The new rules aim to balance the requirements of having a basket of vulnerabilities to conduct cyber attacks against enemy systems with that of protecting domestic industry and consumers from cyber attacks from foreign intelligence agencies, criminals and hackers.
As per a national security official, speaking on the condition of anonymity, on Wednesday the Trump administration is expected to publicly release rules which will determine if, when and how cyber security flaws will be released in the future.
The move is an attempt by the Trump administration to address the critics that very often super secretive government agencies stockpile undisclosed vulnerabilities for the purpose of launching its own attacks on computer systems.
The revised rules, expected to be published on whitehouse.gov, are intended to bring in more clarity and transparency to the process for federal agencies who will have to weigh the costs of keeping the vulnerabilities a secret, said the source.
The source has chosen the cover of anonymity since the matter has yet to become public.
The Obama administration had created an inter-agency review, the Vulnerability Equities Process, to determine which vulnerability would benefit the National Security Agency. The process was designed to balance the need for law enforcement and intelligence agencies and the need to protect consumers and business from cyber attacks from foreign intelligence agencies, criminals and blackhat hackers.
The Trump administration rules will now name the agencies involved in the process and include more of them, including the Departments of Commerce, State and Treasury, than before, said the official.
Rob Joyce, the White House cyber security coordinator, has previewed the new rules in recent public appearances.
“It will include the criteria that the panel weighs, and it will also include the participants,” said Joyce last month at a Washington Post event while adding, the Trump administration wants to end the “smoke-filled room mystery” surrounding the process.