The Zero-Day Dilemma: Should Government Disclose Company Cyber Security Gaps?

April 12, 2017 | Levi Maxey
Photo: iStock.com/pixtum

Few topics lend themselves to more polemics than government collection and exploitation of zero-day vulnerabilities, or security flaws in commercial software and hardware not yet disclosed to the vendors, to facilitate intelligence gathering efforts.

The choices for intelligence agencies are, in short, to either collect and retain zero-day vulnerabilities to glean crucial intelligence, or, instead, to collect and disclose security flaws to companies so that they may design and distribute patches for them.

Weighing these choices involves a number of considerations, both technological and political. But the question remains: does the U.S. intelligence community gathering – but not disclosing – zero-day vulnerabilities contribute to weaker overall cybersecurity? If so, does this negative impact outweigh the benefit such capabilities could present for intelligence collection?

Critics of government use of zero-day exploits suggest that by not disclosing vulnerabilities in systems used by U.S. citizens and companies, the government is tacitly accepting their digital insecurity and intentionally leaving them vulnerable to attack by foreign governments, criminals, terrorists, and hacktivists. While the vast majority of cyber attacks involve already known vulnerabilities, the small percentage that leverage zero-day exploits can often be the most harmful. For example, in the 2014 breach of Sony Pictures, North Korean hackers seemingly exploited a zero-day vulnerability that allowed them unfettered access to sensitive data – an incident that ended with the U.S. government imposing punitive sanctions in response.

Proponents of lawful government hacking, however, argue such methods allow the intelligence community to conduct its mission of gathering information to mitigate national security risks ranging from terrorism, nuclear weapons proliferation, and transnational crime to foreign espionage and adversary military operations. For example, zero-day exploits were a crucial aspect of the Stuxnet worm found sabotaging Iran’s nuclear program in 2010.

The rationale for the use of hacking to collect foreign intelligence is obvious: it is both safer and more effective than relying on human intelligence assets risking their lives on the ground and more targeted than bulk data collection programs that threaten the privacy of innocents at scale. Some even suggest that perfect cybersecurity is impossible, and instead resources should be put into penetrating adversary networks to preempt attacks and determine their origins.

Balancing the pros and cons of disclosure is itself a challenge, as metrics of potential impact are difficult to ascertain. However, this is what the U.S. government’s Vulnerabilities Equities Process (VEP) essentially tries to accomplish. It was first conceptualized during the final days of the Bush administration, finally written in 2010 by the Obama administration, and then “reinvigorated” in 2014 following the exposure of the Heartbleed malware and the public relations catastrophe that ensued after the Snowden revelations.

While most of what is known about the VEP comes from documents obtained through FOIA requests, Michael Daniel, the former cybersecurity coordinator at the National Security Council during the Obama administration, argues that the policy’s “strong bias is going to be that we will disclose vulnerabilities to vendors.” In fact, self-reported numbers by the National Security Agency from 2015 suggest that it discloses some 90 percent of zero-day vulnerabilities, though apparently through an internal mechanism rather than the VEP.

But while the VEP has received harsh criticism from some in the intelligence community, “it would be a mistake to say that, because the VEP is not perfect, we should get rid of it,” says Ari Schwartz, previously a Special Assistant to the President and Senior Director for Cybersecurity in former President Barack Obama’s National Security Council. “We need to continually try to improve it. There are clearly a lot of things that could be done to make the VEP better.”

Efforts that could be undertaken, according to Schwartz, include further transparency into criteria in determining whether to disclose or retain vulnerabilities, ensuring decisions are subject to periodic review, and transferring the Executive Secretary function from the NSA to a more publically accountable agency, such as the Department of Homeland Security.

Now more than ever, the exploitation of zero-day vulnerabilities by U.S. law enforcement has come under increased scrutiny. Notable events include the FBI’s use of zero-day exploits to investigate suspects involved in child sexual exploitation on Tor hidden services, and, separately, to gain access to the iPhone of Sayed Farook, a suspect in the 2015 San Bernardino terrorist attack. At the same time, it should be understood that law enforcement’s use of hacking as an investigate tool is the inevitable consequence of pervasive use of end-to-end encryption, device encryption, and anonymity programs such as the Tor browser.

