A former CIA Director says the U.S. Government is being too secretive about cybersecurity vulnerabilities.
Retired four-star General and former CIA Director, Michael Hayden writes in a recent article that Uncle Sam is too quick to classify intelligence about software security holes, preventing the government and public sector from learning about them.
“It is far easier to learn about physical threats from U.S. Government agencies than to learn about cyberthreats,”Hayden wrote in the Spring, 2011 issue of the Air Force’s Strategic Studies Quarterly.
Hayden served as the director of the National Security Agency and administered George W. Bush’s secret and warrantless wiretapping program. He recently emerged from the relative obscurity of retirement to criticize whistle-blowing, purveyors of transparency, Wikileaks, after their publication of a trove of classified US Military and Diplomatic cables according to a report from Wired.
Despite his integral role in two of the U.S. Government’s most secretive organizations, Hayden says he has always had a soft-spot for transparency. However, popular culture and public policy have stacked the deck in favor of cybercriminals, he argues.
“In the popular culture,” writes Hayden, “the availability of 10,000 applications for my smart phone is viewed as an unalloyed good. It is not—since each represents a potential vulnerability.”
To remedy this, Hayden writes there is a need to “recalibrate what is truly secret,” and create a more open flow of information to better educate corporations and individuals.
Hayden is hardly the first to warn about the down side of the U.S. Government’s preference for classifying data. In August, Amit Yoran, former head of the Department of Homeland Security’s Cyber Security Division, told Threatpost that the Government’s penchant for secrecy was a major obstacle to improving the security of government networks.
“When you have
information that’s tightly controlled, you don’t have the type of
information sharing broadly among different operators. So the
intelligence community isn’t sharing information with the folks who run
systems or with the private sector and people are at a loss – they don’t
understand the threat environment and what they need to do to protect
themselves,” Yoran said.
The Government Accountability Office (GAO) has also warned on numerous occasions about the overclassification or misclassification of sensitive information within government agencies including the Department of Defense (PDF) and Department of Energy.