安全專家警告網絡安全漏洞

An argument is raging about whether companies should be forced to disclose cyber attacks, as security experts warn that US retailers, hotels and airports have gaping holes in their online security.

對於是否應該強制企業披露其遭受的網絡攻擊，各方展開激烈爭論。目前安全專家警告，美國的零售商、酒店和機場的網絡安全存在巨大漏洞。

Researchers in Las Vegas for the Black Hat cyber security conference exposed flaws they argued could allow hackers to swipe credit card details from retailers, run technology in hotel rooms by remote control and trick airport security into believing someone is drugs-free.

在拉斯維加斯舉行的“黑帽網絡安全大會”(Black Hat)上，研究者們揭露了一些漏洞。他們斷言，黑客可以通過這些漏洞，從零售商那裏竊取信用卡資料、遙控酒店客房中的科技產品，甚至騙過機場安檢，讓其相信某人並未攜帶毒品。

Dan Geer, chief information security officer for In-Q-Tel, which invests in technology on behalf of the Central Intelligence Agency, said the threat of cyber attack was so serious that companies should have to declare significant security failures. “Not only has cyber security reached the highest levels of attention, it has spread into nearly every corner,” he said. “The footprint of cyber security has surpassed the grasp of any one of us.”

In-Q-Tel公司代表美國中央情報局(CIA)投資於科技設備，該公司首席信息安全官丹•吉爾(Dan Geer)表示，網絡攻擊的威脅如此嚴重，以至於應當迫使公司披露重大的安全失敗事故。“網絡安全不僅得到了最高層的關注，它也幾乎傳到了每一個角落，”他說，“網絡安全的足跡超出我們任何一個人的掌握。”

Laws about what kind of attacks companies must report vary depending on the country or industry. But many focus on the loss of consumer data rather than on the tide of attacks by nation states and intellectual property theft.

關於公司必須報告哪些種類的黑客攻擊，相關法律依國家或者行業有所不同。然而，比起由國家發起的大波攻擊和竊取知識產權，許多人更關注消費者數據的泄露。

Despite patchy regulation, the number of companies reporting cyber security concerns to US regulators has more than doubled in the past two years, according to official filings.

儘管相關法規還不完善，但根據官方申報文件，在過去兩年裏向美國監管者報告網絡安全問題的公司增加了一倍以上。

Mr Geer called for “a public health system” for the internet where the security of everyone online is given higher priority than the privacy of attack victims. He also said the US government should pay to make public vulnerabilities that people find in software.

吉爾呼籲爲互聯網建立一個“公共衛生系統”，比起遭受網絡攻擊的受害者的隱私，對網絡上每一個人的安全給予更高的重視。他還表示，美國政府應出資公佈人們在軟件中找到的漏洞。

Alex Stamos, Yahoo’s chief information security officer, said companies needed to work together to combat cyber crime. Other industries should learn from banks, which had succeeded at co-operating on security partly because they were highly regulated, he said.

雅虎(Yahoo)首席信息安全官亞歷克斯•斯坦默斯(Alex Stamos)說，公司需要合作抗擊網絡犯罪。他說，銀行通過在安全上相互合作取得成功，部分原因是因爲銀行受到嚴格監管，其他行業應該學習銀行業的經驗。

But Kevin Mandia, chief operating officer of cyber security company FireEye, said companies were right to fear being forced to disclose attacks as some were “crucified” in a “point and blame atmosphere”.

然而，網絡安全公司FireEye的首席運營官凱文•曼迪亞(Kevin Mandia)說，公司有理由害怕被迫披露所遭受的網絡攻擊，因爲在一個“指名道姓指責的環境中”，一些公司曾被“釘上十字架”。

Doctors were not blamed for not having yet discovered a cure for cancer and the threat from cyber crime was similarly here to stay, he added. “I feel like we are trying to cure cancer just like doctors are.”

他補充說，醫生們不會因爲還沒找到治癒癌症的方法受到指責，網絡犯罪的威脅也同樣會長期存在。“我感覺我們就像醫生一樣，是在嘗試治癒癌症。”