8. FireEye Told Government Clients About Breach Before Going Public
Mandia: There’s got to be a way for folks who are responding to breaches to share data quickly to protect the nation and protect industries. And that would require defining what is a first responder. And I think it’s pretty simple. If you’re trying to figure out what happened to unauthorized or unlawful access to a network, you’re a first responder. And if you do that for other companies besides yourself, you’re a first responder.
And first responders should have an obligation to share threat intelligence to some government agencies, so that, without worrying about liabilities and disclosures, we’re getting intel into people’s hands to figure out what to do about it. … We need to know, if you’re a first responder, you’re obligated to get threat intel into the bucket so we can protect the nation.
We notified the government customers we had before we went public with the breach. We found out later based on contractual reviews who we had to notify or not, but the reality is, the minute we had a breach, I was talking to ring zero—the intelligence community, law enforcement. You don’t want to get email when you don’t know if your email is secure. So the reality is, I think we told every government customer we had that we had a problem—period—before we even went public.