Another crucial component surrounding the discussion of government vulnerability disclosure policy, is the so-called  “grey market,” where government has the ability to purchase or license exploits for zero-day vulnerabilities from private brokers. For example, it has been reported that the FBI licensed a zero-day exploit from the firm Cellebrite to breach Farook’s iPhone.

Therefore, a disclosure policy in which government purchases vulnerabilities from zero-day brokers and then discloses them to the affected companies essentially results in U.S. taxpayers subsidizing these companies. In effect, the government is paying for the security of commercial services that should be financed through market-driven forces. The problems with devising a fair government disclosure policy are compounded by the reality that companies are often slow in patching flaws – the very purpose of disclosure. These days, security flaws in commercial products are becoming more common.

Moreover, should a government agency choose to temporarily exploit a vulnerability and then disclose it once it is no longer needed, it risks leaving a digital trail that could lead forensic investigators to reveal past operations.  

Recent incidents could be changing the intelligence community’s calculus over whether to advise companies that their systems are vulnerable versus keeping this information classified in order to collect intelligence. For example, a group calling itself the Shadow Brokers published purported NSA hacking tools. Similarly, Wikileaks published what it claims are CIA hacking techniques, including a number of previously unknown vulnerabilities. In 2015, firm Hacking Team was the target of a hack that stole data on at least three zero-day vulnerabilities.

“The debate in the past about vulnerability disclosure has focused on the potential for independent discovery,” says Marshall Erwin, the head of trust at Mozilla and former cybersecurity and counterterrorism analyst in the U.S. intelligence community.

“If the U.S. government knows about an unpatched vulnerability, that vulnerability could be independently discovered by a foreign adversary – an event known as a collision – and used by that adversary.”

A new study by the Washington think-tank RAND finds that foreign governments and other intruders discovered only 5.7 percent of zero-day vulnerabilities over the span of a year. This assessment suggests the U.S. government doesn’t necessarily need to act swiftly to disclose vulnerabilities to companies because the odds are slim that foreign hackers will stumble onto them.  

However, says Erwin, “What recent incidents show is that much of the risk of non-disclosure of zero-day vulnerabilities stems from the use and mismanagement of those vulnerabilities, rather than from independent discovery.” In other words, the problem with intelligence agencies retaining zero-day vulnerabilities is not necessarily that they don’t immediately disclose them to private companies so that they can be patched; it is that they do not adequately secure them so that they are not stolen and leaked.

“It is much more difficult to keep secrets than it used to be,” Schwartz agrees. “Government officials should not assume that they will be the only ones that know about a particular vulnerability for years as they had in the past. Leaks are much more common now.”

The point, says Erwin, is that “when agencies have not met their responsibility to protect non-disclosed vulnerabilities, they then have a secondary responsibility to help mitigate any harm they may have caused.”

Levi Maxey is a cyber and technology producer at The Cipher Brief. Follow him on Twitter @lemax13.

