|
|
|
|
|
|
by Jedd
399 days ago
|
|
|
> ... narrative has become we expect them to be making low-level IT decisions too? I think that's a misdirection. The narrative is that: a) they were using a compromised piece of software b) they should not have been using that software - not (necessarily) because it was compromised, but because it wasn't US DoD accredited for that use case. (I understand your point that these guys are not tech savvy, and do not need to be, but they should be regulation-savvy (clearly they either are not, or willingly broke those regulations), and they should be following organisational guidelines that presumably cover the selection and use of these tools types.) |
|
|
This is the exact same problem as Clinton's blackberry enterprise server. Doing it right was hard and time consuming, so they ignored that and did what they wanted.
Only we should be a lot more demanding that our officials in 2025 have a better basic understanding of the importance of computer security than in 2005.