After a 24-day outage, Sony has announced that it has begun restoring the PlayStation Network on a region by region basis.
Kaz Hirai (pictured) said in a video that the company has rebuilt the security system of the online gaming service, which has 77 million registered users. Hackers attacked the network on April 19, forcing Sony to close the network as it fixed the security and investigated the hack.
Sony’s security measures start with users, who must immediately reset their passwords upon signing back in. Sony said it has worked with several respected outside security firms to implement new security measures that strengthen safeguards against unauthorized activity and provide consumers with more protection of their personal information.
Sony has added new security systems including additional software monitoring. It is also doing penetration and vulnerability testing. That means it is hiring security experts who will attack the system, as if they were criminal hackers, in hopes of finding vulnerabilities. Sony can then beef up the security.
Sony has increased levels of encryption and additional firewalls. That means that if hackers break into one part of the system, they won’t have access to all parts of the system. Sony also has an early-warning system for unusual activity patterns that could signal an attack.
One of the companies working with Sony on improving security is Symantec, the antivirus company. Symantec worked with Sony on relocating its network from one data center to another.
Hirai said Sony did not rush to get the services back online at the expense of security measures. He said that personal information is being guarded with some of the best technologies available today.
Sony also appointed Fumiaki Sakai, president of Sony Global Solutions, as chief information security officer for Sony. He will recruit a permanent security chief in the future. Sakai will report to Tim Schaaf, president of Sony’s networked entertainment division. That’s definitely a good step, but it also means that a Sony insider is in charge of security for now. Sony clearly seems to need someone from the outside to be its security chief.
All of these changes make sense, but they beg the question: why didn’t Sony have these measures in place before the attack?It is interesting that an outside party, Symantec, has stated that Sony’ is being diligent about restoring security. But it would be more interesting to see if the network penetration testers come back with the same kind of public expressions of support. Sony needs more third-party experts validating the security efforts so we can all trust the company again.