Why the NSA should be considered a hostile agency

When an agency with security in its name chooses to exploit a security exposure rather than fix it, we have a problem, writes columnist Rob Enderle.

This last week we had yet another NSA event. This time it was the leak of advanced tools that could be used to exploit unreported defects in networking gear from U.S. manufacturers. This seems to further enforce a position by a variety of U.S. agencies to focus on breaking into things rather than help secure them. However, given that these break-ins are largely illegal and this practice appears to be doing massive damage to the technology market, not to mention exposing our firms to attack by a variety of nasty players, shouldn’t these agencies be reclassified as hostile?

I think the current mindset of these government agencies is foolish and puts not only our firms and customers at risk, but the nation itself. Let me explain.

[ Related: Snowden: Auction of stolen NSA malware likely political ]


At the core of this appears to be an incredible arrogance that product defects can be discovered only by the NSA. There is nothing I’ve seen that suggests the NSA is substantially more capable than the collective efforts of large hostile or friendly governments, large criminal organizations, or a variety of technology schools -- both domestic and abroad.

This suggests that if the NSA can create tools to exploit these defects so can those who are hostile to the U.S. and it is arrogant to believe otherwise. Of course, even if that wasn’t true, these constant leaks point like neon signs to this approach making it far more likely someone will do the U.S. harm as a result.

Tactical thinking

I think much of this is due to tactical thinking where someone trades off an easier path to do their job for the larger strategic problem of critically damaging the U.S. technology industry and opening the nation to attack.

Let’s use Lockheed as an example. Let’s assume a government agency discovered a problem with Lockheed’s avionics package where a signal could be sent that would cause Lockheed planes to crash, but they kept this secret in case the U.S. were attacked by these planes so they could push a button and stop the attack. But given the U.S. uses more of these planes than anyone else, this defect would wipe out much of the U.S.’s airpower so it would be incredibly stupid not to report it to Lockheed so it could be fixed. This would be doubly true if it became known that the U.S. had this power because foreign governments would stop buying Lockheed jets.

We are already highly networked and are aggressively moving to everything from autonomous cars to smart cities that all rely heavily on U.S. sourced technology to keep them running and the folks that use them safe. Leaving a defect unreported in the hope it could be used for illegal spying in exchange for the potential to bring the nation to its knees would seem to be a stupid tradeoff. In addition, it also appears to be the one that the nation is making, including the part where it is killing sales of U.S. technology products.


At its heart these decisions suggest ineffective oversight in the U.S. government. It isn’t at all unusual for any agency, public or private, to act in ways that enhance its mission. Nor is it unusual for them to prioritize a benefit for them over a larger exposure for the company or nation.

This is why you have things like internal audit and compliance so that, when this happens, the executive in charge can be caught and disciplined for putting his needs over those of the organization he works for, or in the case where an organization misacts, over the needs of the investors, customers, or, in this case, the citizens.

[ Related: Cisco, Fortinet issue patches against NSA malware ]

When do we say enough is enough?

An agency with “security” in its name should have security as a priority. This means such an agency should be working to assure we are secure and that should more important than finding ways to break into things. In short, when given a choice between doing something that fixes a security exposure for the nation and exploiting that exposure the choice should naturally fall to fixing it.

The fact it currently doesn’t suggests there is something seriously wrong in the U.S. with the concept of security, the understanding of technology, and the related oversight in the NSA and for the sake of the nation we need to say enough is enough and get it fixed.

If we don’t and we continue down this path of connecting everything there is a real likelihood that this practice will have national catastrophic consequences. Bottom line: There should never be a case like the one that appears to exist today – one in which a U.S. Agency appears to be a greater security problem than an asset. Fixing this should be a higher priority than it obviously is.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Rob Enderle

Show Comments

Most Popular Reviews

Latest News Articles


GGG Evaluation Team

Kathy Cassidy


First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni


For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell


The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi


The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott


My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?