A group of lawmakers recently forwarded correspondence to the Department of Homeland Security (DHS) and MITRE Corporation as a means of encouraging cybersecurity reforms.
The letters stem from an investigation last year into the Common Vulnerabilities and Exposures (CVE) program. Signees include Energy and Commerce Committee Chairman Greg Walden (R-OR), Oversight and Investigations Subcommittee Chairman Gregg Harper (R-MS), Communications and Technology Chairman Marsha Blackburn (R-TN), and Digital Commerce and Consumer Protection Subcommittee Chairman Bob Latta (R-OH).
Both letters recommended two reforms to the program. First, the lawmakers suggested that DHS transition it from a contract-based funding model to a cost-neutral dedicated Program, Project, or Activity line item in the department’s annual budget. Second, they recommended that DHS and MITRE perform biennial reviews to ensure the program’s stability and effectiveness.
“The historical practices for managing the CVE program are clearly insufficient,” Walden, Harper, Blackburn, and Latta wrote. “Barring significant improvements, they will likely lead again to challenges that have direct, negative impacts on stakeholders across society. The Committee understands and appreciates that DHS and MITRE have already undertaken reforms to try and address the issues that prompted the Committee’s initial request.”
Officials said the correspondence also references the documents produced to the committee in response to its initial investigation.
“Many of these reforms target symptoms that stem from what the Committee considers to be underlying root-causes,” the lawmakers wrote. “For DHS and MITRE to address these deep-seated issues, they will have to make significant changes to the very foundation of the CVE program.”