Category Archives: Rick Ledgett

Should the government stockpile zero day software vulnerabilities?

Posted on by

Storm clouds are rising over the U.S. government’s policy on software flaw disclosure after the massive WannaCry infection spread using a cyberweapon developed by the NSA, and even former agency leaders say it might be time to take a fresh look at the Vulnerability Equities Process. Under the VEP, U.S. officials weigh the benefits of disclosing a newly discovered flaw to the manufacturer — which can issue a patch to protect customers — or having the government retain it for spying on foreign adversaries who use the vulnerable software. The process has always had a bias toward disclosure, former federal officials said. “We disclose something like 90 percent of the vulnerabilities we find,” said Richard Ledgett, who retired April 28 as the NSA’s deputy director. “There’s a  narrative out there that we’re sitting on hundreds of zero days and that’s just not the case,” he told Georgetown University Law Center’s annual cybersecurity law institute. […]

The post Should the government stockpile zero day software vulnerabilities? appeared first on Cyberscoop.

Continue reading Should the government stockpile zero day software vulnerabilities?

NSA deputy says U.S. cyberattack responses must improve

Posted on by

The way that U.S. government agencies respond to cyberattacks against the private sector from nation-state or other high-level adversaries is “fundamentally flawed” and needs to change, outgoing NSA Deputy Director Rick Ledgett said Tuesday. Ledgett, the latest addition to a growing list of cybersecurity officials and former officials who have called for the nation’s cyber responses to be overhauled, mocked existing response plans at an Aspen Institute luncheon roundtable hosted by former Justice Department senior official John Carlin. “The analogy a colleague of mine uses,” Ledgett explained, “is … if your house catches on fire, you have to call the mayor to see if he’ll let you call the water department to ask them to turn the water on. And then you call the city council to see if you can get funding for the fire department to send a truck. And by the time that’s all happened, your cyber house has burned to […]

The post NSA deputy says U.S. cyberattack responses must improve appeared first on Cyberscoop.

Continue reading NSA deputy says U.S. cyberattack responses must improve

NSA deputy says U.S. cyberattack responses must improve

Posted on by

The way that U.S. government agencies respond to cyberattacks against the private sector from nation-state or other high-level adversaries is “fundamentally flawed” and needs to change, outgoing NSA Deputy Director Rick Ledgett said Tuesday. Ledgett, the latest addition to a growing list of cybersecurity officials and former officials who have called for the nation’s cyber responses to be overhauled, mocked existing response plans at an Aspen Institute luncheon roundtable hosted by former Justice Department senior official John Carlin. “The analogy a colleague of mine uses,” Ledgett explained, “is … if your house catches on fire, you have to call the mayor to see if he’ll let you call the water department to ask them to turn the water on. And then you call the city council to see if you can get funding for the fire department to send a truck. And by the time that’s all happened, your cyber house has burned to […]

The post NSA deputy says U.S. cyberattack responses must improve appeared first on Cyberscoop.

Continue reading NSA deputy says U.S. cyberattack responses must improve