Let's make a trade:
You mandate that the NSA (and other three-letter agencies) publishes any vulnerabilities it finds, and we'll keep our systems patched against said vulnerabilities.
> One of the most visible such attacks occurred in 2021 with a ransomware attack on the Colonial Pipeline, which delivers gasoline and jet fuel to much of the southeastern US.
It really should not go without mentioning the cause of the Colonial Pipeline attack: a leak of the NSA’s hacking weapons. The attack was collateral damage of the US government’s offensive capabilities.
How about instead of simply pen testing adversaries, the NSA also pen tests critical American infrastructure. This infrastructure would need to first be identified and then given a special designation. The US already does this with banks and solvency. The NSA can start with the lowest hanging fruit: OWASP vulnerabilities.
3 comments
[ 2.7 ms ] story [ 19.5 ms ] threadWe are long past the point where these groups had any accountability to any elected official or judge etc...
It really should not go without mentioning the cause of the Colonial Pipeline attack: a leak of the NSA’s hacking weapons. The attack was collateral damage of the US government’s offensive capabilities.
How about instead of simply pen testing adversaries, the NSA also pen tests critical American infrastructure. This infrastructure would need to first be identified and then given a special designation. The US already does this with banks and solvency. The NSA can start with the lowest hanging fruit: OWASP vulnerabilities.