[nonrandomstring]

The essence of the article is a topic of concern, but is expressed rather lightly in TFA. End runs around security happen at the edges. From the bottom; by undermining hardware, or code libraries, supply chains. And we're now seeing "decapitation attacks" right at the top. Our "western" security models have a weakness, with their roots in Prussian military organisation and bureaucratic technical management, by default they trust up. The whole DOGE caper (what I would call a Dr Strangelove scenario - variation of insider-threat) exposes this as actually very vulnerable.

Cybersecurity services that operate as MSPs (the acronym variation where S is for security) hit a fundamental problem. A managed security provider becomes a bigger and juicer target since all of its clients are implied spoils. If they in turn defer-to/buy-from bigger actors up the food chain, those become juicer targets too.

This a frequent chestnut when we interview cybsersecurity company CEOs. Although it resurfaces the old "Who guards the guardians?", there is more to it. One has to actively avoid concentrating too much "power" (non-ironically a synonym of vulnerability ... heavy lies the crown) in one place, but to distribute risk by distributing responsibility for building trust relations (TFA mentions this). I expect we'll see more and more of this sort of thinking as events unfold.