My understanding is in some states the laws are written with a Catch-22: you need evidence of hacking to kick off an investigation. So I wouldn’t be that confident.
If I were China I’d probably go with a hardware supply chain attack. These machines can sit around for years.
I think DARPA’s SSITH program is a step in the right direction. At the very least, I’d feel a lot better with bug bounties on publicly available demonstrators from all manufacturers.
If I were China I’d probably go with a hardware supply chain attack. These machines can sit around for years.
I think DARPA’s SSITH program is a step in the right direction. At the very least, I’d feel a lot better with bug bounties on publicly available demonstrators from all manufacturers.