Former NSA, CIA Chief: Declassify Cyber Vulnerabilities

The former head of America’s most powerful and secretive intelligence agencies thinks the U.S. government classifies too much information on cybersecurity vulnerabilities. “Let me be clear: This stuff is overprotected,” writes retired four-star Gen. Michael Hayden, in the new issue of the Air Force’s Strategic Studies Quarterly. “It is far easier to learn about physical […]

The former head of America's most powerful and secretive intelligence agencies thinks the U.S. government classifies too much information on cybersecurity vulnerabilities.

"Let me be clear: This stuff is overprotected," writes retired four-star Gen. Michael Hayden, in the new issue of the Air Force's Strategic Studies Quarterly. "It is far easier to learn about physical threats from U.S. government agencies than to learn about cyberthreats."

Hayden knows something about secrets. The director of the National Security Agency from 1999 to 2005, it was Hayden who implemented President George W. Bush's secret warrantless wiretapping program. He went on to head the CIA until his retirement in 2008. Now at the Chertoff Group, Hayden emerged to attack WikiLeaks over its publication of U.S. military and diplomatic secrets last year.

But for a top spook, Hayden always had a unexpected soft spot for transparency. Until the Sept. 11 attacks turned government secrecy into a fetish, Hayden had been nudging NSA toward a bit of glasnost. And at his confirmation hearings for the CIA role, he admitted: "I do think we overclassify, and I think it's because we got bad habits."

Now those habits are keeping the government from educating the public about the sorry state of cyber security, he writes.

In the popular culture, the availability of 10,000 applications for my smart phone is viewed as an unalloyed good. It is not — since each represents a potential vulnerability. But if we want to shift the popular culture, we need a broader flow of information to corporations and individuals to educate them on the threat. To do that we need to recalibrate what is truly secret.

Our most pressing need is clear policy, formed by shared consensus, shaped by informed discussion, and created by a common body of knowledge. With no common knowledge, no meaningful discussion, and no consensus ... the policy vacuum continues. This will not be easy, and in the wake of WikiLeaks it will require courage; but, it is essential and should itself be the subject of intense discussion.

Who will step up to lead?

The statement is part of Hayden's introduction to the spring edition of Strategic Studies Quarterly, which explores the strategic issues of cyberwar.

See Also: