After WannaCry, ex-NSA director defends agencies holding exploits … – TechCrunch

Theres not much more topical than cyber security right now. And who better to talk about itthan former director of the NSA and ex-chief of the Central Security Service, general Keith Alexander?

On stage here at TechCrunch Disrupt New York, Alexander discussedthe WannaCry(pt) ransomware that disrupted systems in multiple countrieson Friday and was only stopped by accident after a security researcher registered a web domain that had been hard coded into it as a kill switch.

Alexander warned there would be more such attacks this year, and urged industry to work with government to try to defend against global cyber threats.

I think this is just one of many that were going to see, he said. Many people said this is the year of ransomware.

Alexander was asked how much responsibility the NSA bears for the WannaCrypt virus given reportshave indicated the virusutilizes an exploit that was stolen from the NSA.

Yesterday Microsoft also explicitly called outgovernment agencies for undermining global cyber security by stockpiling exploits.

The NSA didnt use the WannaCry, criminals did - someone stole it, heshot back on that.

This WannaCrystarts to split [government agencies and industry]apart but our nation needs industry and government to work together, headded.

He also implicitly defended the NSAs use of exploits saying the agency needs capabilitiesto allow it to know what adversaries are doing, and should not be required to release all the exploits it finds.

Weve got to have tools, he said. [NSA]dont hoard exploits; they release90+ percent of what they get but to go after a terrorist you need an exploit.

Alexanders big pitch was for government and industry towork together to try to de-risk these intelligence agency tools i.e. to patch up and firefight critical scenarios whereby an intelligence agency exploit has been leaked and is in the hands of cyber criminals.

The fact that Microsoft actually put a patch out in March how do you make sure that those things goout? And is there a way that government and industry can work together so that those things are done seamlessly, he suggested. And the answers yes. And should we do that? Yes.

Alexander also discussed his views on Trumps executive order on cyber security, and the ongoing reform of Section 702 of FISA.

You can watch the full interview in the below video.

Go here to see the original:
After WannaCry, ex-NSA director defends agencies holding exploits ... - TechCrunch