If I were President for a day, the first thing I would do is instruct our national security to patch and secure every American technology company, as they are our gems in the world. I would burn every zero-day I had on a US company and help them patch it. The rest of the world would know our immense defense budget was now being used to secure our companies as well, as China does. Apple, Meta, Google, Microsoft, Intel, Cisco, Arista, Unifi, Qualcomm… I’m probably missing a few, they should all have the shield of our national security defense. Right now each company has to create their own defenses, and they are getting eaten and pillaged by foreign companies with state backing.
Well thought and well said!!! Let us hope that one day our politicians wake up and do the right thing for everything or at least for some things!!!
The first step, before doing any of that, would be to change the “anti-hacking” laws to not be so … ancient? ridiculous? I’m honestly not sure, but basically, right now, just saying “hey, I changed a url and accessed another user’s personal information” is admitting to a crime.
Why is that a problem for this? Seems orthogonal to the issue of our government being aware of numerous security vulnerabilities in US company’s software and not disclosing them.
By making the government the only officially safe place to report vulnerabilities, without legalizing the research of them in the first place… it creates quite a dubious relationship, don’t you think?
Knowledge is already weaponized enough, there’s no reason to weaponize it further.
Yes, Matt! Would you ever consider presenting to Congress? Consider how much attention is being paid to geographic borders where foreign nationals are entering in broad daylight to look for work.. Versus the cyber borders right outside every company’s network where state sponsored teams of foreigners are working to enter clandestinely to look for AI IP to steal. If big tech needs this help you describe securing their cyber borders, imagine all the other co’s.
YES. This is evidently a long-standing tension inside the NSA between defense (SIGSEC) and offense (SIGINT). Not sure where the balance there is now, but offense clearly won for a solid decade or two (or three?) during the Snowden era.
I could not have said it better myself. I think we are woefully lacking on the digital battlefield.
Hi Matt – Great subject, a recent post on the cloudflare blog shares a story along the lines of your post on security. I think you would enjoy it.
https://blog.cloudflare.com/thanksgiving-2023-security-incident
Cheers – John Kent
Vote for Matt 🙂