Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sony Hires Former Homeland Security Infrastructure Protection Chief

Posted by Unknown on from the how-long-until-the-next-infiltration dept.

jmobley6030 writes with a bit in Gamer Gaia about Sony pulling out the big guns for their security infrastructure. Quoting: "Months after the great PlayStation network attack things are starting to get back to normal around the gaming world. While it doesn't seem like another hack attempt will take place anytime soon Sony is fearful that it could happen again. Sony announced today via their corporate news feed that they have hired Philip R. Reitinger, a former Homeland security official, as Chief Information Security Officer at Sony."

12 of 68 comments (clear)

  1. great by demonbug · · Score: 2, Funny

    Now I won't be allowed to wear shoes when I sign on to PSN.

    1. Re:great by Dunbal · · Score: 3, Insightful

      You just won't be able to log in. Instead you'll get a screen saying "The System Worked!"

      --
      Seven puppies were harmed during the making of this post.
    2. Re:great by interkin3tic · · Score: 2

      Which shouldn't bother you if you don't have any gross ingrown toenails or foot fungus to hide from the eyetoy.

  2. DHS Official ... For Security? by WrongSizeGlass · · Score: 2

    They hired a former DHS official for help with their security? Are we sure he's not going to be a liaison between Sony's IP and Washington DC lawmakers?

  3. Exactly the wrong guy. by elucido · · Score: 5, Insightful

    Sony is picking the sort of guy who wont know what hes doing, who seems to have no ties to the hacker community, who graduated from Yale so he's going to seem like another elitist. If you look at who he has worked for, he's connected to governments and law enforcement which goes to show what Sony's priorities are.

    Sony should be hiring from within the hacker community. Hiring this guy wont accomplish a damn thing, while this guy might know about the community from the big brother pro government perspective it's very unlikely he will actually understand the community from the perspective of someone who was actually a part of it.

    Sony and companies in this position need to start hiring some of these hackers. Look at the situation, you have thousands of young talented hackers. As the unemployment rate rises, they'll be easily recruited or much more likely to join organizations like Anonymous.
    The best thing Sony could do is hire some of these people, the policy of arresting hackers is dumb. It's like arresting amateur scientists, or arresting mathematicians. The fact that they selected this guy shows me they are focused on arresting them and are going to treat it as a low enforcement problem rather than as a technical and cultural problem.

    Sony's problems are technical and cultural. Technical because they design their products in a way so they can only make money with absolute control over how the products are used but then they don't even know how to maintain that control technologically, and second they typically take stances which go against the wishes of millions of people in the hacker community, the gaming community, etc. They simply don't care at all about the customer, the fan, the hacker, the people who buy their products. This lack of respect for the culture of those who buy the product is the main part of the problem.

    And this new guy they hired does not seem to come from the sort of backround that most gamers, hackers, or fans come from. He's a hyper connected lawyer who happens to know computer science. When they should have found someone who knows computer science and who happens to understand the law, with connections to the hacker community as well as to the government. This guy is going to be seen as an outsider, a government suit and the hackers are going to attack Sony harder.

    1. Re:Exactly the wrong guy. by brkello · · Score: 2

      You want a hacker to run security? That's just stupid. You want a manager who knows how to hire people who have the right skill set to protect a network. And the whole concept of hiring hackers is a bit naive. Hacking in to Sony is fun. Protecting Sony from hackers on a day to day business is hard work. Of course, a hacker doesn't need to hack once they have internal access...so not too brilliant there either. There are security professionals out there who are equipped with the knowledge of how to hack in to and protect systems. Hiring hackers is one of those things that sounds good to the masses...like lower taxes...but there is more to it than just that.

      --
      Support a great indie game: http://www.abaddon360.com
    2. Re:Exactly the wrong guy. by HighWizard · · Score: 2

      Sony already has a Senior Executive (that is a hacker) working for them. Interestingly enough, his division actually took security seriously and was not breached. He's Senior Director of Sony PlayStation Worldwide Studios and in his free time runs that DefCon Network.

    3. Re:Exactly the wrong guy. by stephanruby · · Score: 2

      Aside from the Law degree he got from Yale, which could prove he's an elitist (but at least not a complete idiot). He also graduated from Vanderbilt University with a Bachelor of Electrical Engineering and Computer Science degree.

      So at least, he comes from a technical background if nothing else, so it's not all bad.

  4. Come on, perfect fit! by SuperKendall · · Score: 5, Insightful

    A movie company hiring the chief of Security Theater. What's wrong with having a merger of two largee entertainment forces?

