Alex Stamos talked about this a bit on TWiT late last year:
"It's getting hard to not be conspiracy minded here. They closed CSRB, destroyed CISA. CISA has no confirmed director. This just adds to kind of a complete surrender at least on the cyber side. We are spectacularly poorly prepared right now for a cyber attack."
We're in an era of Disaster Capitalism. Some of the richest people have realized they've nearly extracted all the money they can gain on the current trajectory of nations and came to the conclusion they can make even more money if they destroy everything and then are the ones to rebuild society, their way.
Fallout's storyline from the live-action series, where Vault-Tec dropped the first nuke and started the apocalypse simply so they could wipe out the competition and rebuild later, is a little too on-the-nose.
Hard agree with this and this matches what I’m hearing about the agency. That said, the failures start with Noem, DHS, and its approach to governing. Policies have been actively hostile to those working at the agency, messaging is prioritized over action, policies that make it harder to work overtime or telework or flex to the needs of actual problems, etc and that will likely continue under a new director.
We’ve torched cooperation, shown we cannot protect classified information - if one didn’t know better one would think it was on purpose - but in general incompetence typically reigns. They just don’t think the agency should exist after they said elections in 2020 were generally secure.
> CISA's own joint advisory confirmed that Volt Typhoon actors maintained access inside some victim environments for at least five years, using living-off-the-land techniques that make them nearly invisible to traditional security tools.
> And what's happening at CISA right now should terrify every American who depends on running water, electricity, and the ability to vote in free elections.
The answer is right at the beginning. Current administration has the explicit goal to not have free elections going forward. It has been stated plainly, on TV. The rest is collateral damage, and an attack on critical infrastructure will be a good excuse to invade the next country, declare state of emergency or outright war and get rid of elections completely.
> I'm a veteran. I served under both parties. I don't care which side of the aisle fixes this.
The idea that there are things entirely unpartisan or unpolitical is a polite fiction we can work with when things are somewhere around normal - usually even when things are pretty far from normal.
I get the army drilled this stance into you, but at some point the price the people pay for corruption includes their security.
This is a good thing. CISA was run by a bunch of BAH consultants that loved to push 8-9 digit cyber security software / license requirements to agencies with no thoughts on how to pay for it. Cyber security in federal is one big circle jerk. Cyber vendors pay into non-profits to write whitepapers why you need X, Y, Z software. This in turn was pushed by IT consultants from the major System Integrators, whom CIO's loved to bend the knee to because that was their near retirement career path. CISA would eventually push these as requirements, with even a bribe of "use our contract, we'll pay for year 1" but no idea how to pay for future years.
I work in a cabinet level agency running an $350M IT program. I'm good what I do, including cyber. We're too focused on paperwork compliance and vendor agents that provide little to no value for 8-9 digit annual costs.
Anonymous Account because I'd like to keep my job.
Political party in power makes it an explicit goal to dismantle government agencies and privatize all regulations, safety, security, environmental protections.
Chaos ensues.
Average American - "This isn't about politics. Both sides are to blame. We must work together."
Unless people collectively get their heads out of their asses the situation isn't going to magically reverse itself.
I've only really heard of cisa in terms of "fighting disinformation", which seemed more than a little dubious. Can someone speak to what their mission is and how effective they've been at it?
Or is this like the DHS where you just get to say that we haven't had any more 9/11s, so clearly the money and complete transformation of how we think about personal liberties was worth it?
Theoretically, it makes sense that we would need something like a cyber defense agency. Realistically, this doesn't seem like something the government (even at the best of times) would be capable of doing effectively.
14 comments
[ 5.7 ms ] story [ 54.9 ms ] threadFallout's storyline from the live-action series, where Vault-Tec dropped the first nuke and started the apocalypse simply so they could wipe out the competition and rebuild later, is a little too on-the-nose.
We’ve torched cooperation, shown we cannot protect classified information - if one didn’t know better one would think it was on purpose - but in general incompetence typically reigns. They just don’t think the agency should exist after they said elections in 2020 were generally secure.
What are these living-off-the-land techniques?
The answer is right at the beginning. Current administration has the explicit goal to not have free elections going forward. It has been stated plainly, on TV. The rest is collateral damage, and an attack on critical infrastructure will be a good excuse to invade the next country, declare state of emergency or outright war and get rid of elections completely.
> I'm a veteran. I served under both parties. I don't care which side of the aisle fixes this.
The idea that there are things entirely unpartisan or unpolitical is a polite fiction we can work with when things are somewhere around normal - usually even when things are pretty far from normal.
I get the army drilled this stance into you, but at some point the price the people pay for corruption includes their security.
It is, in fact, about politics.
There, fixed the title with some subbtle edits. /s
I work in a cabinet level agency running an $350M IT program. I'm good what I do, including cyber. We're too focused on paperwork compliance and vendor agents that provide little to no value for 8-9 digit annual costs.
Anonymous Account because I'd like to keep my job.
Chaos ensues.
Average American - "This isn't about politics. Both sides are to blame. We must work together."
Unless people collectively get their heads out of their asses the situation isn't going to magically reverse itself.
Or is this like the DHS where you just get to say that we haven't had any more 9/11s, so clearly the money and complete transformation of how we think about personal liberties was worth it?
Theoretically, it makes sense that we would need something like a cyber defense agency. Realistically, this doesn't seem like something the government (even at the best of times) would be capable of doing effectively.