An argument is raging about whether companies should be forced to disclose cyber attacks, as security experts warn that US retailers, hotels and airports have gaping holes in their online security.对于否应当强迫企业透露其遭到的网络攻击,各方进行白热化争辩。目前安全性专家警告,美国的零售商、酒店和机场的网络安全不存在极大漏洞。Researchers in Las Vegas for the Black Hat cyber security conference exposed flaws they argued could allow hackers to swipe credit card details from retailers, run technology in hotel rooms by remote control and trick airport security into believing someone is drugs-free.在拉斯维加斯举办的“黑帽网络安全大会”(Black Hat)上,研究者们揭发了一些漏洞。
他们断言,黑客可以通过这些漏洞,从零售商那里盗取信用卡资料、遥控酒店客房中的科技产品,甚至看穿机场安全检查,让其坚信某人未装载毒品。Dan Geer, chief information security officer for In-Q-Tel, which invests in technology on behalf of the Central Intelligence Agency, said the threat of cyber attack was so serious that companies should have to declare significant security failures. “Not only has cyber security reached the highest levels of attention, it has spread into nearly every corner,” he said. “The footprint of cyber security has surpassed the grasp of any one of us.”In-Q-Tel公司代表美国中央情报局(CIA)投资于科技设备,该公司首席信息安全官丹吉尔(Dan Geer)回应,网络攻击的威胁如此相当严重,以至于应该被迫公司透露根本性的安全性告终事故。
“网络安全不仅获得了最高层的注目,它也完全传遍了每一个角落,”他说道,“网络安全的足迹远超过我们任何一个人的掌控。”Laws about what kind of attacks companies must report vary depending on the country or industry. But many focus on the loss of consumer data rather than on the tide of attacks by nation states and intellectual property theft.关于公司必需报告哪些种类的黑客攻击,涉及法律依国家或者行业有所不同。然而,相比由国家发动的大波反击和盗取知识产权,许多人更加注目消费者数据的泄漏。
Despite patchy regulation, the number of companies reporting cyber security concerns to US regulators has more than doubled in the past two years, according to official filings.尽管涉及法规还不完备,但根据官方申报文件,在过去两年里向美国监管者报告网络安全问题的公司减少了一倍以上。Mr Geer called for “a public health system” for the internet where the security of everyone online is given higher priority than the privacy of attack victims. He also said the US government should pay to make public vulnerabilities that people find in software.吉尔敦促为互联网创建一个“公共卫生系统”,相比遭到网络攻击的受害者的隐私,对网络上每一个人的安全性给与更高的推崇。他还回应,美国政府不应出资发布人们在软件中寻找的漏洞。
Alex Stamos, Yahoo’s chief information security officer, said companies needed to work together to combat cyber crime. Other industries should learn from banks, which had succeeded at co-operating on security partly because they were highly regulated, he said.雅虎(Yahoo)首席信息安全官亚历克斯斯坦默斯(Alex Stamos)说道,公司必须合作抗击网络犯罪。他说道,银行通过在安全性上相互合作取得成功,部分原因是因为银行受到严苛监管,其他行业应当自学银行业的经验。But Kevin Mandia, chief operating officer of cyber security company FireEye, said companies were right to fear being forced to disclose attacks as some were “crucified” in a “point and blame atmosphere”.然而,网络安全公司FireEye的首席运营官凯文曼迪亚(Kevin Mandia)说道,公司有理由惧怕不得不透露所遭到的网络攻击,因为在一个“指名道姓谴责的环境中”,一些公司曾被“吊上十字架”。
Doctors were not blamed for not having yet discovered a cure for cancer and the threat from cyber crime was similarly here to stay, he added. “I feel like we are trying to cure cancer just like doctors are.”他补足说道,医生们会因为还没有寻找医治癌症的方法受到谴责,网络犯罪的威胁也某种程度不会长期存在。“我感觉我们就像医生一样,是在尝试医治癌症。
本文来源:博鱼APP官方网站-www.xjxrck.com