This New York Times article about Edward Snowden implicitly highlights the perceived dilemmas of US cybersecurity policy.
In 2010, while working for a National Security Agency contractor, Edward J. Snowden learned to be a hacker. He took a course that trains security professionals to think like hackers and understand their techniques, all with the intent of turning out “certified ethical hackers” who can better defend their employers’ networks. But the certification, listed on a résumé that Mr. Snowden later prepared, would also have given him some of the skills he needed to rummage undetected through N.S.A. computer systems and gather the highly classified surveillance documents that he leaked last month, security experts say.
Some intelligence experts say that the types of files he improperly downloaded at Booz Allen suggest that he had shifted to the offensive side of electronic spying or cyberwarfare, in which the N.S.A. examines other nations’ computer systems to steal information or to prepare attacks. The N.S.A.’s director, Gen. Keith B. Alexander, has encouraged workers to try their skills both defensively and offensively, and moving to offense from defense is a common career pattern, officials say. Continue Reading →