Facebook security boss says its corporate network is run “like a college campus”

Facebook security boss says its corporate network is run like a college campus (http://www.zdnet.com)

Technology

In July of 2017, Alex Stamos Facebook’s Security Chief told employees in a conference call that the company isn’t doing enough to respond to growing cyber threats: in fact, with Facebook’s “move fast” mantra, the vault that stores the keys to a billion lives is (deliberately) run like a college campus, but has the threat profile of a defense contractor, he said.

The threats that we are facing have increased significantly, and the quality of the adversaries that we are facing. Both technically and from a cultural perspective, I don’t feel like we have caught up with our responsibility.

The way that I explain to [management] is that we have the threat profile of a Northrop Grumman or a Raytheon or another defense contractor, but we run our corporate network, for example, like a college campus, almost.

We have made intentional decisions to give access to data and systems to engineers to make them ‘move fast,’ but that creates other issues for us.

The comments were part of an internal talk to employees during which he discussed the challenges Facebook had with keeping its networks secure, amid a growing danger of state-sponsored actors and advanced persistent threats, which in some cases have near-limitless resources.

For his part, Stamos, when reached, said that he had used the “college campus” line several times internally to describe challenges that the company faces, and used it as a figure of speech.

“My team runs network security for the company, and of course we secure it thoroughly,” he said Thursday.

Stamos denied that the comments were a criticism of the company’s management. “They care a great deal,” he said. “It’s not a criticism of anybody, just a statement of why our team needs to be creative in how we protect our corporate network.”

…….Continue reading at http://www.zdnet.com

My Two Cents: I would locate the Facebook employee or contractor that tapped this phone call that leaked this information to zdnet. Cyber Security teams are facing very tough challenges. The bad guys can be wrong multiple times, the Cyber Security teams cannot be wrong once… but we can all learn from our mistakes. I am sure the next conference call will be secure.

North Korea Escalating Cyber-Attacks

North Korea Escalating Cyber-Attacks With Little Fear of Retaliation (http://www.eweek.com)

Technology

Online attackers from North Korea reportedly stole confidential military documents, including war contingency plans drawn up by U.S. and South Korean forces. Without any downside, such attacks will continue, security experts say.

The data, part of a massive haul of 235 gigabytes taken during an intrusion spanning the months of August and September 2016, was only recently identified as the South Korean government pieced together what was taken.

Lee Cheol-hee, a South Korean lawmaker and member of the parliamentary defense committee, said that attackers had infiltrated the Defense Integrated Data Center, according to The Washington Post. The stolen data includes war plans and a scheme to assassinate North Korean dictator Kim Jong-un in the event of war, according to the South Korean lawmaker. The attack happened last year, but only 20 percent of the documents have so far been identified.

…….Continue reading at www.eweek.com

My Two Cents: I read that the documentation stolen was located in a network not connected to the internet. That a so called maintenance port was accessed with a laptop that acted as a go between the North Koreans and the South Korean systems. I am shocked that such a high classified network did not alert the South Koreans that a unknown device had attached itself to their system and was accessing data. But of course spies have access if they are already in the inside and are authorized access. I would review all the authorized user access records and locate the spies within the organization…. but then again don’t believe what you read…