安全专家警告网络安全漏洞

An argument is raging about whether companies should be forced to disclose cyber attacks, as security experts warn that US retailers, hotels and airports have gaping holes in their online security.

对于是否应该强制企业披露其遭受的网络攻击，各方展开激烈争论。目前安全专家警告，美国的零售商、酒店和机场的网络安全存在巨大漏洞。

Researchers in Las Vegas for the Black Hat cyber security conference exposed flaws they argued could allow hackers to swipe credit card details from retailers, run technology in hotel rooms by remote control and trick airport security into believing someone is drugs-free.

在拉斯维加斯举行的“黑帽网络安全大会”(Black Hat)上，研究者们揭露了一些漏洞。他们断言，黑客可以通过这些漏洞，从零售商那里窃取信用卡资料、遥控酒店客房中的科技产品，甚至骗过机场安检，让其相信某人并未携带毒品。

Dan Geer, chief information security officer for In-Q-Tel, which invests in technology on behalf of the Central Intelligence Agency, said the threat of cyber attack was so serious that companies should have to declare significant security failures. “Not only has cyber security reached the highest levels of attention, it has spread into nearly every corner,” he said. “The footprint of cyber security has surpassed the grasp of any one of us.”

In-Q-Tel公司代表美国中央情报局(CIA)投资于科技设备，该公司首席信息安全官丹•吉尔(Dan Geer)表示，网络攻击的威胁如此严重，以至于应当迫使公司披露重大的安全失败事故。“网络安全不仅得到了最高层的关注，它也几乎传到了每一个角落，”他说，“网络安全的足迹超出我们任何一个人的掌握。”

Laws about what kind of attacks companies must report vary depending on the country or industry. But many focus on the loss of consumer data rather than on the tide of attacks by nation states and intellectual property theft.

关于公司必须报告哪些种类的黑客攻击，相关法律依国家或者行业有所不同。然而，比起由国家发起的大波攻击和窃取知识产权，许多人更关注消费者数据的泄露。

Despite patchy regulation, the number of companies reporting cyber security concerns to US regulators has more than doubled in the past two years, according to official filings.

尽管相关法规还不完善，但根据官方申报文件，在过去两年里向美国监管者报告网络安全问题的公司增加了一倍以上。

Mr Geer called for “a public health system” for the internet where the security of everyone online is given higher priority than the privacy of attack victims. He also said the US government should pay to make public vulnerabilities that people find in software.

吉尔呼吁为互联网建立一个“公共卫生系统”，比起遭受网络攻击的受害者的隐私，对网络上每一个人的安全给予更高的重视。他还表示，美国政府应出资公布人们在软件中找到的漏洞。

Alex Stamos, Yahoo’s chief information security officer, said companies needed to work together to combat cyber crime. Other industries should learn from banks, which had succeeded at co-operating on security partly because they were highly regulated, he said.

雅虎(Yahoo)首席信息安全官亚历克斯•斯坦默斯(Alex Stamos)说，公司需要合作抗击网络犯罪。他说，银行通过在安全上相互合作取得成功，部分原因是因为银行受到严格监管，其他行业应该学习银行业的经验。

But Kevin Mandia, chief operating officer of cyber security company FireEye, said companies were right to fear being forced to disclose attacks as some were “crucified” in a “point and blame atmosphere”.

然而，网络安全公司FireEye的首席运营官凯文•曼迪亚(Kevin Mandia)说，公司有理由害怕被迫披露所遭受的网络攻击，因为在一个“指名道姓指责的环境中”，一些公司曾被“钉上十字架”。

Doctors were not blamed for not having yet discovered a cure for cancer and the threat from cyber crime was similarly here to stay, he added. “I feel like we are trying to cure cancer just like doctors are.”

他补充说，医生们不会因为还没找到治愈癌症的方法受到指责，网络犯罪的威胁也同样会长期存在。“我感觉我们就像医生一样，是在尝试治愈癌症。”