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  5. They keep thinking it's about law enforcement by elucido · · Score: 2

    But it's not about law enforcement. It's about politics and just like you can't change people politically by mass arrests, you can't threaten to arrest hackers and expect that to stop an organization like Anonymous. These organizations see Sony as an existential threat.

    You cannot solve a political problem with law enforcement. Sony if they were smart would hire some of the hackers in the hacker community. Adopt a new culture which accepts and embraces the hacker community, and over time their stock will rise in the hacker community and then they could have better security by working with their hacker community ties. The problem is they are going entirely authoritarian, which is exactly the wrong direction to go politically if they want any sort of political cover or to not be seen as the most evil. I mean to hire the head of some government agency, a guy who if you look at his resume and record seems to have absolutely no experience with the hacker community, the gaming community, nothing whatsoever. He went to school for computer science and then went to Yale of all possible schools for law.

    What is this man's backround? What are his political beliefs? Is he just another law and order government robot type who wants to make arrests and solve crimes? If that's all he is, he's exactly the wrong sort of person. What is his technical skill level? Does he have any skill outside of the classroom? Once again the government types usually think anything can be learned in the classroom setting, and that this setting can make up for the lack of actual experience in the hacking community. I'm talking about the IRC channels, the knowledge of the various groups, but most importantly knowing who is what.

    I will assume since this guy headed a government agency that he either would know the hacker community inside out or he should have a connection to someone who does. The problem is if the only thing he plans to do is outlaw their activities and then find ways to arrest them, this isn't going to be very popular. More lawsuits? More arrests? More busts? That is more potential talent that goes to waste sitting in prison or in jail.

    Sony has a cultural problem. Sony as a corporation has an authoritarian culture. A culture where Sony must have absolute control over everything in order to make a profit. This culture has to change, and it's more important to change this culture than to simply arrest all the anti-authoritarian hackers who don't share that culture. It's also more efficient to hire some of these hackers than to just arrest. And of course the guy they choose to solve all their problems at least from his backround and resume, looks to be another authoritarian type.

    I can hope that he's different but given Sony's history, and given his resume, he's exactly the sort of character that Anonymous is going to gobble up. This could actually cause Sony to get attacked more frequently. Sony likely was thinking that this guy has connections to the feds, has at least some backround in computer science, and has a law degree from Yale with plenty of experience working for X amount of companies. This is all well and good but if this guy were serious, and were a part of the community, he would be giving an interview with Slashdot.

  6. Corporate culture is the source of the problem. by elucido · · Score: 2

    This guy was hired to run their security. Hiring a hacker will be helpful for understanding your attackers, but a hacker will understand the corporate culture about as much as Mr Reitinger will understand the gamer/hacker/fan community. Hire former hackers a soldiers in your security arsenal but generals need to be able to survive the corporate ranks.

    Corporate culture is what is causing Sony to be targeted. Sony is the target of hackers because their culture is so messed up, so authoritarian, that most hackers find it completely unacceptable and they try to spread their culture through their products with lockins, lock downs, and all kinds of bs. It's that culture which I advocate should be changed in order to save Sony.

    Because if they keep their authoritarian corporate culture, sure they can hire this guy who might understand that culture but then they run the risk of not understanding the hacker culture or wider internet culture in general which is the source of all their problems. They need to hire a sociologist or an anthropologist because they just have not been able to adapt to the internet age at all.

    1. Re:Corporate culture is the source of the problem. by elucido · · Score: 2

      The first time your Hypothetical Hacker gets rubbed the wrong way by corporate he'll torch Sony's security from the inside out. Sony's corporate culture may be antiquated but corporations are the antithesis of the hacker mentality. Sony doesn't want to change their ways - they just don't want to be p0wn'd on a regualr and continuing basis.

      That's just not true at all. Not every hacker is like that. That's like saying every programmer on your development team, if you just piss the wrong one off he could write a virus and fuck the system up. Sure that's possible but that's why you don't hire just any random hacker, you hire the ones who are psychologically stable. If someone gets mad and sabotages the company that is because they are psychologically unstable, just like that guy who brought a gun to work and shot everyone up, that could happen too but that doesn't mean we should stop hiring.

      If necessary, they should give a psychological exam or read the guys history to make sure he's not the sort of person to do that. But he also should have in his history something which can connect him to the community. Maybe he was a white hat for example, or maybe he contributed to some open source projects or started one, or maybe he hosted a website. No one is advocating that you hire the irresponsible black hat into the top management position.