The U.S. Government and Zero Day Vulnerabilities
- Author Jay Kesan
- Published February 2, 2020
- Word count 610
In May, Secretary of Defense Ashton Carter addressed reporters at a news conference in California, where he talked about technology and cyber defense.Carter spoke about the United States’ use of electronic attack methods to disrupt the activities of ISIS. But, he warned, we are not the only country with those types of capabilities.
Technology is an equalizer.This has pretty much always been true.A lot of technology allows us to do old tasks in new ways to get things done faster, and this is also true for military technology. Considerable time and resources are required for an airstrike or an espionage operation. It takes much less effort to develop and deploy an electronic weapon that could have similar effects. Experts estimate that Stuxnet, the infamous worm that destroyed hundreds of nuclear centrifuges in Iran, cost a million dollars to develop. That sounds like a lot to you and me, but keep in mind that Congress budgets hundreds of billions of dollars for the Department of Defense every year. Stuxnet’s development costs are within the reach of a small country, or even a very determined group of individuals.
This is why Defense Secretary Carter was in California with other high-ranking policy officials to meet with technology companies. Relationships between technology companies and the government have been strained lately, as law enforcement calls for breakable encryption. But, the encryption controversy aside, cooperation between technology experts and the government is essential for national security. The government needs the technology expertise of the private sector, and vice versa.Cyber defense, however, requires innovative thought, not just money.
A major obstacle to effective cyber defense is the unpredictability of zero day vulnerabilities. Zero days are security holes that are unknown and unpatched before an attacker uses them. Security researchers around the world identify zero days, and some of these zero days are sold on the open market. One of the purchasers in the market for zero day vulnerabilities is the U.S. government.Zero day vulnerabilities give our military and intelligence communities an edge as they develop cyber weapons and surveillance tools. But these security holes are discovered, not made. If we can find it and figure out how to use it against people who want to hurt us, there is also nothing stopping those people from using the same security holes against the U.S. military, U.S. infrastructure, and U.S. citizens.
This should concern the technology companies—the software vendors—that are being asked to collaborate with the government on cyber defense. Our critical infrastructure has to be protected and civilians have to be protected too. But by supporting the market for zero day vulnerabilities and exploits, the U.S. government is tacitly condoning everyone else’s efforts to develop cyber weapons, regardless of whether this is in the best interest of the public.
Even if the U.S. government moves all zero day research in-house (in other words, the government agencies look for the zero day vulnerabilities themselves, instead of buying them from others), anyone else could find the same vulnerabilities with enough resources and time. Offense and defense may be more closely related in cyber conflict than in any other context. Cyber defense isn’t just about building a better wall to keep out better weapons. The "better wall" has to be designed with specific weapons in mind, and the technologies of these weapons need to be integrated into this wall to some degree. Only by giving cyber defense at least as much emphasis as cyber offense will we be able to mitigate threats to our society and our way of life.
Author – Jay Kesan
Jay P. Kesan has published extensively both as an engineer and scientist and as a legal scholar. His works have been cited extensively. He also holds 18 U.S. patents on various aspects of electrical, wireless, RFID and software technologies.Article source: http://articlebiz.com
There are no posted comments.
- Website security check: Tips on how to protect your website from hackers
- How will cyber threats evolve in 2020?
- When to choose red teaming over penetration testing: A guide to a robust cybersecurity program
- Protect your files with drive image backup software
- How Cloud Management Values Change Your Business
- Spyware – Yet Another Cyber Menace
- Reset lost passwords in Windows with Active@ Password Changer
- Antivirus measures you should know when your PC is infected with a virus
- Security Fit For Royalty!
- Global VPN Use Is Booming But So Is Cyber-Censorship
- Things to do to make your business, cyber secure
- The new European data protection system
- Avoiding Disaster: Make Website and Business Asset Backups Mandatory
- 12 Ways to Keep Your Data & Identity Safe Online
- Associate With Avast Support USA To Shield PC Against Viruses And Malware
- Microsoft Office Customer Service for Office Setup
- What is All-czech browser hijacker and how to remove it
- Methods to delete Web-start.org from computer and browser
- What is Odin ransomware, how to decrypt .odin files
- How to remove Loadstart browser hijacker
- How to remove Tech-connect.biz from Google Chrome and all other browsers
- How to remove Alma Locker ransomware virus
- How to remove SOEASYSVC adware from your browser
- How to get rid of SafeSurf virus
- How to remove Cryp1 virus and to restore the encrypted files
- What is Social2Search, and how it differs from other adware
- How to remove Hohosearch adware from computer and browser
- Browser Hijackers, the Methods Of their Action And the Ways to Remove Them
- 5 Website Security Issues You Should Be Aware Of?