美商資安巨頭Fortinet近日驚爆大規模登入憑證外洩重大事件,衝擊全球超過7萬台設備,我數發部資安署也緊急發布警訊要求各單位全面大體檢。由於國民黨立委徐巧芯3月才在立院質詢該品牌存在漏洞,如今竟一語成讖。國民黨立委馬文君今(25)日火力全開指出,陸軍總經費高達6.1億元的「機敏資安核心」標案正是採用該品牌設備,她痛批國防部至今態度消極、「在替廠商辯護」,要求國防部必須立刻向立法院提出機密說明。
據數發部資安署掌握最新情資,威脅情報平台InfoStealers於6月17日揭露「FortiBleed」重大憑證外洩事件,駭客利用Fortinet設備匯出的設定檔進行暴力破解,成功竊取全球超過7萬台FortiGate防火牆及SSL VPN設備的管理者帳密。駭客取得這些憑證後,可輕易潛入機關或企業內部進行更深層的惡意攻擊。
雖然資安署強調目前台灣尚未收到政府或民間的受駭通報,但也隨即透過TWCERT/CC等管道,對各政府機關及關鍵基礎設施主管單位發布緊急資安警訊。
然而,這場全球資安風暴已直接燒進台灣的國防核心。馬文君揭露,陸軍去年底決標、執行期程自114年至118年、總經費高達6.1億元的「陸軍機敏資安核心」案,得標廠商「中光電智能雲服」所採用的核心設備,正是不堪一擊的Fortinet防火牆。馬文君憂心指出,該標案攸關國軍營區網路管理的核心系統,「一旦遭入侵,影響的恐怕不是單一設備,而是整體軍網的監控與管理能力。」
馬文君提及,徐巧芯立委在今年3月質詢時就公開質疑,該標案當時有中華電信、華經資訊等具備大型資安建置經驗的業者參與投標,最後卻由資安經驗最少、毫無大型系統實績的中光電得標,資格審查與設備選型充滿疑慮。
「我最在意的,不是替哪個品牌有問題,而是國防部面對國軍核心軍網的態度!」馬文君批評,當立法院提早發出警訊時,國防部有沒有認真看待?當資安風險全面浮現時,有沒有把國安風險放在第一位、即時處置?
馬文君直言,令人遺憾的是,國防部目前仍在強調「設備合規、原廠使用廣泛、廠商有履約實績」,卻始終沒有對外說清楚:國軍現行系統究竟有沒有受到波及?國軍的設備是否出現在國際駭客掌握的情資清單中?目前到底完成了哪些實質的檢查與補救措施?她強調:「國防部的責任是守護國家安全,不是替廠商辯護!」馬文君指出,她已正式要求國防部在最短時間內向立法院提出機密說明,並限期與廠商研議出具體的改善與補救方案,全面防堵國安漏洞。
'%3e%3cpath%20d='M195.06%2051.1096L116.493%2038.7498C113.602%2038.2951%20110.821%2040.0467%20109.983%2042.848L99.4573%2078.0057L98.5717%2080.9652L94.4043%2094.8867L112.554%2091.5437L177.269%20112.754C180.395%20113.778%20183.75%20112.025%20184.693%20108.875L199.755%2058.5646C200.771%2055.1722%20198.561%2051.6612%20195.062%2051.1116L195.06%2051.1096Z'%20fill='%23B0DFFF'/%3e%3cpath%20d='M166.485%2077.1477C165.793%2079.4607%20167.106%2081.8963%20169.419%2082.5882C171.732%2083.2802%20174.167%2081.9675%20174.859%2079.6545C175.551%2077.3415%20174.238%2074.9059%20171.925%2074.2139C169.612%2073.522%20167.177%2074.8347%20166.485%2077.1477Z'%20fill='white'/%3e%3cpath%20d='M145.899%2070.9836C145.208%2073.2967%20146.52%2075.7322%20148.833%2076.4242C151.146%2077.1161%20153.582%2075.8034%20154.274%2073.4904C154.966%2071.1774%20153.653%2068.7418%20151.34%2068.0499C149.027%2067.358%20146.591%2068.6706%20145.899%2070.9836Z'%20fill='white'/%3e%3cpath%20d='M125.312%2064.8196C124.62%2067.1326%20125.932%2069.5682%20128.245%2070.2601C130.558%2070.952%20132.994%2069.6393%20133.686%2067.3263C134.378%2065.0133%20133.065%2062.5777%20130.752%2061.8858C128.439%2061.1939%20126.004%2062.5066%20125.312%2064.8196Z'%20fill='white'/%3e%3cpath%20d='M5.25804%200.00279501L74.4703%202.27626C77.0166%202.35929%2079.1082%204.3125%2079.3672%206.84692L82.6212%2038.6359L82.896%2041.3107L84.185%2053.8978L69.2097%2048.0718L10.3981%2055.6296C7.55918%2055.9954%204.97534%2053.9473%204.68473%2051.0985L0.0270836%205.61134C-0.287248%202.54315%202.17601%20-0.0980284%205.25804%200.00279501Z'%20fill='%230073B8'/%3e%3cpath%20d='M25.4393%2026.9418C25.6528%2029.0334%2024.1325%2030.9016%2022.041%2031.1151C19.9494%2031.3286%2018.0812%2029.8083%2017.8677%2027.7167C17.6541%2025.6251%2019.1744%2023.7569%2021.266%2023.5434C23.3576%2023.3299%2025.2258%2024.8502%2025.4393%2026.9418Z'%20fill='white'/%3e%3cpath%20d='M44.0521%2025.036C44.2656%2027.1276%2042.7453%2028.9958%2040.6537%2029.2093C38.5622%2029.4228%2036.694%2027.9026%2036.4804%2025.811C36.2669%2023.7194%2037.7872%2021.8512%2039.8788%2021.6377C41.9704%2021.4242%2043.8386%2022.9444%2044.0521%2025.036Z'%20fill='white'/%3e%3cpath%20d='M62.6668%2023.1303C62.8803%2025.2218%2061.3601%2027.09%2059.2685%2027.3036C57.1769%2027.5171%2055.3087%2025.9968%2055.0952%2023.9052C54.8817%2021.8136%2056.4019%2019.9454%2058.4935%2019.7319C60.5851%2019.5184%2062.4533%2021.0387%2062.6668%2023.1303Z'%20fill='white'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_926_14682'%3e%3crect%20width='200'%20height='113.047'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
無任何留言,趕緊搶頭香!