Next Steps in U.S.-Cuba Relations
Strengthening U.S. Cyber Defenses
Russia Sanctions: The New Normal
Corruption in China: The Party’s Over
Change in the Kingdom: Three Big Shifts
Managing Information & Risk in the Digital Age
Endgame in Afghanistan
The Convergence of Crime and Terror
Strengthening the Public-Private Partnership
The Billion Dollar Spy: An Interview with Author David Hoffman
The New Battlefield
North Africa: Instability Increasing
The Kidnapping Capital of the World
Homegrown Terror in the Age of ISIS
The Refugee Crisis: Europe on the Brink
The Future of Mexican Oil
Cracks in the System
Embassy Security Three Years After Benghazi
Fourteen Years Later
Can Congress Solve the Cybersecurity Problem?
Arctic Game Changer?
Where They Stand on National Security
The First 100 Days
Worthy of Fleming: Anthony Horowitz's "Trigger Mortis"
At the Crossroads
Eye in the Sky
Rough Road Ahead for Rousseff
Leveling the Playing Field: Tech Access in China
The Dead Drop
Top of Mind for Chief Security Officers
Protecting Your Business
The Future of Oil
Chinese Expansion in Latin America
American Involvement in Syria
The Future of Geospatial Intelligence
The Umbrella Movement: One Year Later
Ebola: An End in Sight?
The Pakistan Problem
The Dead Drop
The Encryption Debate
Going Dark
The US-Mexico Relationship
The Rise of Mobile Technology in Africa
The Dead Drop
Construction Boom in the Gulf
Cybersecurity: The Human Factor
Beijing and the South China Sea
Will Peace Talks Succeed in Colombia?
Social Media and Terrorism
The Rise of Israel’s Tech Sector
Securing the Border
Red Sun Rising
The Dead Drop
Adopting the Iran Deal
Stability on the Peninsula
Crime in South Africa
Combatting Terrorist Financing
The Dead Drop
Recovering from a Cyber Attack
Stability in South Asia
Veterans Day
Israel’s Wave of Violence
The Dead Drop
Protecting Critical Infrastructure
ISIS on the March
The Paris Attacks
Rethinking U.S. Security Assistance
The War on Terror 2.0
Putting Mali in Context
Will Russia Ever Change?
Will Canada Pull Back?
Understanding Putin’s Popularity
Chinese Expansion in Africa
Terrorism Finance and Wildlife Poaching
Illicit Trafficking in Latin America
Climate Change and Security
Preventing Another San Bernardino
Supply Chain Security
Negotiating a New Safe Harbor Agreement
The Battle for Yemen
Foreign Tech Access in China
The Dead Drop
Offensive Cyber Operations
Travel Security in the Age of ISIS
Iran: A Rising Cyber Power?
The Future of Cybersecurity
The Arab Spring Five Years Later
Preparing Today’s Military for Tomorrow’s Wars
Cybersecurity for Small and Medium-Sized Enterprises
Maritime Security in the Gulf of Guinea
Improving Aviation Security
The Dead Drop
Terrorism in 2016
Cybersecurity in 2016
The World in 2016: Opportunities and Risks
China in 2016
Russia in 2016
Moscow’s Cyber Buildup
The China-India Relationship
Russian Influence in Latin America
The Future of Homegrown Terrorism
Stability in Sub-Saharan Africa
Protecting Your Digital Identity
Elections in Taiwan: A Turning Point?
The Caliphate of Crime
Biotechnology’s Dark Side
Rethinking U.S. Strategy Toward China
The Evolution of Weapons of Mass Destruction
A New Era in US-Iranian Relations?
Will Information Sharing Improve Cybersecurity?
Evaluating China's New Silk Road
Tech in Latin America: Opportunities and Challenges
The Destruction of Libyan Oil
Ransomware: Protecting Yourself from Cyber Extortion
The US and India: Strengthening Security Cooperation
Security and Stability in Afghanistan
Combatting the Al Shabaab Threat
Sports Security: Protecting Your Venue
Israel’s Arab Alliance: A Counter to ISIS and Iran?
The End of U.S. Space Supremacy
The Caucasus: Instability Increasing
Stabilizing Iraq
The Trans-Pacific Partnership: Deepening U.S. Commitment to Asia
Securing Industrial Control Systems
The Battle for Ukraine
Defeating Boko Haram
Jordan: The Indispensable Ally
China’s Military Modernization
The Cybersecurity Skills Shortage
Solving Mexico’s Violence Problem
