The White House wears a white hat and focuses on the cybersecurity research community.
In a notice from the Biden administration, National Cyber Director Harry Corker Jr. said new guidance issued to federal agencies will require them to adopt the Traffic Light Protocol (TLP) when dealing with disclosures. Ta.
As the name suggests, TLP is a three-tier system, with different color codes defining the level of disclosure researchers want to provide to recipients. A red report means the information is confidential, a yellow level means external parties can receive details if needed, a green report can be shared with the community, and clear means the information is completely confidential. means public.
The idea, Coker said, is to give researchers complete control over the information they share with federal agencies. This allows researchers to proactively share data with governments to protect critical systems and infrastructure, while coordinating public release with vendors and bug bounty portals.
“Information sharing is the lifeblood of our field and is enshrined as such in the National Cybersecurity Strategy,” Coker said.
“However, as with any partnership, it is important that our relationship with the security research community is built on a foundation of trust. A key element of that trust is when information is shared confidentially and voluntarily. The idea is that the wishes of the co-owner will be respected.
While the directive itself is welcome news for security researchers, the gesture also signals a greater willingness from the White House to work directly with those who make up the security vulnerability research community.
Gone are the days when white hackers were viewed with suspicion and hostility by governments. In recent years, DHS has turned to the private sector for security guidance, and one area of particular focus is vulnerability researchers.
“We are already doing a lot of collaboration as a cybersecurity community, creating opportunities to achieve a positive, values-based vision for a secure cyberspace and achieve our shared aspirations.” Coker said.
“We hope this guidance will help both our interagency and private sector partners clearly understand the tremendous respect we have for trusted information sharing channels, and that these partnerships will We hope to enable more to flourish.”
The notification also comes at a critical time for government cybersecurity managers. As the presidential election approaches, experts discuss the potential for foreign adversaries to launch attacks on election offices and networks with the aim of disrupting the voting process and tilting the results in favor of their country’s favored candidates. The families are warning.
