It appears that Wisconsin Rep. Mike Gallagher, R-Wis has opted to hamstring the cybersecurity experts working to keep the lights on in his district by removing the one tool that can help monitor for vulnerabilities and risks in software used to manage critical infrastructure operations. He has chosen to remove the SBOM provision from the latest NDAA (6722) bill. I hope Mr. Gallagher remembers his decision to hamstring his own cybersecurity professionals that work very hard to keep his district and constituents protected from hacker attacks, when the next cyber attack impacts his constituents.
Mr. Gallagher, you have chosen to leave your own constituents vulnerable to software risks which could have been detected and mitigated if an SBOM was made available to the cybersecurity experts working to keep you and your district safe.
I don't see why any member of Congress would vote to hamstring their own cybersecurity professionals from monitoring and mitigating software vulnerabilities that are detectable using an SBOM. Members of Congress please help your own cybersecurity professionals that work so hard to keep you and your districts and your critical infrastructure safe from hacker attacks. Please restore the SBOM provision in the NDAA and consider adding the NIST Vulnerability Disclosure Report requirement.