Intel Agencies That See Something Should Say Something

By Marshall Erwin

Marshall Erwin is a researcher specializing in intelligence, cybersecurity, and counterterrorism. Most recently, he was a fellow at the Hoover Institution, supporting its Foreign Policy Working Group. Between 2004 and 2010, he worked as a counterterrorism and cybersecurity analyst in the intelligence community. He also served as the counterterrorism adviser to Senator Susan Collins on the Senate Homeland Security and Government Affairs Committee and as the intelligence specialist at the Congressional Research Service.

Wikileaks’ “Vault7” disclosure last month of apparent CIA hacking tools marked the third recent incident in which an inadvertent public release of alleged government hacking techniques has sent the private sector scrambling to protect users.

The two others involved a release of alleged NSA tools by group that calls itself Shadow Brokers and the publication of a vulnerability used by an unknown law enforcement agency to deanonymize Tor users. These incidents have raised further questions about whether and when the U.S. government should be required to disclose zero-day vulnerabilities, meaning, secret, previously undisclosed flaws for which no ready-made patches exist.

Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.

Sign Up Log In


Related Articles

Search

Close