Last week, Mary Rose Roberts wrote a column on cybersecurity, in which she reported that mission-critical entities — such as the nation’s 911 system, air-traffic control system, transit systems and power grids — are at greater risk than ever before, not just from hackers but now from rogue nations bent on cyber warfare. In this column, Roberts quoted Gregory Evans, who heads the Atlanta-based cybersecurity consultancy Ligatt Security International. Evans suggested that such entities would do well to hire hackers as consultants in order to identify security vulnerabilities in their systems.
Boy, did we hear about that. No one seemed to question the message — hire hackers! — but instead viciously attacked the messenger, who is a former felon who pleaded guilty to a wire- fraud charge that resulted from his hacking of AT&T and Sprint and, as Roberts reported, “hitting them up for more than $1 million a week.”
Readers were unhappy with us for interviewing Evans in the first place, but especially after I inserted into the column an item that said Ligatt was the cybersecurity firm for the Atlanta Hawks and Atlanta Thrashers, the city’s professional basketball and hockey franchises. Simply not true, the readers wailed. Admittedly, I didn’t look further into the matter than the 2009 press release issued by Ligatt that announced the relationship. But there was a relationship, albeit one that was short-lived. Here’s what Atlanta Hawks’ executive Tracy White told me today in an e-mail exchange:
“In 2009, we entered into a marketing partnership agreement with Ligatt Security. Part of the agreement called for Ligatt to provide services to our IT department. Shortly after the agreement was signed, we mutually agreed to dissolve the agreement, and as a result, Ligatt Security never actually provided any services to our IT department.”
I really don’t know what to make of the vendetta against Evans. Perhaps it’s happening simply because he committed a felony. Maybe the hacker community sees Evans as a sell-out, because he’s cashing in and brazenly engaging in self-promotion. Maybe there’s another reason. Perhaps the vendetta is justified. Perhaps it’s not. I don’t live in the hacker world, so I don’t know.
But here’s what I do know — none of it matters. What does matter is Evans’ message: Hackers are coming for your network soon, and you better be prepared. Kevin McGeary and Jeremy Smith from L.R. Kimball said the same thing during the recent Association of Public Safety Communications Officials' conference in Philadelphia. And Evans’ suggestion to hire hackers as consultants also makes sense. Indeed, white-hat hackers have been providing such services for years. Even if this were a brand-new thought, it makes perfect sense, doesn’t it? I know that, if I were to try to put together a security system designed to stop my home from being burglarized, the first guy I’d want to talk to would be a former burglar.
In baseball, you’re constantly told to keep your eye on the ball. Most of the time, it’s said in reference to hitting the thing, which arguably is the most difficult thing to do in sports. But it also can be applied in reference to keeping the rock-hard orb from hitting you in the face. Mission-critical entities in the public-safety, power-utility and transportation sectors would do well to keep their eye on the ball regarding cybersecurity — and stop worrying about who’s telling them to do so.
What do you think? Tell us in the comment box below.