US government keeps cyber vulnerabilities too secret

A former top spook has warned that the US government classifies too much information on cybersecurity vulnerabilities.

Retired four-star General Michael Hayden told the Air Force’s Strategic Studies Quarterly that it is easier to learn about physical threats from US government agencies than to learn about cyberthreats.

Hayden, who was the director of the National Security Agency from 1999 to 2005, was the bloke who implemented President George W. Bush’s secret warrantless wiretapping programme. Not only did he head the CIA, he was a voice against WikiLeaks last year.

Hayden said that the bad habit of classifying everything that moves as a threat is keeping the government from educating the public about how bad cyber security really is.

To the great unwashed, the availability of 10,000 applications for a smartphone is seen as good. However, since each represents a potential vulnerability it is probably not so hot, he said.

Hayden said that it was important to shift the popular culture, and there needs to be a broader flow of information to corporations and individuals to educate them on the threat.

The government needs to redefine what is really secret. There needs to be a clear policy on this which is formed by shared consensus, shaped by informed discussion, and created by a common body of knowledge.

At the moment, there is no common knowledge, no meaningful discussion, and no consensus and so the policy vacuum continues, Hayden continued.