The Heartbleed bug is one example:
The government’s lack of information-sharing with companies was spotlighted last month in a report about the Heartbleed bug, a security flaw that allowed hackers to steal computer users’ passwords and other data.Shawn Henry, the former FBI official who is now president of the cyber-security firm CrowdStrike Services, pointed to December's attack on Target stores as another example of cyber-thefts that often end by 'blaming the victims'.
The National Security Agency had known about Heartbleed for two years before private researchers discovered and repaired it in April, Bloomberg News reported. The NSA used the flaw to exploit computer networks and gain intelligence at the expense of businesses, Bloomberg reported.
Reports about Heartbleed compelled thousands of computer users to change their passwords, the Canadian government to suspend electronic tax filings, and computer companies such as Cisco Systems and Juniper Networks to provide patches to repair their systems.
House and Senate members questioned top managers of Target in hearings this year after the retailer disclosed that it had experienced one of the largest breaches in U.S. history. Hackers broke into its payment systems around Christmas and compromised 40 million customers’ credit and debt card data. Target CEO Gregg Steinhafel resigned last week partly because of fallout from the breach.
Mr. Henry said “blame the victim” attitudes must change if the public and private sectors are to work together on cybersecurity. Many companies are on the front lines of attacks from Russia, China and Iran, which have more technical savvy and finances than the businesses they target, he said.
“Can you imagine if all the houses in the neighborhood were being broken into every single day by a gang that were stealing people’s televisions, raping their family members, and the mayor of the city stood up and said, ‘You haven’t done enough to protect your house. You didn’t have the right alarms on your house, you didn’t have the right locks; therefore, we’re holding you accountable?’” said Mr. Henry. “Can you imagine? That would never happen. The citizens of that community would stand up and say, ‘What are you doing? Where is your chief of police? Why aren’t you arresting people?’
“In cyber, we just say the victims didn’t do enough to protect themselves,” he said.
No comments:
Post a Comment