The Northern Triangle: The Most Violent Region in the World
The Future of the Middle East
Terrorism in the World’s Largest Muslim Country
The Rise of Quantum Computing
Europe’s Terrorism Problem
Stability in the East China Sea
The Rise of Counter-Drone Technology
The ISIS WMD Threat
Healthcare and the Cyber Threat
Security in the Indo-Pacific: Australia’s New Role
Countering ISIS' Message
Containing the ISIS Cancer
Security, Privacy, and the Fight Over Encryption
Taking Aim at Smart Guns
Losing Patience with North Korea
The Difficult Road Ahead for Colombia
The Taliban Resurgence
ISIS: The New Face of Global Jihad?
Connecting with Latin America
Russia and China: Mutually Assured Detachment
The Scourge of Terrorism
The Security Challenge of Terror
European Unity in the Face of Crises
Developing Enhanced Cybersecurity Systems
Pakistan: Friend and Foe?
Egypt’s Economy on the Brink
Tehran’s Balancing Act
Russia Makes Moves in the Middle East
Kenya’s Battle with al-Shabaab
Missile Defense in the Korean Peninsula
Are America's Ports Secure?
The Human Factor Behind the Panama Papers Leak
Russian Military Modernization
APTs: The Boogeymen of Cybersecurity
Vietnam: Guns and Butter
Syria: Power-sharing, Partitioning, and the Fight Against ISIS
Turbulence in Turkey
The U.S. and the Philippines: Shoulder to Shoulder in the South China Sea
The Darker Side of the Internet of Things
Cybersecurity Challenges in Asia
Taliban on the Offensive
Quagmire in Yemen
Cocaine and Conflict in Colombia
The Cloud: Nebulous, but Nimble
Censorship in China
An Emerging Crime-Terror Nexus in Europe
IRGC: Iran's Power Player
Latin America: The New Frontier for Cyber Attacks
The Hydra and the Snake: The Death of Osama Bin Laden
Nuclear Deterrence and Assurance in East Asia
Vehicle Cybersecurity: Running in Place
What Drives ISIS
Tensions Simmer in the South China Sea
Managing the Mobile Phone Malware Threat
Leaving the Oil Spigot Open
Burundi: A Path Toward Civil War?
The Value of Special Operations Forces
ISIS in the Balkans
The Tech Must Flow
North Korea’s Party Congress: What was all the fuss about?
Argentina: A Smoother Ride
Libya: Obama’s “Worst Mistake”
Tsai Ing-Wen’s Balancing Act
The North Korea Workers’ Party Congress and Kim Jong-un’s Legitimacy
Flying the Unfriendly Skies: Airline Security
Nuclear Standoff in South Asia
How to Read Riyadh
Even in Defeat, Austria’s Far-right Emulates Populist Growth in Europe
More Effective, Less Secure: The Cyber-Threat to Medical Devices
A New Era in the U.S.-Japan Security Partnership
Passing the Torch to the Next Generation of Saudi Leaders
U.S. Military Aid to Egypt Continues Despite Democratic Struggle
How Secure are Radiological Materials?
Roadblocks on the Path to Normality in Iran
Caracas in Crisis
Algeria: Exporting Stability
The Push for Kurdish Independence
U.S. and China: Strategic Cooperation at Arm’s Length
City Life: Living Smarter, Not Harder
Homegrown Terror in Orlando
A Rough Patch in U.S.-Saudi Relations
Japan’s “Abenomics”
A Tale of Two Bears: The DNC Hack
The Origins of Brexit
The Chinese Communist Party Under Xi Jinping
The Arctic: Technology and Infrastructure on Earth and in Space
Jordan: Stability Amidst Chaos
Exporting Jihad: Bosnia and Kosovo
Changing World Order: The Effects of Brexit
Navigating Uncharted Waters
Iraq after ISIS: Divide it or Fix it?
Terrorism in Istanbul: Severe Implications
North Korea as a Cyber Threat
One If By Air, Two If By Sea: Unmanned Surface Vehicles
The FBI’s Intelligence Mission
Does NATO Need a New Ideology?
Philippines v. China: Laying Down the Law of the Sea
Is Turkey Returning to a Policy of “Zero Problems?”
Federal Cybersecurity One Year After the OPM Breach
NATO: Weathering the Storms
The Rise of the Fringe: A Threat to Democracy?
Hezbollah's Many Faces
Trans-Pacific Trade Deal Remains in Limbo
The Aftermath of the Nice Attack: Is ISIS’ “Prestige” on the Rise?
Crossing the Line: A Failed Coup in Turkey
France’s Vulnerabilities in a Changing Terror Landscape
