Cyber Security: What Are You Doing?

May 20, 2021

I read “A Federal Government Left Completely Blind on Cyber attacks Looks to Force Reporting.” The write up uses a phrase for which there are a limited number of synonyms in English; namely, completely blind. There are numerous types of blindness. There’s the metaphorical blindness of William James, who coined the phrase “a certain blindness.” The wordy kin of the equally wordy Henry James means, I think, that some people just can’t “see” something. A friend says, “You will love working at Apple.” You say, “I don’t think so.” Hey, working at Apple is super, like the chaos monkeys on steroids.

Other types of blindness include losing one’s eyes; for example, Tiresias, who lost his vision seeing some interesting transformations. (Look it up.) There’s the Oedipus angle which involves breaking some Western cultural norms, ignoring inputs, and gouging out his eyes. Yep, that will do. Don’t listen, generate some inner angst, and poking one’s eyes. There are medical reasons galore. These range from protein build up, which is easily corrected today with some medical magic to truly weird stuff like nuclear radiation.

The point is that cyber security has left the US government “completely blind.” The write up says:

Lawmakers of both parties told POLITICO they are crafting legislation to mandate cyber attack reporting by critical infrastructure operators such as Colonial, along with major IT service providers and any other companies that do business with the government.

What are the “rules” now? The write up says:

No federal law or regulation requires pipeline operators to report any cybersecurity incidents to the government. Instead, suggested guidance from the Transportation Security Administration — the federal agency that oversees pipeline cybersecurity — recommends that they tell local and federal officials about significant breaches.

President Biden says, according to the article, “we have to do more than is being done now.”

Who agrees? If a commercial enterprise says, “Yo, breach”, won’t the stock or value of the brand decline. If a government agency says, “We’ve been hacked”, what happens to the security manager and his / her manager?

Are the cyber security vendors able to provide a solution? Maybe.

To sum up, lots of talk and more regulation. In the meantime, ransomware bad actors are seeing an open road, no traffic cops, and a dry, clear day. Put the pedal to the metal.

Stephen E Arnold, May 20, 2021

Comments

Comments are closed.

  • Archives

  • Recent Posts

  • Meta