来自 科技 2020-04-26 17:07 的文章

台湾网络安全部以安全和隐私为由,向所有政府

台湾网络安全部以安全和隐私为由,向所有政府机构发出通告,禁止使用某些视频软件,如Zoom。

台湾政府机构被告知,出于安全和隐私考虑,不要使用Zoom,但已提前同意使用谷歌和微软等替代方案。禁令出台之前,Zoom承认安全失误,并就隐私问题道歉。

台湾网络安全部以安全和隐私为由,向所有政府

在周二发布的一份声明中,台湾内阁下令其所有政府机构对视频会议软件的使用更加严格。该法案指出其2019年《网络安全管理法》,称该法案要求所有组织不得使用与安全问题相关的商品和服务。

此外,在采购这类信息和通信系统时,应优先考虑当地生产的商品和服务或政府签约供应商提供的商品和服务。

在COVID-19大流行期间,它指出,台湾网络安全部(DCS)周二向所有政府机构和选定的非政府机构发出通告,如果它们需要使用视频会议工具,此类应用程序的基础软件"不应有相关的安全或隐私问题,如Zoom"。

DCS还推荐了替代国际产品,指出谷歌和微软等公司,它说,在当前疫情期间免费提供视频会议工具。"在评估任何相关数据安全风险后,组织当然应该考虑这些选项,"它说。

台湾此举之前,Zoom承认其安全措施没有得光。最近禁止使用视频会议工具的其他组织包括SpaceX和纽约市的学校。

近几周来,Zoom 的使用率大幅上升,因为各国陷入封锁,员工在家工作。这引发了一系列缩放炸弹案例的雪崩,在此期间,陌生人将不请自来地出现,以缩放会议和表现出破坏性行为。此类事件变得如此普遍,以至于美国联邦调查局(FBI)在美国发出了全国性的安全警报。

在另一起安全漏洞中,Zoom承认,它错误地通过中国路由了涉及中国境外用户的电话。据Zoom首席执行官袁伟之(Eric Yuan)称,该公司已经提高了服务器容量以满足日益增长的需求,但未能正确实施其地理围栏程序。"因此,某些会议可能被允许连接到中国的系统,而它们本来不应该能够连接在那里,"袁说。

这家美国公司表示,自那以来,该公司已修复了这一监管,将其在中国的数据中心从针对中国境外用户的二级备用桥梁名单中删除。

以下为英文原文:


Taiwan's government agencies have been told not to use Zoom over security and privacy concerns, but have given the go-ahead to use alternatives such as Google and Microsoft. The ban comes after Zoom admitted to security lapses and apologised over its privacy issues.

In a statement released Tuesday, Taiwan's cabinet ordered all of its government agencies to be more stringent with its use of video conferencing software. Pointing to its Cyber Security Management Act 2019, it said the legislation required all organisations to not use goods and services that are linked to security issues.

Furthermore, in procuring such information and communication systems, locally produced goods and services or those provided by government-contracted suppliers should be prioritised, it said.

Amidst the COVID-19 pandemic, it noted that Taiwan's Department of Cyber Security (DCS) on Tuesday issued an advisory to all government agencies and selected non-government agencies that, should they need to use video conference tools, the underlying software of such applications "should not have associated security or privacy concerns, such as Zoom".

The DCS also recommended alternative international products, pointing to the likes of Google and Microsoft, which it said offered video conferencing tools for free during the current outbreak. "Organisations should certainly consider these options after evaluating any associated data security risks," it said.

Taiwan's move comes after Zoom acknowledged it had fallen short on its security measures. Other organisations that recently banned the use of the video conferencing tool included SpaceX and schools in New York City.

Zoom's usage had climbed significantly in recent weeks, as countries went into lockdown and employees worked from home. This triggered an avalanche of Zoom-bombing cases, during which strangers would show up, uninvited, to Zoom meetings and exhibit disruptive behaviour. Such instances became so widespread that the FBI in the United States sent out a nationwide security alert.

In another security lapse, Zoom admitted it had mistakenly routed calls involving users located outside China, through China. According to Zoom CEO Eric Yuan, it had ramped up server capacity to meet the increased demand but failed to properly implement its geo-fencing procedures. "As a result, it is possible certain meetings were allowed to connect to systems in China, where they should not have been able to connect," Yuan said.

The US company said it has since fixed the oversight, removing its data centres in China from a list of secondary backup bridges for users outside of China.