The Problem with Proxies
Water Security in South Asia: Running Dry and Running Out of Options
The Clash over Social Media Data
Extremist Groups Target Diversity in Bangladesh
Kenya: Private Sector and Government Coordinate on National Security
The ISIS-Al Qaeda Rivalry
Will Syria’s Most Productive Citizens Ever Return Home?
Trust but Verify: The United States, China & Economic Espionage
The World is Watching: The American Election and China
The Status Quo Will Not Work in South Sudan
Kurdistan as a Geopolitical Playground
Rio Olympic Games: A Missed Opportunity
Spinning Silk: Asia and the GCC
China-Japan Relations: Trading Goods While Exchanging Words
Climate Change in Ethiopia: Managing the Risks
Mounting Security Challenges in Afghanistan
Is There a Future for the Muslim Brotherhood in Egypt?
Niger Delta Militants Compound Nigeria’s Security Crises
Thailand Under the Junta
Brazil: Getting its House Back in Order Post Olympics
Indicators of Political Instability
Finding Water in the Desert: Water Security in the Middle East
The Blurring Line Between Cyber and Physical Threats
The World is Watching: The American Election and Russia
NATO’s Ambiguity on the Red Line for Russia
Boko Haram: The Plague Affecting Nigeria and Beyond
Tunisia: From Revolution to Governance
Russia, China, and Cyber Espionage
Best Of: The F-35 Joint Strike Fighter: Game-Changer or Procurement Nightmare?
Climate Change Jeopardizes National Security
Algeria: A Bulwark Against ISIS
Venezuela's Military: Both a Stabilizing and Destabilizing Force
Will Theresa May's Britain Stay Committed to European Defense?
America and the Asian Infrastructure Investment Bank
What’s at Stake in the South China Sea?
Fifteen Years After 9/11: Much Accomplished, Much to be Done
The Post-9/11 U.S. Military
The Post-9/11 U.S. Intelligence Community
South Africa: ANC Losing Its Grip on Power
The World is Watching: The American Election and Saudi Arabia
Turkish Leverage Over the United States and European Union
Nuclear North Korea: A No-Win Scenario?
Insider Cyber Threats: A Pressing Problem Facing Business
Al Shabaab: A Persistent Threat
Unease, Uncertainty, and Strife: Global Inequality and Instability
Europe Bears a Big Burden in the World's Migration Crisis
Malicious Cyber-Actors in the Financial Services Industry
China's Ongoing Struggle to Clamp Down on Terrorism
Growing Instability in Africa’s Top Two Oil Producers
The World is Watching: The American Election and Iran
Dollars and Sense: Military Spending During an Economic Downturn
Forewarned is Forearmed: Confronting Adversaries in Cyberspace
Is Peace Possible in Colombia?
The Rise of Hypersonic Weapons
Nuclear No First Use: Ambiguity vs. Clarity
Al Qaeda Growing Stronger By the Minute
Cyber and the Law
The DRC: Strong Grip on Power, Weak Handle on Governance
Combatting Haqqani Network is Key to Afghan Strategy
War and Peace: Syria and the Question of American Intervention
The F35: A 21st Century Coalition Asset
Objective: Mosul
Where is Duterte Leading the Philippines?
Great Power Politics in Latin America
In the Strait of Hormuz, Little has Changed with Iran
Corralling the Cartel: OPEC and Oil Prices
Russian Hacking: The Difficult Path Between Inaction and Escalation
Philippines' Duterte Leaves U.S. Policymakers "Baffled"
The World is Watching: The American Election and Germany
Can Hamas Elections Shift the Status Quo?
What is the Future of U.S. Policy in Latin America?
Conflict and Common Goals: the Government and Silicon Valley
Kashmir in Crisis—Again
Al Qaeda in Syria: The Split That Wasn't
EU and U.S. Interests in Hungary in Jeopardy
The Price of Turkish Posturing in Iraq
Is it Possible to Hack the Vote?
Decision Day in the U.S.: Daunting Security Challenges Ahead
The State of Play in Syria
Modi: Modernizing India
Trump's Win Creates Uncertainty in Europe
The Powers and Pitfalls of Drone Warfare
Insurgent Use of Unmanned Aerial Systems: A Cat-and-Mouse Game
The African Migrant Crisis: The EU Takes Action
