Disruptions: New Motto for Silicon Valley: First Security, Then Innovation. Silicon Valley to replace posters with ones that say, “Move slowly and protect your users.”

MAY 5, 2013, 11:00 AM

Disruptions: New Motto for Silicon Valley: First Security, Then Innovation

By NICK BILTON

At Facebook’s headquarters in Palo Alto, Calif., are stark white posters with bright red statements like “Done is better than perfect” and “Move fast and break things.”

These disruptive philosophies embody the spirit not just of Facebook but of Silicon Valley. Yet today, when technology companies have become the prime targets of rogue governments and hackers, the ideologies that drive these companies to provoke could end up disrupting these companies.

Conversely, the signs sitting in security research firms across the country warn, “Carelessness causes security incidents.”

Although technology companies say they take security seriously, protecting their customers seems to come second to announcing new products. Take Twitter, where people’s accounts are frequently hacked. In the last few months alone, this has happened to Burger King, BBC, NPR, The Associated Press and a slew of celebrities and users. In that time, Twitter has proudly announced updates to features on its mobile and desktop apps, introduced a music Web site and redesigned its company blog. But it still hasn’t released two-factor authentication, a security tool used by the rest of the industry to deter hackers.Although Twitter declined to comment, I’m sure most of the people on the site who have seen their accounts pilfered over the last several years would rather have two-factor authentication than a shiny new Twitter blog.

One solution is a bill crawling through Congress over the last two years, the Cyber Intelligence Sharing and Protection Act, known as Cispa. The bill would make it easy for tech companies to share information about computer security threats with government agencies, helping fortify against cyberattacks.

But privacy groups say that Cispa is not a solution to the problem, and that instead it hands the highly sensitive personal data we want protected to the government.

“It has to be the obligation of these tech companies to build in security from the very beginning before we start moving into solutions about bringing the government into the private sector,” said Leslie Harris, president and chief executive of the Center for Democracy and Technology, a Washington-based advocacy group financed by a broad coalition of technology and telecommunication companies. “You want to see these very innovative companies step up and become the leaders in security solutions first.”

Cispa’s creators and defenders see it differently. They argue that companies are not simply fortifying against a child in his bedroom who is trying to get into their servers for fun. Today’s hackers hail from foreign governments like those in China, Syria and Estonia, and are adept at getting what they want.

Representative Mike Rogers, Republican of Michigan and the chairman of the House Intelligence Committee, who was one of the authors of Cispa, recently said that “our government, our industries and your personal information will be subjected to hundreds of thousands of attempts at hacking” in a single day. “We are in a stealthy cyber war in America. And we’re losing.”

He thinks the government can solve that problem.

Kelsey Knight, director of communications for Mr. Rogers, said in a phone interview that Cispa could stop “90 percent of the current security breaches” that happen today. “Then, in reverse, these companies would be able to share their threat of information and code back to the government and that will add to the list of zeros and ones that we can keep defending against together.”

Ms. Knight noted that start-ups cannot defend themselves against today’s advanced attacks because the cost can be hundreds of thousands of dollars. She said Cispa and other government groups can help.

One thing is clear: today’s tactics are not working.

During the State of the Union address this year, President Obama cited the need to protect “national security” and “privacy” while defending against cyber attacks. The president has also been meeting with chief executives to discuss ways to combat the threat of computer warfare and corporate espionage.

Cispa, now in the Senate, could take months, if not years, if it is to emerge at all from Congress. Until then, advocacy groups believe it falls to the start-ups to put more effort into security.

“The ‘move fast and break things’ philosophy is not a philosophy that has necessarily been good for our privacy,” Ms. Harris said. “I certainly believe that government and companies should be working together, but information sharing is just a very small part of the cyber security puzzle. It’s companies investing the resources to strengthen their own security first.”

Maybe it’s time for companies in Silicon Valley to replace those posters with ones that say, “Move slowly and protect your users.”

About bambooinnovator
Kee Koon Boon (“KB”) is the co-founder and director of HERO Investment Management which provides specialized fund management and investment advisory services to the ARCHEA Asia HERO Innovators Fund (www.heroinnovator.com), the only Asian SMID-cap tech-focused fund in the industry. KB is an internationally featured investor rooted in the principles of value investing for over a decade as a fund manager and analyst in the Asian capital markets who started his career at a boutique hedge fund in Singapore where he was with the firm since 2002 and was also part of the core investment committee in significantly outperforming the index in the 10-year-plus-old flagship Asian fund. He was also the portfolio manager for Asia-Pacific equities at Korea’s largest mutual fund company. Prior to setting up the H.E.R.O. Innovators Fund, KB was the Chief Investment Officer & CEO of a Singapore Registered Fund Management Company (RFMC) where he is responsible for listed Asian equity investments. KB had taught accounting at the Singapore Management University (SMU) as a faculty member and also pioneered the 15-week course on Accounting Fraud in Asia as an official module at SMU. KB remains grateful and honored to be invited by Singapore’s financial regulator Monetary Authority of Singapore (MAS) to present to their top management team about implementing a world’s first fact-based forward-looking fraud detection framework to bring about benefits for the capital markets in Singapore and for the public and investment community. KB also served the community in sharing his insights in writing articles about value investing and corporate governance in the media that include Business Times, Straits Times, Jakarta Post, Manual of Ideas, Investopedia, TedXWallStreet. He had also presented in top investment, banking and finance conferences in America, Italy, Sydney, Cape Town, HK, China. He has trained CEOs, entrepreneurs, CFOs, management executives in business strategy & business model innovation in Singapore, HK and China.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: