[tidydata]

There’s nothing in this article indicating the operator has a recovery plan in place involving restoring backups to get these systems online. Seems grossly negligent on their behalf, and made almost satiric by the fact that Fireye can be mentioned without reference to their own massive security lapses.

Too much focus always on the “hackers” and never the obvious security lapses solved by diverting executive pay to more bodies and training to cover them, but oh well right?

[aristophenes]

You think Fireeye had massive security lapses because they reported they were hacked. Everyone else was also hacked and FireEye was the only one that figured it out and blew the whole thing wide open. Now if the best incident responders in the world can’t always prevent malicious activity on their network, how is an oil company going to do that? Or utilities, transporters, hospitals, defense contractors, or universities? The truth is everything is vulnerable, and what you think is the stability and security of all the other organizations you don’t hear about getting hacked, is just the current set of hackers working hard to be discreet. I think if war was to break out with certain other nations we’d find it in a hurry how much our infrastructure has already been compromised.

[thisisnico]

IT is typically grossly understaffed and underfunded in these businesses. At the site-level, you'll see some very out of date tech running critical systems. IT is a cost-center to be reduced as much as possible, oversight is non-existent.

[crmd]

You always know you’re dealing with one of these companies when IT reports up into the CFO.

[Bukhmanizer]

I used to work at a scientific research institute where the entire IT department reported to a single researcher for no apparent reason.

[adolph]

Could be worse, I saw IT reporting through HR once upon a time.

[crmd]

Horrible

[nimbius]

Its difficult to chastise a country that misses the forest for the trees, when that country has spent sixty years formenting a culture of blind consumption and wilful ignorance of anything STEM. instead of a flourishing culture of hacking and computing, the united states through DMCA and law relegated the notion to comic books and hollywood fiction. most of the public war drumming for 'hacking' (if it could be said to exist at all in 2021) is a thinly veiled surrogate of consumerism.

What reason would we have to blame the company for poor security hygene? what possible outcome could we hope for when in 2021 nearly every Solarwinds customer renewed their license after the hack.

[andrewmcwatters]

What are you talking about? The country has spent so much time on STEM, that we have a trade labor shortage.

Please.

[bdangubic]

The reason country is has spent so much time on “STEM” is not that there is a labor shortage but that salaries of “STEM” people are too high and business owners need more people not to fill shortages but to overflow the system such that salaries go down significantly.

There is no shortage of labor for jobs paying high 6-figures … :-)

[stanfordkid]

The problem is our government. There is no shortage of STEM graduates -- we have the best and brightest. Our government has failed to set the right incentives for the private market to innovate on critical infrastructure... so naturally the smartest STEM grads end up building Netflix or Facebook.

[bariumbitmap]

I'm here to bring a message from the future: they did have usable backups, according to a news article published just a few days after this one:[0]

> Once they received the payment, the hackers provided the operator with a decrypting tool to restore its disabled computer network. The tool was so slow that the company continued using its own backups to help restore the system, one of the people familiar with the company’s efforts said.

It's hard to get the full story from a single article, and larger publications like the Washington Post tend to focus on the most recent statements from federal agencies and corporations rather than details that you and I find more interesting. Sometimes I wish that newspapers would do more of a synopsis of news stories a month or so after the fact to give more context and "lessons learned" or "what impact has this had?". I would prefer that much more to the "breaking news" approach.

[0] https://www.bloomberg.com/news/articles/2021-05-13/colonial-...

[jb775]

Was just gonna say this sounds like your classic case of a business scoffing at the high price of software devs.

I'd wager a guess that their current IT team was worked to the bone on profit-focused projects, but will be 100% blamed internally by the execs.

[ethbr0]

Failure accrue down, to people who do work. Successes accrue up, to managers who decided it should be done.

It's almost like this arrangement was by design...

[rectang]

Executives are rewarded extremely handsomely for short-term returns. Even if the company goes under, they've long ago accumulated enough wealth to live out their lives fabulously. The incentives to invest in security are weak.

[bamboozled]

> There’s nothing in this article indicating the operator has a recovery plan in place involving restoring backups to get these systems online.

No one cares about that type of work that’s why. It’s ridiculous but true.