Hmmm… Fascinating report in today’s NYT:
WASHINGTON — The National Security Agency has taken a significant step toward protecting the world’s computer systems, announcing Tuesday that it alerted Microsoft to a vulnerability in its Windows operating system rather than following the agency’s typical approach of keeping quiet and exploiting the flaw to develop cyberweapons.
The warning allowed Microsoft to develop a patch for the problem and gave the government an early start on fixing the vulnerability. In years past, the National Security Agency has collected all manner of computer vulnerabilities to gain access to digital networks to gather intelligence and generate hacking tools to use against American adversaries.
The foolishness of policy was critically exposed A while back when some of those tools fell into the hands of cybercriminals and other baddies, including North Korean and Russian hackers.
So does this new spirit of cooperative ness signal a real shift in strategy? Or does it just show that the agency was temporarily traumatised by accusations that its unscrupulous collection of vulnerabilities caused hundreds of millions of dollars in damage? Should we believe the declaration by Anne Neuburger, the NSA’s Cybersecurity director, that “We wanted to take a new approach to sharing and also really work to build trust with the cybersecurity community.”
Good news if she’s serious. And the theft of the tools should serve as a warning against governments’ incessant campaign for backdoors into commercial encryption systems.