Former CIA cybersecurity officer calls out tech companies for making insecure devices

A former chief information security officer (CISO) for the Central Intelligence Agency (CIA) is blasting tech companies – like Microsoft – for making insecure computers and selling them to consumers.

In an interview with FOX Business, Robert Bigman, former CIA CISO and current advisory board member at AppGuard, says bad computer operating systems are the biggest threat to cybersecurity. “I would love to name a company that’s really taking cybersecurity seriously. It’s all because frankly Microsoft and everyone else puts performance -- puts sexiness -- puts usability ahead of security.”

Bigman says right now Microsoft, Apple and other companies are knowingly making insecure devices and he says – security programs are just adding a layer on top of an weak foundation. “None of the vendors here at this massive show are fixing that problem. They are all fixing the symptoms, right, but not the root cause,” says Bigman.

But tech companies can’t take all the blame. Bigman says consumers are part of the problem – security doesn’t sell. “It’s all consumer demand. Consumers demand ease of use. They want to set it up out of the box press a button it turns on. They love sexy applications. That’s what mobile is all about -- sexy application. They’re not in love with security yet. Security is not meaningful to them yet.” Bigman says when the demand changes on the consumer side, you may see that change the industry.

Microsoft President Brad Smith says in an interview with FOX Business that tech companies are the first line of defense for users against these attacks, all governments need to play by the same rules to make progress.

“We are seeing a new era. No one really knows if it’s a cold war or a medium war or a phony war, but it increasingly feels like we sort of are at war. We are seeing governments and militaries probe, attack and I think that’s a real problem.”

Smith calls for a “new digital Geneva convention” that would require governments to protect civilians and not attack them.

“I think we need to put more pressure on governments that are not yet respecting the rules, it is very difficult for private sector successfully to predict every one when we are having attacks in effect by the military, by governments,” Smith says.

Bigman says he thinks the industry needs government regulation to get devices on the market up to code.

"The U.S. government knows how to build a secure operating system -- a secure computer -- but industry doesn’t do that. The only motivation I see is regulation.” Bigman says the industry needs a Lemon Law that protects against bad devices from penetrating the market and also institutes requirements for secure operating system standards.

“And let me tell you something I am not a big fan of government regulation. It’s not the only solution but it’s part of the solution,” says Bigman.