Facebook chief information security officer (CISO) Alex Stamos has today defended the company over his suggestion, in a leaked audio, that the company's network is "run like a college campus".
The audio was leaked to ZDNet, which built a story suggesting that "executives were apathetic to matters of cybersecurity" and that it needed to "improve its internal security practices to be more akin to a defence contractor".
"The threats that we are facing have increased significantly and the quality of the adversaries that we are facing… Both technically and from a cultural perspective I don't feel like we have caught up with our responsibility," he is quoted as saying in an internal security meeting in the leaked audio.
I was asked for comment today wrt some leaked audio from when I was speaking to my security team at Facebook. 1/11 https://t.co/FQU0eTAj2x— Alex Stamos (@alexstamos) October 19, 2017
He continues: "The way that I explain to [management] is that we have the threat profile of a Northrop Grumman or a Raytheon or another defence contractor, but we run our corporate network, for example, like a college campus, almost.
"We have made intentional decisions to give access to data and systems to engineers to make them ‘move fast' but that creates other issues for us."
However, in a series of tweets today, Stamos defended his company and the comments, arguing that they were not only used out of context, but suggesting that the article had distorted their meaning.
In the series of tweets, Stamos wrote: "I've said this before [that Facebook's network is run like a college campus], internally, to describe one of the basic challenges security teams face at companies like ours.
"Tech companies are famous for providing freedom for engineers to customise their environments and experiment with new tools, and also frameworks & development processes. Allowing for this freedom helps creativity and productivity.
"We have to weigh that against the fact that we have become a potential target for advanced threat actors. As a result, we can't architect our security the same way a defence contractor can, with limited computing options and no freedom.
"Keeping the company secure while allowing the culture to blossom is a challenge, but a motivating one, I'm happy to accept. The ‘college campus' wording is just a figure of speech to make the point: My team runs network security for the company. Of course we secure it thoroughly.
"It would not be correct to read my quote as a criticism of management not caring about security; they care a great deal. It's not a criticism of anybody, just a statement of why our team needs to be creative in how we protect our corporate network.
After firing off writs against AMD and Intel, ambulance-chasing lawyers take aim at Apple
Scientists claim to have found a way to create lighter and more reliable batteries
A malicious script has been in operation since November
Scientists are crowdsourcing help in detecting rare high-energy cosmic rays - and all you need is a mobile phone