The Subcommittee on Oversight and Investigations, chaired by Rep. Gregg Harper (R-MS), released a cumulative report identifying core strategies to addressing and preventing cybersecurity incidents. The report summarizes the committee’s work and conclusions drawn from dozens of briefings, hearings, letters, reports, and roundtables, and provides six specific priorities for more effective protection against vulnerabilities:
- The widespread adoption of coordinated disclosure programs.
- The implementation of software bills of materials across connected technologies.
- The support and stability of the open-source software ecosystem.
- The health of the Common Vulnerabilities and Exposures (CVE) program.
- The implementation of supported lifetimes strategies for technologies.
- The strengthening of the public-private partnership model.
The report concludes, “Each of the concepts and priorities detailed here represent a piece of the broader cybersecurity challenge. Pursuing any one concept-priority pair in isolation will undoubtedly improve society’s overall cybersecurity to some degree, but the Subcommittee’s work over the past several years has shown that each concept-priority pair feeds off and builds upon its fellows. Further, as highlighted throughout this report, the subcommittee has not simply identified important, high-level areas for future action, but has already begun to act. The work products associated with each concept and priority represent the subcommittee’s first steps towards implementing the policies it has identified.”