All that keeps popping in my mind is: Why come out and announce this?

The malware, one congressional official said, was essentially “a ticking time bomb” that could give China the power to interrupt or slow American military deployments or resupply operations by cutting off power, water and communications to U.S. military bases. But its impact could be far broader, because that same infrastructure often supplies the houses and businesses of ordinary Americans, according to U.S. officials.

The first public hints of the malware campaign began to emerge in late May, when Microsoft said it had detected mysterious computer code in telecommunications systems in Guam, the Pacific island with a vast American air base, and elsewhere in the United States. But that turned out to be only the narrow slice of the problem that Microsoft could see through its networks.

The only reason they’re worried about this is because they have done the same thing.

Is that the same government that keeps a backlog of zero-day exploits to spy on people?

We need to move from offense (keeping exploits/bugs a secret, keeping systems vulnerable, hacking other countries/people) to defense (keeping our citizens’ systems secure, being legally required to disclose vulnerabilities so that they can be fixed).

You cannot complain about “the Chinese/Russians/Marsians) are hacking us!!1!” when it is at least partially your fault that they are able to do so in the first place.

This applies to a lot of governments, not just the US.