Sony Corp., which suffered a massive breach of its PlayStation Network earlier this year, is hiring a former official at the Department of Homeland Security to lead its security initiatives.
Philip Reitinger was named the firm’s new senior vice president and CISO, in a bid to move on after multiple high-profile attacks targeting Sony’s systems. Reitinger served as director of the National Cybersecurity Center at DHS. He was also deputy undersecretary of the DHS National Protection and Programs Directorate (NPPD), a role charged with protecting U.S. government systems from domestic and foreign threats.
In an announcement Tuesday, Sony said Reitinger will oversee information security, privacy and Internet safety across the company. He will report to the company’s executive vice president and general counsel.
Reitinger was chief trustworthy infrastructure strategist at Microsoft, prior to taking the job at DHS. At Microsoft he oversaw coordination between the software giant, its partners and government agencies on cybersecurity issues.
At a security conference in Miami last year, Reitinger told incident response handlers that it was time to stop talking about cybersecurity in generalities and begin taking action against cybercriminals. Mechanisms to help researchers and response teams disseminate information about attacks need to be standardized for a better coordinated response to incidents, Reitinger said.
"We've got a set of manual processes and there's a lack of agility in places," he told attendees of the 2010 Forum of Incident Response and Security Teams (FIRST) Conference. "We succeed based on goodwill and hard work of people rather than the innate design of the system."
Sony’s PlayStation Network was halted for more than a week, disrupting 77 million PSN and Qriocity accounts. The company learned that hackers stole personal information about PSN users as well as more than 24 million Sony Online Entertainment user accounts. Stolen information included names, addresses, email addresses, birth dates and account credentials. The breach also included a database containing more than 12,000 non-U.S. credit and debit card numbers
Sony executives have apologized for the security lapses and are giving customers free credit monitoring, a standard move following breaches. But security experts say Sony’s breach highlights a number of lapses and highlights a need for better data security management.