Expert Nate Kube Weighs In on Cybersecurity Silence
A Recent New York Times Editorial Alleges That Many American Companies Are Mysteriously Silent on the Subject of Cybersecurity -- Provoking a Response From Nate Kube
VANCOUVER, BC -- (Marketwire) -- 03/18/13 -- A recent New York Times editorial alleges that most American companies are "disturbingly silent" on the subject of cybersecurity -- a pointed observation that has garnered the attention of cybersecurity professional Nate Kube. The editorial notes that one company, Google, was upfront about attacks it received from Chinese hackers; by and large, however, the editorial notes that most American corporations are reluctant to disclose any instances of cyber attacks, perhaps for fear of how these disclosures will play with investors and with consumers. Nate Kube has issued a new statement to the press, responding to the New York Times editorial and to the allegations of cybersecurity silence.
The editorial goes as far as to suggest that, for many companies, a failure to disclose instances of cyber attack may actually violate the obligations of publically traded companies. The article notes that companies would not hesitate to disclose information about an important factory burning to the ground, yet attitudes are different when it comes to cyber attacks. The New York Times article allows that losses from cyber attacks are often hard to quantify, but notes that they are never costless.
The editorial goes on to say that an even bigger problem with failing to disclose cyber attacks is that it makes it more difficult for other companies -- and for government bodies -- to do their part in preventing further cyber attacks. In his statement to the press, Kube confirms this, noting the importance of information sharing in the fight against cyber attacks.
"There have been clear benefits from increased information sharing in IT security," states Kube. "The attackers are already doing a great job sharing information between groups, and in order for security providers to keep up, we will need to get better at sharing information, as well."
Continues Kube, "There are, however some key differences between IT systems and the control systems that run our critical infrastructure. Many of the control systems were not designed with security in mind, and vulnerabilities can be very difficult and time consuming to correct. Publicizing security breaches on critical infrastructure can disclose an attack vector that may not be quickly fixed to a greater audience of attackers and result in increased risk. For the systems running critical infrastructure, we need to strike a balance between sharing information and opening ourselves to attack. A good place to start is by improving communication between system operators and device manufacturers to shorten the cycle from the discovery of the vulnerability to the creation of a solution."
Nate Kube is the Chief Technology Officer of the cybersecurity firm Wurldtech.
Nate Kube is the Chief Technology Officer for Wurldtech, a company that provides comprehensive cybersecurity professional services, products, and certifications to manufacturers and asset operators around the world. Kube is a subject-matter expert, particularly with regard to cybersecurity for embedded devices. He has an expansive intellectual property portfolio, and is frequently called upon to speak and present on matters related to cybersecurity. He has testified on issues related to cyber threats before U.S. government panels, and has worked extensively with companies in the medical, oil, gas, and utility verticals.