Cybersecurity expert explains claims that Twitter ignored security mea

Given Twitter’s global footprint as a communications platform, other nations, such as Russia and China, could require the company to hire its own government agents as a condition of allowing the company to operate in their country. Zatko’s allegations about Twitter’s internal security raise the possibility of criminals, activists, hostile governments, or their supporters seeking to exploit Twitter’s systems and user data by recruiting or blackmailing its employees may well present a national security concern.

Worse, Twitter’s own information about its users, their interests, and who they follow and interact with on the platform could facilitate targeting for disinformation campaigns, blackmail, or other nefarious purposes. Such foreign targeting of prominent companies and their employees has been a major counterintelligence worry in the national security community for decades.


Whatever the outcome of Zatko’s complaint in Congress, the SEC, or other federal agencies, it already is part of Musk’s latest legal filings as he tries to back out of his purchase of Twitter.

Ideally, in light of these disclosures, Twitter will take corrective action to improve the company’s cybersecurity systems and practices. A good first step the company could take is reviewing and limiting who has root access to its systems, source code, and user data to the minimum number necessary. The company should also ensure that its production systems are kept current and that it is effectively prepared to contend with any type of emergency situation without significantly disrupting its global operations.

From a broader perspective, Zatko’s complaint underscores the critical and sometimes uncomfortable role cybersecurity plays in modern organizations. Cybersecurity professionals like Zatko understand that no company or government agency likes publicity for cybersecurity problems. They tend to think long and hard about whether and how to raise cybersecurity concerns like these—and what the potential ramifications might be. In this case, Zatko says his disclosures reflect “the job he was hired to do” as head of security for a social media platform that he says “is critical to democracy.”

For companies like Twitter, bad cybersecurity news often results in a public relations nightmare that could affect share price and their standing in the marketplace, not to mention attract the interest of regulators and lawmakers. For governments, such revelations can lead to a lack of trust in the institutions created to serve society, in addition to potentially creating distracting political noise.

Unfortunately, how cybersecurity problems are discovered, disclosed, and handled remains a difficult and sometimes controversial process, with no easy solution both for cybersecurity professionals and today’s organizations.

Richard Forno is a principal lecturer in computer science and electrical engineering at the University of Maryland, Baltimore County.

This article is republished from The Conversation under a Creative Commons license. Read the original article.

s.parentNode.insertBefore(t,s)}(window, document,’script’,

fbq(‘init’, ‘1389601884702365’);
fbq(‘track’, ‘PageView’);

Leave a Comment