Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cloud
    • Cloud
    • Cybersecurity
    • IT Management
    • Networking

    Sony Names Ex-DHS Director to Oversee Security Strategy

    By
    Fahmida Y. Rashid
    -
    September 6, 2011
    Share
    Facebook
    Twitter
    Linkedin

      Philip Reitinger, former director of the United States National Cyber-Security Center, a division of the Department of Homeland Security, will be joining Sony as a chief information security officer, Sony said Sept. 6.

      The appointment is effective immediately and Reitinger will become a senior vice-president, reporting directly to general counsel Nicole Seligman, according to Sony.

      Shortly after unknown attackers breached the PlayStation Network, Sony Online Entertainment and Qriocity music and video service, Sony said it would name a chief information security officer to oversee the company’s security strategy. Reitinger will fill this newly created position and will oversee privacy and Internet security across the electronics and entertainment conglomerate’s range of businesses.

      “He will oversee information security, privacy and Internet safety across the company, coordinating closely with key headquarters groups and working in partnership with the information security community to bring the best ideas and approaches to Sony,” said Sony in a statement.

      Attackers breached Sony’s servers to steal user account information from PSN, SOE and Qriocity in mid-April and early May. Sony claimed the breach had occurred while the company was distracted by the distributed-denial-of-service attacks from Anonymous protesting the company’s lawsuit against PlayStation 3 hacker George “GeoHot” Hotz.

      Gene Spafford, a Purdue University professor of computer science who is head of the U.S. Public Policy Council of the Association for Computing Machinery and the executive director of the Center for Education and Research in Information Assurance and Security testified before Congress that Sony was running an obsolete version of the Apache Web server software and did not have any firewalls in place. The services remained offline for nearly a month as Sony worked to rebuild the infrastructure, but issues remained on its other properties, as hacker groups such as LulzSec amply demonstrated in May.

      Sony CEO Howard Stringer told the Wall Street Journal shortly after the breaches became public that “nobody’s system is 100 percent secure,” and that these types of attacks were inevitable in the current security landscape. “It’s not a brave new world; it’s a bad new world,” Stringer told the newspaper at the time.

      The outage and the subsequent rebuilding may have already cost Sony approximately $175 million.

      Security experts and industry watchers criticized Sony for not having had a CISO prior to the breaches. “How can a worldwide company with billions in revenue and an even larger market cap not have a CISO? It boggles the mind,” Phil Blank, an analyst in the security, risk and fraud practice area at Javelin Strategy & Research, wrote on the market research firm’s blog in May.

      The company has not directly responded to the criticism, just saying it would review and update its online security systems. It has also promised new security measures, including new firewalls, “automated software monitoring and configuration management” to defend against new attacks, Sony has also said it will provide “enhanced levels” of data protection and encryption and “enhanced ability” to detect software intrusions within the network as well as unauthorized access and unusual activity patterns. .

      Not having a CISO meant that “Sony’s entire network and application architecture must be considered suspect,” as there was no infrastructure in place to ensure that governance, risk and compliance was taking place, according to Blank. It was clear that the lack of security awareness went “far beyond” just the compromised cloud services, but was “built-in to every Sony Web presence,” Blank wrote.

      The company claimed the security issues were in the past at the IFA consumer electronics conference in Berlin, Germany earlier this month. “This year, we at Sony have been flooded, we’ve been flattened, we’ve been hacked, we’ve been singed, but the summer of discontent is behind us,” Stringer said at a press conference, referring to the devastating earthquake in Japan and the data breaches.

      PSN is “more secure and better than ever,” Stinger said, claiming that the company has added more than 3 million new customers since the networks were restored in mid-May.

      The breaches were a “catalyst” for appointing Reitinger, a Sony spokesperson told Reuters, adding, “We are looking to bolster our network security even further.” Reitinger is expected to start a formal review of Sony’s computer networks, the company said.

      Reitinger was a chief trustworthy infrastructure strategist at Microsoft and deputy undersecretary of the National Protection and Programs Directorate at the Department of Homeland Security before being named as director of NSCS. He left DHS in May after the White House released its cyber-security proposal for Congress. He also worked on cyber-security for the Justice and Defense Departments.

      Fahmida Y. Rashid

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×