Mitsubishi Hack Stole Nuclear, Defense Data 78
judgecorp writes "When Mitsubishi announced in September it had been hacked in August it was criticized for keeping quiet for a month. Now it appears that the attackers got nuclear power plant and military aircraft details according to sources quoted in the Japanese media."
Re:I Just Can't Understand It (Score:2, Interesting)
I can speak from a little bit (and I stress 'little bit') of inside information on this particular topic in that MHI spends far less on IT than you could possibly imagine. What's more, their reliance on outside sources for their services and support is frightening
That's true for much of the corporate world. IT is seen as a cost-center that is a necessary evil rather than an asset to the company.
Systems won't get secured because it costs too much. Same with upgrading to the next release of software (since the current version is going out of support).
My current job has forced me to deploy a couple of Solaris 8 servers to the Internet. Of course I yelled and screamed that this is bad because Oracle doesn't patch Solaris 8 anymore (unless you pay for a hella expensive vintage patch service agreement, which we don't). But it was deemed that business operations and cost savings trumped any security concerns. They wouldn't even let me move the servers to isolated subnets since that'd incur downtimes and possible unacceptable risks of further outages.
It's not until a company gets cracked and has it's source code (or customer database /w financial info) stolen, or worse (think of data being deleted forcing lots of lengthy and often untested disaster recovery procedures to activated) that they do something. But when that happens, they blame the IT staff for being incompetent (even though you raised the alarm bells months ago) and fire them and then bring in outside consultants who may or may not be competent and put effective policies into place.
Re:Mitsubishi Cars/Trucks, similar problems? (Score:4, Interesting)
Re:I Just Can't Understand It (Score:5, Interesting)
I grew up in the States but am east Asian by ethnicity/heritage and have some knowledge of east Asian culture (though obviously my parents didn't think too highly of it, otherwise they probably would've made a more concerted effort to educate/indoctrinate me about it).
The concept is quite simple, it's primarily about bolstering external perception in order to promote the reputation of a group that one self-identities with - be that the family, the company, or the country. You define an in-group and an out-group, and within the in-group honesty and transparency is permitted (at least with respect to the domain of the in-group, you're not going to be sharing family secrets with your co-workers, for example). However, when it comes to the out-group, every effort is made to give the appearance that activities within the in-group are efficient, successful, "harmonious" (i.e. lack of conflict between members of the in-group) - in other words, bury all dirty secrets and make everything look utopian, even if it isn't. Transparency is discouraged because it is bad PR, and members of the out-group (i.e. the rest of society) are expected to have lower expectations as to the amount of information that is provided through "official" channels. So in order to obtain such information, members of the out-group turn to gossip, espionage, etc.
I wouldn't say that "Western" culture (I hate that term because I reject the existence of that distinction as philosophically valid) doesn't practice "face-saving" to some degree, it just isn't taken to the extremes that it is in east Asia because of societal expectations regarding transparency and accountability. I for one think that this is one area where people in China, Korea, and Japan can learn a lot from "Western" countries. After all, face-saving is simply an aspect of tribalism, institutionalized.