An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Home : News
NEWS | March 3, 2017

Stockpiling Zero-Day Exploits: The Next International Weapons Taboo

By Dr. Paul Maxwell

In the current state of global affairs, a market exists for zero-day exploits where researchers, nation states, industry, academia, and criminal elements develop, buy, and sell these commodities. Whether they develop zero-days or purchase them, nation states commonly stockpile them for the future. They may then use them for purposes such as: espionage, offensive cyber operations, or deterrent effect. The immediate effect of this stockpiling though is that the exploit is not divulged to the public and  is therefore not remediated. In our increasingly networked and code dependent world, this creates the potential for a cyber disaster with yet unimaginable impacts on global stability. It is therefore imperative that nation states responsibly divulge zero-day exploits through an international framework for the global good. Moving from the current state of affairs to one where responsible release of zero-day exploits is the norm will not be easy. There are many stake holders who argue that keeping stockpiles is beneficial or that this is an area that is not feasible to regulate. However, as we have seen with weapons such as nuclear, chemical, and biological weapons, it is possible to develop international regimes that prohibit the use of such weapons due to their extraordinary capabilities and impact. Alternatively, should these exploits be seen as equally pernicious as contagious diseases, nations may join together to form organizations similar to the WHO that can address international cyber issues. If a taboo against the use of zero-day exploits can be established, i.e., we make their use morally illegitimate, the security of all users will be improved.

 

READ MORE

 

PUBLICATIONS
What Does the Future Hold for Jack Voltaic Cyber Exercise?
September 25, 2024

Data Privacy and Security as a National Security Imperative
October 30, 2023

Command by intent can ensure command post survivability
August 29, 2023

The Tipping Point for Army Distributed Command and Control
August 1, 2023

Acknowledging the Realities of the Cyber Workforce
July 20, 2023

The Buzz About Electromagnetic Pulse Weapons
July 19, 2023

Book review: ‘On Disinformation’ by Lee McIntyre
July 19, 2023

IRREGULAR WARFARE PODCAST: EXPLORING CYBER POLICY IN THE DEPARTMENT OF DEFENSE
June 20, 2023

ARE WE ASKING TOO MUCH OF CYBER?
May 3, 2023

West Point hosts Joint Service Academy Cybersecurity Summit as industry, government collaborate to defend against cyber threats
April 13, 2023