Play NetworkWhat organization and technical failures led to the April 2011 data breach on the PlayStation Network?One of the problems that cause this failure at Sony was that play station network was using the older version of apache web server software that had well known security issues which for a big operation like Sony data encryption is needed to protect their customers. Another reason was that Sony’s websites had very poor firewall protection which was reported months before the incident. Usually security breaches are result of management failure to take care of security risk, unwillingness to spend expensive security measures, lack of training, and outdated software. For example Sony has been criticized for the fact that the hackers have apparently been able to copy the data directly, implying it was not encrypted.
Can Sony be criticized for waiting 3 days to inform the FBI?Yes, even though Sony was a victim of this attack but trying to protect themselves and their reputation or what other reason they were suppose to report this immediately. Protecting individual’s personal data is the highest priority and ensuring their privacy is also essential. They should take responsibility for obligations to their customers and work with FBI to solve the issue right away. Of course because of this and other similar issues there are now new policies issued by government for organizations to protect the individuals. For example data accountability and trust act of 2011; it requires firms to establish security requirements, notifying individuals immediately and major credit cards.
Santiago, April 20, 2012, 4:42 PM
Mr. Gatto, Thank you for your work in this matter, and I’d like to take this opportunity to thank you all for the contributions of members of the American Academy of Arts and Sciences, to National Institutes of Health for their support and your work in this case. A lot of of these ideas have been put forward because people who work with us, or who look at our reports and we all talk about things, often find that people are actually making those mistakes or we don’t really know where the errors are coming from but we are very much working on them so there’s a lot of work ahead of us. The American Academy of Arts and Sciences has received this very important training, our work on this issue of privacy and human information has been tremendously significant and has been extremely popular in a number of areas across the world. Thank you for having me,
Santiago, April 21, 2012, 5:10 PM
“We have a problem if you don’t do this, we’re going to do it.” – Richard Gant
Santiago, April 22, 2012, 10:12 PM
Mr. Gatto: The question I get is this question like this: Why were you interested in helping the FBI investigate the theft of personal information of people we don’t know, with no obvious reason, and why can’t you do that? The answer to this isn’t an answer unless you believe the right people did this, and in doing so you’ve done a very good job.
A great deal of work has gone on. The National Institute of Standards and Technology has helped create and support a long list of organizations. This includes our research, which has been done in collaboration with the Federal Bureau of Investigation, and the National Institute of Standards and Technology; our technology have used this to identify all data and data breaches as of this time, making very clear to our customers and colleagues that they must not be a cause of them stealing information and they have to take action now.
Santiago, April 22, 2012, 11:18 PM
Linda Gant: I want to respond to a lot of questions and comments. First of all I want to start with this question. A few months ago you mentioned the role of the FBI in the incident involving the Sony Pictures Entertainment video from May 7th to 8th. At the time you announced this, the FBI in response only had a brief statement that only the Justice Department could confirm or deny. Did you do something to cover up it so the American Academy of Arts and Sciences could have seen that something like this was happening? A brief statement was put out that they had discovered the footage through a means that wouldn’t have been disclosed by people in positions of influence if they didn’t know that the government had investigated it. As of May 2012 we were informed that they had only identified the footage by their own information security experts. It was only at the time that this was publicly disclosed that we decided not to say a word so there was very