Congress Questions Software Bug Hoarding, WannaCry Patches and Modern Pirates

Orhan Cam/

The PATCH Act is an effort to balance “national security and general cybersecurity,” Sen. Brian Schatz, D-Hawaii, part of a group that introduced the bill, said in a statement.

Congressional efforts to update and generally catch federal IT up with the times moved along this week, including a bill that could change the way the government determines whether it should use software bugs for spying.

The big one, the Modernizing Government Technology Act, easily passed the House Wednesday and awaits some love from the Senate. The bill would create two funding sources for updating old systems: a $500 million central fund and agency-specific capital funds to stash savings from other modernization projects.

Two other bills Wednesday cleared the Senate Homeland Security and Governmental Affairs Committee. The Federal Agency Customer Experience Act would simplify the process agencies go through to solicit feedback about their customer service and rollback requirements agencies have to meet to gather voluntary feedback from citizens and customers.

Sens. James Lankford, R-Okla., and Claire McCaskill, D-Mo., Wednesday, introduced the legislation last week, citing the government’s poor customer service ratings compared to private sector companies. A floor vote has not yet been scheduled.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

The committee also ordered the OPEN Government Data—or Open, Public, Electronic and Necessary Government Data—Act be reported favorably without amendment during a markup meeting. The bipartisan bill would direct agencies to share their data with the public in an easily downloadable, searchable way and also require agencies to establish indexes of the data they publish. The Senate had unanimously passed the bill in 2016.

And then there’s the Protecting our Ability To Counter Hacking, or PATCH, Act, which tackles the government’s not very transparent way it determines whether the government should hold on the software bugs it discovers for intel purposes or to disclose them to companies so patches could be issued. The bill is an effort to balance “national security and general cybersecurity,” Sen. Brian Schatz, D-Hawaii, part of a group that introduced the bill, said in a statement.

Hackers WannaCry, Dems WannaWrite

Sen. Mark Warner, D-Va., wants to know what steps the federal government took to ensure all its computer systems were patched against the WannaCry ransomware attack that pummeled nations around the globe last week, according to a letter sent Monday to leaders at the Homeland Security Department and Office of Management and Budget. Warner’s letter also queried DHS about outreach on WannaCry to critical infrastructure providers.

Two ranking Democrats on House Homeland Security panels sent a letter to Rep. John Ratcliffe, R-Texas, chairman of the committee’s cyber panel Tuesday, urging a hearing examining the cyber resilience of U.S. hospitals and emergency services in the wake of the attack.

Cyber Training Bill Passes House

A bill passed Tuesday by the House would put the power of legislation behind the Secret Service’s National Computer Forensics Institute in Hoover, Alabama, a cybersecurity training center. The center has trained more than 6,000 state and local official, according to a press release from bill sponsor. Rep. John Ratcliffe, R-Texas. Senate Judiciary Chairman Chuck Grassley, R-Iowa, and ranking member Dianne Feinstein, D-Calif., have introduced companion legislation in the Senate.

Shiver Me Servers

Sen. Ben Sasse, R-Neb., meanwhile weighed in Tuesday on a Hollywood Reporter scoop that hackers are threatening to release a Disney film—that just might be “Pirates of the Caribbean: Dead Men Tell No Tales”—unless they’re paid a huge sum in bitcoin. “Digital hostage taking by these modern pirates will grow more frequent and the stakes will escalate” Sasse wrote, lamenting that “government and industry should be bringing urgency to the table, but few in Washington are paying attention.”

$6 Million Tab for Small Business Cyber Bill

A House bill that directs the government’s cybersecurity standards agency to provide additional resources to small businesses would cost $6 million over four years, according to a Friday score from the Congressional Budget Office. That’s the same score CBO gave to a Senate version of the bill earlier this month. Both estimates include $2 million to create the resources in year one and $4 million to keep them updated for the following three years.

Coming Up

Congress will hit interesting tech topics hard Tuesday. It kicks off 10 a.m. with former CIA Director John Brennan testifying Tuesday in an open hearing about Russian activities during the 2016 presidential campaign to the House Select Committee on Intelligence.

Also Tuesday morning, the House Digital Commerce and Consumer Protection subcommittee explores what it will take for drones to deliver pizza, coffee or whatever with testimony from industry representatives, including drone startup Flirtey, as part of its Disrupter series.

In the afternoon, a 2 p.m. joint hearing with the House oversight IT and Ways and Means Social Security subcommittees will dig into how federal agencies use Social Security numbers and perhaps reduce using them as a way to decrease identity theft. The Senate Armed Services cyber subcommittee digs into the cyber stance of each of the military services at 2:30 p.m. with the House Armed Services subcommittee digs into U.S. Cyber Command’s budget for the Cyber Mission Force at 3:30 p.m.

On Wednesday, the Budget Committee digs into the president’s budget and most committees dive into their agencies’ slice, including the General Services Administration at 10 a.m. and DHS at 10:30 a.m. The Senate Judiciary Crime and Terrorism subcommittee discusses law enforcement access to data stored internationally and cooperation efforts at 2:30 p.m.

Mohana Ravindranath, Frank Konkel, Heather Kuldell and Joseph Marks contributed to this report.