House Commerce Republicans Urge DHS to Change Cyber Vulnerability Program

The Department of Homeland Security should transition a key cybersecurity vulnerability program from contract-based funding to a dedicated agency line item in its annual budget, House Commerce Republicans told the agency Monday after a yearlong investigation. Chairman Greg Walden, Oregon; Gregg Harper, Mississippi; Marsha Blackburn, Tennessee; and Rep. Bob Latta, Ohio, sent letters to DHS and Mitre, which operates the Federally Funded Research and Development Center. FFRDC has managed the Common Vulnerabilities and Exposures (CVE) program since 1999. DHS and Mitre should perform biennial reviews to “ensure the program’s stability and effectiveness,” the lawmakers said: “The historical practices for managing the CVE program are clearly insufficient. Barring significant improvements, they will likely lead again to challenges that have direct, negative impacts on stakeholders across society.” DHS didn’t comment.