Analysis & Opinions - Lawfare
The Real Lesson from the WannaCry Ransomware
Preview
"Lawfare and others have spent an enormous amount of time discussing the intricacies of the Vulnerabilities Equities Process (VEP). Many policy conferences have been dedicated to the matter, and an even greater number of Twitter debates. The topic, in its own way, serves as a proxy for what one thinks of broader issues in information security and signals intelligence.
Today’s so-called WannaCry ransomware attack reveals the stakes, but more importantly the limits, of that debate.
Our bottom line up front is that, VEP or no VEP, today’s ransomware attack highlights the risks of relying on software that is no longer supported by its developer (like Windows XP) and of not applying patches that the developer makes available (like MS17-010). Even a perfectly functioning VEP would not make much difference unless the developer addressed the vulnerability, and businesses and institutions applied the relevant patch. These are the two issues—more than a government process that feeds them—that make or break organizations in the wake of today’s attack..."
Want to Read More?
The full text of this publication is available via the original publication source.
For more information on this publication:
Please contact
Cyber Project
For Academic Citation:
Buchanan, Ben and Michael Sulmeyer.“The Real Lesson from the WannaCry Ransomware.” Lawfare, May 12, 2017.
- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions
- Foreign Policy
Do Policy Schools Still Have a Point?
Report
- Belfer Center for Science and International Affairs
Democracy and the Liberal World Order Amid the Rise of Authoritarianism
Newspaper Article
- Harvard Gazette
Lessons for Today's Cold War 2.0 with Russia, China
In the Spotlight
Most Viewed
Report
- Belfer Center for Science and International Affairs and UiT The Arctic University of Norway
Arctic Climate Science: A Way Forward for Cooperation through the Arctic Council and Beyond
Paper
- Belfer Center for Science and International Affairs, Harvard Kennedy School
Attacking Artificial Intelligence: AI’s Security Vulnerability and What Policymakers Can Do About It
Preview
"Lawfare and others have spent an enormous amount of time discussing the intricacies of the Vulnerabilities Equities Process (VEP). Many policy conferences have been dedicated to the matter, and an even greater number of Twitter debates. The topic, in its own way, serves as a proxy for what one thinks of broader issues in information security and signals intelligence.
Today’s so-called WannaCry ransomware attack reveals the stakes, but more importantly the limits, of that debate.
Our bottom line up front is that, VEP or no VEP, today’s ransomware attack highlights the risks of relying on software that is no longer supported by its developer (like Windows XP) and of not applying patches that the developer makes available (like MS17-010). Even a perfectly functioning VEP would not make much difference unless the developer addressed the vulnerability, and businesses and institutions applied the relevant patch. These are the two issues—more than a government process that feeds them—that make or break organizations in the wake of today’s attack..."
Want to Read More?
The full text of this publication is available via the original publication source.- Recommended
- In the Spotlight
- Most Viewed
Recommended
Analysis & Opinions - Foreign Policy
Do Policy Schools Still Have a Point?
Report - Belfer Center for Science and International Affairs
Democracy and the Liberal World Order Amid the Rise of Authoritarianism
Newspaper Article - Harvard Gazette
Lessons for Today's Cold War 2.0 with Russia, China
In the Spotlight
Most Viewed
Report - Belfer Center for Science and International Affairs and UiT The Arctic University of Norway
Arctic Climate Science: A Way Forward for Cooperation through the Arctic Council and Beyond
Paper - Belfer Center for Science and International Affairs, Harvard Kennedy School
Attacking Artificial Intelligence: AI’s Security Vulnerability and What Policymakers Can Do About It