Sen. Sheldon Whitehouse (D-Rhode Island) plans to create a new inspector general post that would investigate federal agencies’ networks for cyber vulnerabilities, FCW reported Wednesday.

Whitehouse said the establishment of a cyber IG role would help facilitate the recruitment of cyber professionals to perform computer security and penetration testing functions.

He also noted about the lack of “clear white hat penetration authority” at 72 IG offices.

Whitehouse’s plan comes as other lawmakers work to introduce measures to assess and test cyber risks across federal agencies, according to the report.

House lawmakers have updated a proposed bill that originally aimed to make the National Institute of Standards and Technology responsible for auditing federal agencies’ cybersecurity, Nextgov reported Tuesday.

The updated legislation would require NIST to support the security audits of agency inspectors general instead of running such audits themselves, the report said.

The bill would also direct NIST to develop a guide on how federal agencies could implement its Cybersecurity Framework as mandated by an executive order released in May.

A spokesperson for the House Science Committee said the bill was revised in response to comments from stakeholders and experts.

The proposed legislation is sponsored by Committee Chairman Rep. Lamar Smith (R-Texas), Rep. Ralph Abraham, (R-Louisiana) and others.

The Department of Homeland Security has publicly shared information about a newly-discovered vulnerability in the Wi-Fi Protected Access II protocol that works to help protect almost all wireless network traffic, DHS’ Jeanette Manfra wrote in an article published Tuesday.

Manfra, assistant secretary for cybersecurity and communications at DHS, said that the Software Engineering Institute’s CERT Division alerted DHS on the WPA2 exploit technique dubbed Key Reinstallation Attack, or KRACK.

She added that KRACK could likely affect any standards-compliant implementation of WPA2 since the vulnerabilities are in the 802.11i protocol.

Threat actors can use KRACK to exploit Wi-Fi networks within range and view network traffic that WPA2 encryption is expected to protect, according to Manfra.

She noted that attackers could also access user information such as emails, chat messages, pictures, credit card numbers and passwords if additional security measures like HTTPS are not implemented.

Following the publication of CERT report, DHS’ US-Computer Emergency Readiness Team released a public alert in an effort to provide information on KRACK to a wide audience.

DHS also sent a directive to all federal departments and agencies that requires the use of cybersecurity best practices to secure websites and email messages.

The department worked with the FBI to issue a joint technical alert on advanced persistent threats against critical infrastructure, especially the energy sector.

The General Services Administration has teamed up with several other federal agencies, including the Defense Department, to create a cybersecurity shared service as part of efforts to secure government websites.

GSA said Tuesday the shared service will work to address cost and maintenance challenges associated with the implementation of the Hypertext Transfer Protocol Secure used to protect connections between websites and users.

Seventy-eight percent of federal websites have complied with the Office of Management and Budget‘s 2015 policy that requires the use of HTTPS across all public-facing government web domains, GSA noted.

The shared service is intended to help agencies modernize the availability and distribution of web certificates as well as automate mission systems and software; standardize government HTTPS configurations; and increase transparency for online public services.

GSA added participating agencies will work to fully adopt HTTPS and HTTP Strict Transport Security as well as build a new public key infrastructure and develop a certificate transparency log to boost public trust.