In a rare insight into the government’s thinking on the use of cyberweapons, the White House on Monday published a series of questions it asks in deciding when to make public the discovery of major flaws in computer security or whether to keep them secret so that American intelligence agencies can use them to enable surveillance or an attack. The discussion came not in a presidential policy directive or a speech, but in a blog post on the White House website.
In an attempt to be more transparent, on Monday the White House defended the federal government’s right to withhold public disclosures of cybersecurity vulnerabilities, like the recent Heartbleed bug, when doing so is in the interest of U.S. national security. The Obama administration also listed a number of questions the U.S. government says it considers before concealing cybersecurity flaws. The statement, published on the official White House blog by President Obama’s cybersecurity coordinator, Michael Daniel, follows strong assertions from both the National Security Agency and the White House that, contrary to reports, the federal government had no knowledge of Heartbleed prior to its public disclosure on April 7.