Uber picks NSA veteran to fix security problems
In November, new Uber CEO Dara Khosrowshahi penned an apologetic note to riders and drivers explaining that hackers had obtained 57 million personal records from the ridehailing company — and rather than disclosing the breach immediately, the company had paid the hackers $100,000 to keep quiet.
Khosrowshahi, who said the breach and payouts happened before he arrived, fired Uber’s chief security officer, Joe Sullivan, for his handling of the matter.
On Tuesday, Uber announced that they had found Sullivan’s replacement: Matt Olsen, a former general counsel of the National Security Agency and director of the National Counterterrorism Center. Olsen was most recently the president and chief revenue officer at IronNet Cybersecurity, a consulting firm he co-founded with Gen. Keith Alexander, the agency’s former director.
Olsen joins Uber as it is trying to repair the reputation of its security team. In addition to the data breach, Uber’s practice of routinely surveilling its competitors physically and online came under scrutiny in federal court when Uber was being sued for trade secret theft by Waymo, the autonomous-driving car company owned by Alphabet.
“I know Uber made some substantial changes in terms of eliminating, quite decisively, some of the activities that were done more in secret and saying, that’s just not part of who we are going forward,” Olsen said. “That was my reaction when I learned about some of these activities: ‘That just doesn’t make sense to me.’ ”
Increasing transparency and unifying the security team — which is split into two groups, one focused on online security and one on physical security threats facing riders and drivers — will be top priorities, Olsen said.
“I think they understand the need to be transparent and ethical, and vigilant in complying not just with the laws and regulations that apply, but the norms and standards that Uber customers and stakeholders expect of the company,” he said.
The challenge, Olsen said, will be earning trust as Uber seeks to establish itself as safe, in the physical world as well as online. The company serves millions of riders each day and handles a wealth of personal data, making it a rich target for attackers.
Olsen said his history in the intelligence community would help him counter the complex threats Uber faces.
“For any large organization, whether you’re talking NSA or a company like Uber, having a plan and having practiced and exercised how to respond to a breach is critically important,” he said.