If there is significant malicious activity occurring on private networks, does the government have an obligation to intervene?
Managing Partner & CISO in Software, 11 - 50 employees
It would have been within the purview of the government and the telecommunications companies to say, “We see these systems doing something bad so we're going to drop them from the internet and not allow them to connect until they're clean.” To literally hack a private entity's system and take files from it that support an investigation is very different. The government didn't try to take action this way during NotPetya. This action wasn't about compromised exchange servers being used as launch off points. The FBI operation targeted vulnerable exchange servers and hacked them to make changes. These were risks resident to the entity that was then revictimized by the US government.
Board Member, Advisor, Executive Coach in Software, Self-employed
I wonder if there was some potential sealed component to the subpoena which disclosed that the vulnerabilities were actually causing harm. They may not have wanted to expose that for national security reasons.
Think back to the San Bernardino shooting several years ago and the iPhone issue with the FBI. I think Apple handled it the right way and the FBI fumbled that ball. It makes you wonder if there's a precedent-setting calculus for them to be able to either take action independently or compel a company to act.
Director of Information Security in Manufacturing, 1,001 - 5,000 employees
I believe yes, but it is definitely a 'slippery slope'.We have a shared responsibility to keep critical infrastructure safe and if an individual party does not step up to that responsibility then the government should be able to step in. Having said that, there has to be a really dire need.
I would compare it to being in my house, and what I do there is not the business of the government, but if there are really strong indicators that something bad is happening then intervention may be warranted.
CIO, Senior VP in Finance (non-banking), 1,001 - 5,000 employees
Not intervene, but they should help to support private industry in their efforts. Partnering with Law Enforcement is keyContent you might like
Yes, it's crucial for a fair internet11%
Yes, with a balanced approach56%
Not sure, need more info22%
Cautious about overregulation11%
No, let competition prevail0%
9 PARTICIPANTS
Chief Information Security Officer in Software, 5,001 - 10,000 employees
As a CISO or head of security, your role should include managing capacity and communicating effectively with the executive team. When capacity constraints could prevent you from achieving your security goals, it is important ...read moreRead More Comments
Chief Information Officer in Healthcare and Biotech, 1,001 - 5,000 employees
Our quickest spend reduction came from end point standardization and the narrowing of standard equipment to a menu of options. A standard replacement scheduled was implemented allowing a reliable prediction of endpoint costs. ...read more
When it comes to public safety, the government has an obligation to act but through policy and law. If the FBI action was proportional to the risk involved, we would have heard about it through the National Cyber-Forensics and Training Alliance (NCFTA). As an industry, we have cybersecurity professionals with clearances on the operations floor. And there wasn't a peep from our industry.