The U.S. Military: Ready or Not?
Sisi, the IMF, and Egypt's Crumbling Economy
Can Robots Fight Wars? The Future of Lethal Autonomous Weapons Systems
The Global Debate Over the Legality of Drones Continues
Agility and Innovation in the Third Offset Strategy
China's Economy: Great Power, Great Responsibility
Identity in Cyberspace: The Advent of Biometrics Authentication
Obama's Legacy on Russia and China: Making the Grade
Sweden, Finland & Norway Deepen Defense Ties with the West
Developing and Sticking With a Clear Strategy in Afghanistan
Italy’s Choice: Damned If You Do, Damned If You Don’t
Predicting the Future: Anticipating Security Events with Data Analytics
Russia’s Energy Leverage Wanes in Parts of Europe
The U.S.-Japan Alliance: A Safe Harbor
President Obama's Counterterrorism Legacy
Dialing Up Controversy with China
China Officially Ties Internet Restrictions to its own National Security
Trumping Trade: Alternatives to TPP
The International Criminal Court, Under Pressure, Turns Eyes on U.S.
Egyptian and Israeli Cold Peace Has Never Been Warmer
Trump, Russia, and the CIA: Allies and Adversaries Confused
Hacking Against Cybercrime: The FBI's New Approach
Trumping Trade: The Future of NAFTA
Violence in Mexico Surges
Directed-Energy Weapons: Time to Focus
At the Crossroads Between East and West: Turkey and the World in 2016
The Perils of Connectivity: Cyber Insecurity in 2016
The Party Endures: China and the World in 2016
Cracks in the Union: Europe and the World in 2016
Eyes on the Kremlin: Russia and the World in 2016
Terrorists Don't Have to Win - They Just Have to Survive: Counterterrorism in 2016
A Perennial Task with No Finish Line: U.S. Defense Planning and Procurement in 2016
A Changing of the Guard: U.S. Counterterrorism Policy
Poland: Strong Defense Partner But Taking Undemocratic Steps
Land, Sea, and Air: U.S. Military Readiness in the Navy and Marine Corps
Syria's Tangled Trilateral Road to Peace
The UK’s New Surveillance Law: Security Necessity or Snoopers’ Charter?
South Korea’s Foreign Policy: Leaderless, but Not Rudderless
Jammeh to Cede Power, Leave The Gambia
Mali’s Instability: Advantage, Al-Qaeda in the Islamic Maghreb
Railguns: The Fast, the Furious—and the Future?
Swarming the Battlefield: Combat Evolves Toward Lethal Autonomous Weapons
Mixed Signals to Moscow: The Trump Administration's Russia Policy Puzzle
NATO’s Changing Face Under the Trump Administration
South Korea’s Presidential Crisis: Is Democracy Stuck in Park?
Power and the U.S. Presidency
Trump's Hour of Action: Recommendations for Cyber Policy
Passing the ‘Football’: The Future of U.S. Nuclear Policy
The Baltics Up the Ante in Defense
Take It or Leave It: The Future of the Two-State Solution
Trump and Trudeau: Fire and Ice
Cybersecurity in the Gulf: The Middle East's Virtual Frontline
Little Margin for Error in South China Sea Policy
Eritrea: A Potential U.S. Counterterror Partner
Trump Administration Faces Daunting Challenges in Afghanistan
The New Space Race
Autonomous Hacking Bots: Menace or Savior?
Myanmar’s Rohingya Crisis – Fertile Ground for Jihadis in Southeast Asia?
Cuba Lingers in Limbo
Designating the Muslim Brotherhood As Terrorists Is Complicated
Trump and the New Map of the Middle East
The New Technology of Humanitarian Assistance
Missile Defense: Blocking Threats or Blocking Diplomacy?
Flynn Controversy Raises New Questions
Doubling Down Against the Jihadist Message
Civilians and the Military Under Trump
The Gulf Cooperation Council Operates in a Tumultuous Region
DIY Defense Tech: More Countries Seek Advanced Homegrown Weaponry
The Vice Closes on Mosul: What Next?
U.S. Marines Head to Norway and Australia
Cyber Proxies: A Central Tenet of Russia’s Hybrid Warfare
The Future of Transatlantic Defense: More Europe
Trump’s NSC: A Bureaucratic Balancing Act
Tallinn Manual 2.0: Stepping Out of the Fog in Cyberspace
Defining Objectives for the U.S.-Iran Relationship
The U.S.-Japan Alliance: Reform and Uncertainty
