NSA reveals some cyber security flaws are left secret

Posted: April 30, 2014 at 9:52 am

;

In a blog post, White House cybersecurity coordinator Michael Daniel discussed how the U.S. National Security Agency decides whether to keep a cyber security flaw secret, or disclose it to the public.

TORONTO In a bid to make citizens more confident about how the U.S. National Security Agency operates, the agency has revealed that some cyber vulnerabilities are kept secretin the interest of national security.

In a blog post, White House cybersecurity coordinator Michael Daniel discussed how the U.S. National Security Agency decides whether to keep a cyber security flaw secret, or disclose it to the public.

Disclosing a vulnerability can mean that we forego an opportunity to collect crucial intelligence that could thwart a terrorist attack, stop the theft of our nations intellectual property, or even discover more dangerous vulnerabilities that are being used by hackers or other adversaries to exploit our networks, read the blog.

The blog directly references reports that the NSA knew about and exploited the recently discovered Heartbleed bug a flaw in OpenSSL which made it possible for hackers to snoop on encrypted Internet traffic.

READ MORE: NSA knew about, exploited Heartbleed bug to gather intelligence

In early April, Bloomberg reported that the NSA decided to keep the major vulnerability secret in the interest of national security. Both the White House and the NSA have denied these claims.

In the blog, Daniel said that building a huge stockpile of undisclosed vulnerabilities would not be in the interest of national security or U.S. citizens but, he goes on to say that collecting some vulnerabilities provides a way to conduct intelligence collection in order to protect national security.

Weighing these tradeoffs is not easy, and so we have established principles to guide agency decision-making in this area, the blog read.

More here:

NSA reveals some cyber security flaws are left secret

Related Posts