Category Archives: Gen. Michael Hayden

Top U.S. counterintelligence official: Kaspersky’s move to Switzerland doesn’t matter

Posted on by

The ongoing fight between the U.S. government and Moscow-based Kaspersky Lab led the company to begin moving “a good part” of its infrastructure to Switzerland in a highly-visible move toward transparency in the face of spying accusations. The U.S.’s top counterintelligence official, however, says Kaspersky’s move to Switzerland makes no difference to him. William Evanina, the Director of the National Counterintelligence and Security Center, looks at the way the U.S. government handles Kaspersky — which is now banned from the U.S. federal government and is losing ground in the private sector — as “an opportunity to create a model,” he said. “This will not be the last time this happens. I think there will be more to come along, I call them ‘nation-state threats that emanate through the global business process.’ ” Kaspersky’s opening of a “Transparency Center” in Switzerland is significant but leaves open a wide range of questions. The company has […]

The post Top U.S. counterintelligence official: Kaspersky’s move to Switzerland doesn’t matter appeared first on Cyberscoop.

Continue reading Top U.S. counterintelligence official: Kaspersky’s move to Switzerland doesn’t matter

Should the government stockpile zero day software vulnerabilities?

Posted on by

Storm clouds are rising over the U.S. government’s policy on software flaw disclosure after the massive WannaCry infection spread using a cyberweapon developed by the NSA, and even former agency leaders say it might be time to take a fresh look at the Vulnerability Equities Process. Under the VEP, U.S. officials weigh the benefits of disclosing a newly discovered flaw to the manufacturer — which can issue a patch to protect customers — or having the government retain it for spying on foreign adversaries who use the vulnerable software. The process has always had a bias toward disclosure, former federal officials said. “We disclose something like 90 percent of the vulnerabilities we find,” said Richard Ledgett, who retired April 28 as the NSA’s deputy director. “There’s a  narrative out there that we’re sitting on hundreds of zero days and that’s just not the case,” he told Georgetown University Law Center’s annual cybersecurity law institute. […]

The post Should the government stockpile zero day software vulnerabilities? appeared first on Cyberscoop.

Continue reading Should the government stockpile zero day software vulnerabilities?