National Security Agency Discloses only 91% of the Security Vulnerabilities to Companies

NSA

The U.S. National Security Agency (NSA) is trying to win back public trust after being accused of hoarding information about serious vulnerabilities in computer software, thereby leaving U.S. companies open to cyber attacks. Last week the agency claimed to have informed manufacturers and affected companies of around 91% of the security flaws it discovered, allowing them to patch their vulnerabilities.

However, this attempt at showing themselves as the good guys comes under severe criticism because the National Security Agency often uses these specific vulnerabilities to make its own cyber-attacks first, before informing the companies, according to current and former U.S. government officials. After they are successful in carrying out these attacks, only then does National Security Agency inform the technology vendors about the vulnerabilities so that they can fix the problems and ship updated programs to customers, the officials said.

At the core is the U.S. policy on so-called zero-days, the critical software flaws that are of great importance to both hackers and spies because no one knows about them. The term zero-day comes from the number of warnings a user will get to fix their machines proactively. A two-day flaw is significantly less dangerous because it surfaces two days after a patch is available.

One of the best-known use of zero-days was in Stuxnet, the attack virus developed by the NSA and its Israeli counterpart to penetrate the Iranian nuclear program and crippled centrifuges that were enriching uranium. Before it was discovered in 2010, Stuxnet took advantage of previously unknown vulnerabilities in software from Microsoft Corp and Siemens AG to infiltrate the facilities without triggering security programs.

A murky but strong market has developed for the purchasing and selling of zero-days. According to reports in May 2013, the National Security Agency is the world’s top buyer of the flaws. The NSA also finds exploits through its own cyber programs, using some to access a computer and telecommunications systems overseas as part of its chief spying mission.

According to the government officials, there is a natural tension as to whether zero-days should be used for offensive operations or revealed to tech companies and their customers for defensive purposes.

However, critics rejected NSA’s claims of trying to safeguard the nation against all sort of terror attacks including cyber-attacks. They believe the agency is trying really hard to confuse people from the real issue and divert their attention to something that is futile.

Besides that, there is the issue that not all flaws are of similar size or significance. It doesn’t really make much of a difference if the agency decides to reveal a minor, easily fixable flaw and keep the much bigger and complicated vulnerabilities among them.

Avatar
Anna Domanska
Anna Domanska is an Industry Leaders Magazine author possessing wide-range of knowledge for Business News. She is an avid reader and writer of Business and CEO Magazines and a rigorous follower of Business Leaders.

Recent Posts

Blackstone puts in an offer of $1.68 billion for St Modwen

Blackstone puts in an offer of $1.68 billion for St Modwen

Blackstone, the private equity firm, is planning to acquire St Modwen Properties, a logistics and housing developer, for £1.2bn ($1.68 billion) in a bid to take advantage of the P
2 days ago
Tesla to lose millions as Stellantis ends CO2 credit buying deal

Tesla to lose millions as Stellantis ends CO2 credit buying deal

Stellantis, the carmaker formed earlier this year by the merger of Fiat Chrysler and PSA, has revealed that it no longer needs to buy emission credits from Tesla, which will result
3 days ago
AB InBev CEO Brito to step down

AB InBev CEO Brito to step down

Anheuser-Busch InBev SA’s Chief Executive Officer Carlos Brito will step down from his role, effective July 1 and Michel Doukeris will succeed him as the new CEO. Brito, who beca
3 days ago
Australia’s Officeworks stops sales of Apple’s AirTags on child safety concerns

Australia’s Officeworks stops sales of Apple’s AirTags on child safety concerns

Officeworks, the Australian office supply store chain, has pulled Apple’s newly launched AirTags from its store following safety concerns for children from its button battery
3 days ago
Ex Google AI scientist joins Apple after resigning in protest for unfair practices

Ex Google AI scientist joins Apple after resigning in protest for unfair practices

Apple, Inc. has hired a former Google AI scientist who resigned in protest against the firing of two employees from the Ethics division. Sammy Bengio, the ex-Google employee, will
5 days ago
Solid Power raises $130 million in second funding round from Ford and BMW

Solid Power raises $130 million in second funding round from Ford and BMW

Solid Power, a solid-state battery system startup, has raised $130 million in Series B funding led by Ford Motor Company and BMW Group. The Louisville, Colorado-based SSB developer
5 days ago