For over twenty years the United States has consistently been the strongest voice for an open Internet that connects people all around the world. It was not a place for sovereignty and closed borders, the priorities of Russia, China, Iran, and other states scared of how the free flow of information might undermine their regime’s hold on their people. Until last week, that is.
Most weeks, it is far outside the normal job responsibilities for cybersecurity professionals to understand what the United States (or other governments) do to find or use computer vulnerabilities. Just stay patched and keep the board of directors happy. This is not one of those weeks.
This week we learned that the National Security Agency disclosed to Microsoft that it had discovered a major vulnerability (dubbed CVE-2020-0601) in Windows 10. A Washington Post article, by veteran cyber journalist Ellen Nakashima, declared this to be a “a major shift in the NSA’s approach, choosing to put computer security ahead of building up its arsenal of hacking tools that allow the agency to spy on adversaries’ networks.”