Michael Hayden, a former head of both the National Security Agency and CIA, said on Thursday that the U.S. should not deploy cyber espionage tools if it can’t keep them secure.
“I cannot defend American espionage using incredibly powerful tools if we cannot keep them secret,” Hayden said during the Anomali DETECT conference in National Harbor, Md.
Hayden, currently a principal at the Chertoff Group, was referring to two incidents that have occurred since May, in which tools leaked by TheShadowBrokers hacking group were used in incredibly virulent outbreaks of malware. TheShadowBrokers claimed the tools were stolen from an elite cyber intrusion unit at the NSA, and previously unreleased documents leaked by former NSA contractor Edward Snowden contained tracking codes matching the source code found in files belonging to TheShadowBrokers.
WannaCry and NotPetya malware each used the tools to spread through hundreds of thousands of computers in under a week each time.
The files were leaked this year but appear to have been stolen in 2013, when Keith Alexander headed the NSA.
Groups like Microsoft have asked that the NSA stop hoarding the security flaws in software and hardware used to fuel these tools — instead asking the government to inform manufacturers of the vulnerabilities to let them patch their wares. Other groups, including Mozilla, want to make more moderate changes to the process by which the government decides which vulnerabilities it can keep.