India’s Cyber Potential: A Bridge Between East and West
Missile Defense: Targeting a Technological Solution
NATO Zeros In on Black Sea Security
Vying for Power in Iran
The TPP Without America
Disentangling the NSA and Cyber Command
The United Nations at a Tipping Point
Developing Special Operations Forces in China and Russia
Hawala Networks: The Paperless Trail of Terrorist Transactions
Objective: Raqqa
The Baltics: Veterans of Russian Cyber Operations
Security Concerns Complicate Investment Opportunities in Mozambique
What Is the “Deep State”?
Al Qaeda Takes Advantage in Syria
The War of Words Between Europe and Turkey
Jumping the Air Gap: How to Breach Isolated Networks
Sizing Up the Trump Defense Budget
Brexit Begins: Hurdles to a UK-EU Deal
India-Israel Relations: An Opportunity That Can’t Be Missed
Why Syria’s Kurds Are America’s Key Ally
China Pivots its Hackers from Industrial Spies to Cyber Warriors
Putin vs. The Unknown
Germany, Japan Strengthen Defensive Capabilities
The Long-Goodbye to Afghanistan – Should It Get Longer?
Turkey’s Referendum: The Dangerous Road to “Yes”
Trump Draws the Line in Syria
EU Economic and Military Investments in Africa Increase
Trump-Xi Summit: No Real Progress Yet, but Stay Tuned
The Zero-Day Dilemma: Should Government Disclose Company Cyber Security Gaps?
Stepping into the Void of Trump’s Global Retreat
Al Qaeda Quietly Expands in South Asia
Chinese Firms Surge into Africa in Search of Customers, Contracts, Jobs
How Spy Agency Hackers Pose As – Anybody
Does Moderate Political Islam Exist?
The Call to Radicalism, Both at Home and Abroad
Instability Casts a Shadow Over French Presidential Election
The Problem of Siloed Cyber Warriors
Best Of: Sizing Up America’s Aircraft Carriers of the Future
Europe Intel Sharing Will Take Trust
Rebranding Countering Violent Extremism Programs: A Sharper Focus or Missing the Point?
Trump 100 Days: From the Travel Ban to TPP
The Power of Botnets: Amplifying Crime, Disinformation, and Espionage
The “China Solution”: Beijing Aims for Global Leadership
Venezuela Teetering on the Edge
A Tale of Three Libyas
Worlds Collide in the French Election
NSA Curtails Collection Under FISA Provision
U.S. Special Operations Forces’ Changing Mission in the Middle East
The Comey Fallout
Is Sudan Still a State Sponsor of Terror?
Will Moon Bring Back Sunshine Policy in South Korea?
WannaCry Attack: Microsoft Questions Role of Intelligence Community
Defending the U.S. from North Korean Long Range Missiles
Blue Helmets Under Fire - From Trump
The War Against ISIS Has Just Begun
The “Renaissance” in Private Space Launch for Defense
Chinese Industrial Spies Cast a Wider Net
Could Iran’s Elections Indicate a New Future?
Western Balkans in Russia’s Crosshairs
Japan, South Korea Shaken by Pyongyang, Beijing – And Now, Washington
How Can the U.S. Level the Digital Trade Playing Field?
Best Of: Sizing Up America’s Aircraft Carriers of the Future
U.S., China, Others Build Bases in Djibouti – What Could Go Wrong?
Asian Nations Arming for Underwater War
Would an Arab NATO Help Stabilize the Mideast — or Inflame Iran?
The Hardest Fight Comes After Mosul Falls
Terror in London: ISIS Threat to West Intensifying
UK Terror Attack: Looking for Links to the U.S.
Europe Is Boosting Defense Spending – And It’s Not All About Trump
Populism Spreads Across U.S., Europe But Could Halt as Economy Rallies
Pyongyang and Beijing No Longer “Close as Lips and Teeth”
Terror Finance in the Age of Bitcoin
Does Brexit Still Mean Brexit?
South Africa: On the Road to Turmoil?
Will China Play Peacemaker with Its Oil Suppliers Saudi Arabia and Iran?
Philippine City is a Battleground in Global Fight Against Extremism
Drugs and Violence on the United States’ Doorstep: No End in Sight
Can China Actually Restrain Kim Jong-Un?
Allying Public and Private Forces on the Front Lines of Cybersecurity
Close Calls or Worse Between U.S. and Russia in Syria
U.S. Running Out of Options in Afghanistan