Michael Daniel, who advised President Barack Obama on cybersecurity issues in his second term, said criticism of U.S. intelligence agencies holding on to hacking vulnerabilities is misplaced.
"It is naive to believe that in the 21st century, intelligence agencies, law enforcement agencies are not going to have the need to discover software vulnerabilities and exploit them for intelligence purposes," Daniel said in an interview published by The Hill on Monday.
"In fact, it's what we want them to do," he said. "It's part of the way we catch terrorists. It's part of how we discover the intentions of those who plan to do us harm. As a society, we want those decisions to occur."
Daniel's words come as Congress considers changes to the rules on how intelligence agencies inform companies about vulnerabilities to their software. The debate was reignited over the recent WannaCry ransomware attack that exploited problems in Microsoft Windows.
The Microsoft vulnerability is believed to have been leaked from the National Security Agency, which had kept a copy, much like the Centers for Disease Control and Prevention keeps samples of infectious diseases.
That is as it should be, Daniel said, and he argued against full disclosure of what the government knows.
"We can be more transparent, but I don't think the government can ever be as transparent as some people would like," he said. "If the government came out and said we had a stockpile of eight vulnerabilities, and the Russian or Chinese intelligence services knew they had figured out seven of the vulnerabilities the U.S. continued to use, they could entirely block the U.S. intelligence agencies."
The bipartisan PATCH Act would not force agencies to share everything it knows with the public, but it would codify the way things currently work and would add a multi-agency review process, The Hill reported.
"I'm very skeptical about Congress codifying processes," Daniel said of the legislation. "It would not be bad for Congress to say there has to be some kind of process, and it has to meet the following criteria, but leave the specific details to the executive branch."
© 2022 Newsmax. All rights reserved.