|
|
|
|
|
|
by drivebycomment
732 days ago
|
|
|
This is a non-solution, and automatic "head rolling" and punishments will only lead to reducing the actual meaningful experience accumulation - the mean time between major breaches like this is long enough and variable enough that the next person would be likely equally incompetent, inexperienced and inattentive. There's no easy solution, because it's inherently very difficult problem - making a correct trade-off between security and everything else for the society, and determining what exact line needs to be drawn, are inherently extremely difficult problem, and no amount of laws and punishments will help with finding the right balance. I do like what CISA seems to be trying to do, and I think they can do a lot more here - I think we need CSRB or some similar org to get to a place where NTSB is - I think the key value of NTSB for humanity is ensuring that some of the critical knowledge around safety incidents get accumulated and shared across. Right now, learnings from key infosec incidents are not broadly shared in any reasonable timeframe, if ever, and so we repeat the mistake over and over again. |
|
|
This is old stuff, man, but it always plays out.
SKIN IN THE DAMN GAME is the only thing that matters.
The parties involved don't feel any pain from sucking at security, so they may continue to suck at security. It REALLY is that simple.