Weighing A Stockpile Of Computer Threats

8:58 minutes

Credit: Shutterstock

Last week, some computer users booted up their machines to encounter not their normal desktop, but a ransom note. The ransomware program, called WannaCry, spread rapidly by making use of an old flaw in the Windows operating system. It encrypted files on affected computers and threatened that the data would remain encrypted forever—unless the owners paid a ransom in the online currency BitCoin. The perpetrators behind the hack are still unknown, although some cybersecurity experts have said that clues point in the direction of North Korea. Some of the technology used in the hack, however, was apparently developed by, then stolen from, the U.S. government.

[What practical tools are there to save some of your privacy?]

This isn’t the only hack in the government cyber arsenal. When it comes to vulnerabilities that could affect millions, what is the government’s responsibility to help those flaws get fixed? How does it decide which flaws to report, and which to stockpile? Jason Healey, a senior research scholar at Columbia University’s School of International and Public Affairs, says that the Vulnerability Equities Process, or VEP, is the route that government officials are supposed to take in deciding whether to report or conceal a previously undisclosed vulnerability—but that system may not always work as it’s supposed to.

Segment Guests

Jason Healey

Jason Healey is a Senior Research Scholar at Columbia University’s School of International and Public Affairs in New York, New York.

Meet the Producer

About Charles Bergquist

As Science Friday’s director, Charles Bergquist channels the chaos of a live production studio into something sounding like a radio program. Favorite topics include planetary sciences, chemistry, materials, and shiny things with blinking lights.