Skip to content
Subscriber Only
Leonid Bershidsky

Treat Computer Hacks Like Disease Epidemics

Cybersecurity guru Dan Geer wants the government to treat computer vulnerabilities like diseases, making it obligatory to report them and paying for information on ways to cure them.
The Center for Data Disease Control?
The Center for Data Disease Control?

A cybersecurity guru who works for the U.S. Central Intelligence Agency's venture capital arm has suggested a wholesale solution to the problem of malicious hacking: Treat vulnerabilities as if they are disease outbreaks and make cures publicly available at government expense. This is a brute force approach that would change the rules of what is currently a game of cops and robbers.

Dan Geer, chief information security officer at In-Q-Tel, a CIA-funded nonprofit that looks for new tech to satisfy the agency's needs, outlined his idea in a keynote speech to the Black Hat USA cybersecurity conference in Las Vegas. Geer's timing is spot on: as he spoke, anxiety was spreading about an alleged Russian hack affecting more than 1 billion website accounts, with the company that discovered it only willing to share information with paying customers.