Facebook chief information security officer (CISO) Alex Stamos has today defended the company over his suggestion, in a leaked audio, that the company's network is "run like a college campus".
The audio was leaked to ZDNet, which built a story suggesting that "executives were apathetic to matters of cybersecurity" and that it needed to "improve its internal security practices to be more akin to a defence contractor".
"The threats that we are facing have increased significantly and the quality of the adversaries that we are facing… Both technically and from a cultural perspective I don't feel like we have caught up with our responsibility," he is quoted as saying in an internal security meeting in the leaked audio.
I was asked for comment today wrt some leaked audio from when I was speaking to my security team at Facebook. 1/11 https://t.co/FQU0eTAj2x— Alex Stamos (@alexstamos) October 19, 2017
He continues: "The way that I explain to [management] is that we have the threat profile of a Northrop Grumman or a Raytheon or another defence contractor, but we run our corporate network, for example, like a college campus, almost.
"We have made intentional decisions to give access to data and systems to engineers to make them ‘move fast' but that creates other issues for us."
However, in a series of tweets today, Stamos defended his company and the comments, arguing that they were not only used out of context, but suggesting that the article had distorted their meaning.
In the series of tweets, Stamos wrote: "I've said this before [that Facebook's network is run like a college campus], internally, to describe one of the basic challenges security teams face at companies like ours.
"Tech companies are famous for providing freedom for engineers to customise their environments and experiment with new tools, and also frameworks & development processes. Allowing for this freedom helps creativity and productivity.
"We have to weigh that against the fact that we have become a potential target for advanced threat actors. As a result, we can't architect our security the same way a defence contractor can, with limited computing options and no freedom.
"Keeping the company secure while allowing the culture to blossom is a challenge, but a motivating one, I'm happy to accept. The ‘college campus' wording is just a figure of speech to make the point: My team runs network security for the company. Of course we secure it thoroughly.
"It would not be correct to read my quote as a criticism of management not caring about security; they care a great deal. It's not a criticism of anybody, just a statement of why our team needs to be creative in how we protect our corporate network.
Nintendo sales double and profits balloon by 500 per cent as Shuntaro Furukawa is appointed president
Switch console sold more than 15 million units, while SNES Classic sold more than five million
High-precision measurements of nearly 1.7 billion stars made by Gaia space observatory
Water trapped in asteroids could be the source of the Earth's seas
Latest Skip Ahead build focuses on mobile and a number of small fixes