Sign up for our daily briefing

Make your busy days simpler with the Axios AM and PM newsletters. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to the Axios Closer newsletter for insights into the day’s business news and trends and why they matter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios Pro Rata

Dive into the world of dealmakers across VC, PE and M&A with Axios Pro Rata. Delivered daily to your inbox by Dan Primack and Kia Kokalitcheva.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with the Axios Sports newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with the Axios Des Moines newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with the Axios Tampa Bay newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Nashville news?

Get a daily digest of the most important stories affecting your hometown with the Axios Nashville newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Columbus news?

Get a daily digest of the most important stories affecting your hometown with the Axios Columbus newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Dallas news?

Get a daily digest of the most important stories affecting your hometown with the Axios Dallas newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Austin news?

Get a daily digest of the most important stories affecting your hometown with the Axios Austin newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Atlanta news?

Get a daily digest of the most important stories affecting your hometown with the Axios Atlanta newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Philadelphia news?

Get a daily digest of the most important stories affecting your hometown with the Axios Philadelphia newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Chicago news?

Get a daily digest of the most important stories affecting your hometown with the Axios Chicago newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top DC news?

Get a daily digest of the most important stories affecting your hometown with the Axios DC newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Illustration: Sarah Grillo/Axios

Security experts are drawing differing lessons from the latest report of the alleged use of secret NSA hacking tools by a criminal group. Some argue the NSA needs more oversight, while others say that organizations need to be more vigilant about updating the systems the NSA tools target.

The big picture: These two remedies aren't mutually exclusive. But neither is easy to achieve. 

Driving the news: The debate flared after the New York Times reported that attackers responsible for Baltimore's recent ransomware incident used a program believed to be created by the NSA.

  • The same program was at the center of WannaCry, a landmark global malware disaster in 2017.
  • All it takes to stop that program's line of attack is to update Windows.

Background: The NSA code, known as EternalBlue, leaked in 2017 as part of a year-long dump of agency files online by a cryptic hacker group called the Shadow Brokers.

  • EternalBlue can be used to turn Windows malware into worms — malicious code that spreads by itself from machine to machine.
  • By the time of the WannaCry outbreak, Microsoft had already released a patch that protects Windows systems from EternalBlue.

Between the lines: Whether the NSA needs more oversight in developing tools has no bearing on whether people should patch, and vice versa. And fully achieving either solution alone might not be possible.

  • While there are a ton of bad reasons organizations delay patching systems, there are good reasons, too. Installing untested updates can create chaos for niche software and hardware.
  • And there's already more oversight in place for agencies than most people realize.

Details: The executive branch does have an oversight structure in place, known as the vulnerabilities equities process. Any time agencies want to keep a vulnerability they discover secret so it can be used for surveillance, they have to make their case in front of a special interagency panel.

  • "The VEP is meant to be a risk minimizing process, but that doesn't mean there is no risk," said Michael Daniel, current president and CEO of the Cyber Threat Alliance and the former cybersecurity coordinator at the Obama White House when the VEP was created.
  • The process takes into account the possibility that a vulnerability might be leaked, stolen or discovered, but that will always be a risk, since there's always a chance a target will intercept a tool.
  • Nonetheless, Daniel argues, most Americans wouldn't want to place severe limits on the use of such tools that the intelligence community couldn't do its job.

Where it stands: After WannaCry, it's likely that the VEP has already adopted a stricter approach toward approving "wormable" tools.

  • We know from WannaCry and subsequent attacks that organizations are slow to apply patches. That's a consideration in the process.
  • When the Trump administration posted the criteria for the VEP in 2017, one of them read: "Will enough [U.S. systems] actually install [a] patch to offset the harm to security caused by [adversaries using a] vulnerability?"
  • Daniel notes that even pre-WannaCry, wormable tools don't mesh well with the U.S. intelligence philosophy. Security researchers outside the government often comment on the relative restraint observed by modern U.S. government-built malware to avoid hitting unintended targets.

The bottom line: Ultimately, there may be less room to build out oversight than critics hope and a ceiling to how much applying updates can improve security.

Go deeper

Federal judge blocks Biden's vaccine mandate for federal workers

President Biden speaking from Eisenhower Executive Office Building on Jan. 21. Photo: Yuri Gripas/Abaca/Bloomberg via Getty Images

A federal judge in Texas blocked the Biden administration from enforcing its coronavirus vaccine mandate for federal workers on Friday, citing the outcome of last week's Supreme Court ruling that nullified the administration's vaccine-or-test requirement for large employers.

Why it matters: It's a blow to President Biden's efforts to increase the U.S.' vaccination rates, though much of the federal workforce has already been vaccinated against the virus.

Updated 3 hours ago - Politics & Policy

Omicron dashboard

Illustration: Brendan Lynch/Axios

  1. Health: Pfizer and Moderna boosters overwhelmingly prevent Omicron hospitalizations, CDC finds — Omicron pushes COVID deaths toward 2,000 per day — The pandemic-proof health care giant.
  2. Vaccines: The case for Operation Warp Speed 2.0 — Starbucks drops worker vaccine or test requirement after SCOTUS ruling — Kids' COVID vaccination rates are particularly low in rural America.
  3. Politics: Biden concedes U.S. should have done more testing — Arizona says it "will not be intimidated" by Biden on anti-mask school policies.
  4. World: American Airlines flight to London forced to turn around over mask dispute — WHO: COVID health emergency could end this year — Greece imposes vaccine mandate for people 60 and older — Austria approves COVID vaccine mandate for adults.
  5. Variant tracker
Updated 4 hours ago - Economy & Business

Janet Yellen co-opts Reaganomics phrase for new Davos speech

Treasury Secretary Janet Yellen at a speech this week. Photo: Alex Wong/Getty Images

The U.S. needs to focus on increasing its productive potential, Treasury Secretary Janet Yellen told world leaders Friday, calling for what she terms "modern supply side economics."

Why it matters: She co-opted a phrase traditionally used by political conservatives to describe low-tax and deregulatory policies — and framed the Biden administration's initiatives as the best path forward to achieve greater national prosperity.