This Week in Critical Infrastructure we bring the latest on executive and legislative discussions to craft a plan for infrastructure investment, a report on the White House disclosure of the process for software vulnerability threat information by intelligence agencies, and a poll from Black Hat Europe on the security outlook for infrastructure in the EU.
White House Goes Public with Bug Disclosure Policy
Derek B. Johnson from FCW discusses a White House decision to release the unclassified charter for the Vulnerabilities Equities Process, or VEP, which lays out the procedure for intelligence agencies to determine whether to release software vulnerabilities to the public. The VEP has carried over from the Obama administration, but this is the first time the process has been described in detail.
GOP Lawmaker: White House, Congress have Begun Crafting Infrastructure Bill
In this report from The Hill, Melanie Zanona provides an update on White House and Congressional efforts to craft a infrastructure bill that will fulfill one of Trump’s key campaign promises from 2016. Rep. Sam Graves (R-Mo.) has stated that discussions are now in their early stages to craft such a bill.
‘Smart’ Technology: The Savior of U.S. Infrastructure?
From U.S. News & World Report, economy reporter Andrew Soergel writes on the likely impact of ‘smart’ technology on U.S. infrastructure. While the need and desire to address aging and failing infrastructure is a bipartisan issue with broad support, lawmakers have struggled to find a way to generate the necessary funding to cover ‘smart’ tech upgrades and replacements for existing assets.
Europe Not Ready for Imminent Cyber Strikes, Say Infosec Professionals
Security Editor for Computer Weekly Warwick Ashford reports on the results of a poll of over 120 IT and security professionals registered to attend Black Hat Europe 2017. The poll found that 42 percent believed that threats from other nation state actors posed the greatest threat to EU critical infrastructure, with only 11 percent expecting the EU’s directive on security of network and information systems to improve infrastructure security.