Microsoft President Brad Smith said Sunday that the United States government’s approach to cybersecurity is dangerous and contributed to a major global cyberattack last week.
A ransomware attack hit over 150 countries on Friday, infecting 200,000 computers and even crippling the United Kingdom’s National Health Service.
The cyberattack highlights how dangerous it is for government agencies to continue to engage in the “stockpiling of vulnerabilities” the way they currently do, Smith wrote in a blog post on his company’s website. He added that the government should work with tech companies to help avoid similar attacks in the future.
“Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” Smith wrote. “An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. ... The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world.”
It’s widely believed that the National Security Agency is responsible for the security vulnerability that was exploited by the malware used in last week’s attack, Reuters reports. An anonymous group called Shadow Brokers released that malware, called “WannaCrypt,” onto the internet.
The NSA did not immediately respond to a request for comment.
“An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”
- Microsoft President Brad Smith
President Donald Trump reportedly met with top security officials over the weekend to discuss the attack.
Trump promised voters that he would take on hackings and cybersecurity in his first 100 days. On Thursday, the president signed an executive order aimed at bolstering the security of federal networks. That order, however, does not address working with tech companies to help mitigate threats.
“We need the tech sector, customers, and governments to work together to protect against cybersecurity attacks,” Smith wrote in his blog post. “More action is needed, and it’s needed now.”
Microsoft has issued another defense against the current version of WannaCrypt. But a new version of the malware may already have been released, according to the head of the Europol, which helps the European Union fight crime and terrorism.