As an unprecedented global cyberattack unfolds, it has brought the intelligence community's handling of cybersecurity vulnerabilities they discover into question.
"There is a process in place, a White House driven process where the intelligence community comes and says these are things that we found, flaws we think we might be able to use," former CIA officer John Sipher told CNBC on Monday.
He says the decision to withhold information about a cybersecurity flaw that could leave a company vulnerable isn't made lightly. "Most serious leaders in the intelligence community understand that just using these type of things and not working with a private partnership, this causes a bigger problem," he said.
The WannaCry ransomware attack, which leverages a leaked NSA hacking tool that exploits Microsoft Windows vulnerabilities, has affected over 200,000 computers in 150 countries. Microsoft on Sunday published a blog post criticizing governments for stockpiling exploits to use as cyber weapons, instead of revealing them to companies so they can fix them.
But Sipher says in the cases where the agency chooses to exploit a system's flaw instead of telling the company to fix it, there is usually a good reason. "Some we think because the targets they're going after are particularly interesting that we want to it use, and so that balance is taken very seriously," said Sipher.
He added, "That's a process that is done with the National Security Council and that discussion is taking place and I have to say that the NSA and others are very careful about this they don't try to stockpile things to use on their own," said Sipher. "They understand the importance of the U.S. commercial sector and that we need to get those things and help them be patched," he said.
"But there are certain cases that are so important we want to use those vulnerabilities for the short window that we can."
Watch: Tech cos. livid over ransomware attack