am hopeful that DoD will take the lessons from this incident seriously and reassess current processes as necessary. It is crucial to ensure that future incidents involving open vulnerabilities and improper access configurations that permit malware installation on federal information technology systems cannot reoccur, including on systems hosted by commercial cloud service providers,” he continued. “I also hope to continue to work with you on passing my legislation and continuing to push for strong, thoughtful, cybersecurity policies.”

Support AFP




Chris Graham

Chris Graham

Chris Graham is the founder and editor of Augusta Free Press. A 1994 alum of the University of Virginia, Chris is the author and co-author of seven books, including Poverty of Imagination, a memoir published in 2019. For his commentaries on news, sports and politics, go to his YouTube page, TikTok, BlueSky, or subscribe to Substack or his Street Knowledge podcast. Email Chris at [email protected].

Latest News

terry waters fishburne
Etc.

Waynesboro: Hall of Fame wrestling coach Terry Waters announces retirement

Tom Dulaney Slonaker
Etc.

Greene County: Tom Dulaney Slonaker has had several SuperFun careers

Long-time Ruckersville resident Tom Dulaney Slonaker has had a plethora of successful careers, including sports broadcaster, financial engineer, stockbroker, and as an insurance agent he had an office in Charlottesville.

healthcare
U.S. & World

Making the case for universal health care: The message is the message

Republicans use framing to deride universal health care when they use the terms “free health care” and “socialized medicine.” UHC is neither free nor socialized medicine, but the terms stick.

flock License plate reader police
U.S. & World

While the political circus distracts us, Flock builds the Digital Police State

vdot road
Local

Local road construction, maintenance schedule update: July 20-24

waynesboro map
Local

Waynesboro: Is the city review of the Mimosa Farm permit request just a formality?

vape shop
Virginia

New state law aims to crack down on liquid tobacco, vape sales in Virginia