House Passes Bill On Homeland Security Cybersecurity Disclosures

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Daniel R. Stoller and George Lynch

The House Jan. 9 passed a bill by voice vote that would require the Department of Homeland Security to report to Congress on how it discloses cybersecurity vulnerabilities to the private sector and other agencies.

The department works with businesses to coordinate information-sharing and other efforts to reduce such vulnerabilities, but its process for deciding what to share isn’t public.

The Cyber Vulnerability Disclosure Reporting Act (H.R. 3202) would be a first step toward giving lawmakers more insight into the department’s process at a time when large-scale data breaches and security vulnerability disclosures are on the rise.

“H.R. 3202 will give this body important information on our government wide efforts to secure civilian agency networks and the collaborative ongoing work to provide information to private sector partners on computing vulnerabilities,” Rep. Sheila Jackson Lee (D-Tex.), sponsor of the bill, said on the House floor.

The department would be required to report to Congress on its cybersecurity vulnerability disclosures over the last year within 240 days of the bill becoming law. It would also have to report on how the private sector, federal agencies, and other organizations used the information to mitigate threats.

The House Homeland Security Committee approved the bill July 26. There isn’t a companion bill in the Senate.

To contact the reporter on this story: Daniel R. Stoller in Washington at; George Lynch in Washington at

To contact the editor responsible for this story: Donald Aplin at

For More Information

The full bill can be found at

Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.

Request Bloomberg Law: Privacy & Data Security