Thoughts after a security conference.

The private sector, no matter the size, often plays a role (e.g. entry vector, DDoS load generating botnet, etc.) in massive, sometimes country-wide attacks. Shouldn't that make private businesses' CyberSec a matter of national security? Shouldn't the government create and enforce a security framework for private businesses to implement in their IT systems? IMO that'd also enforce standardised data security and force all the companies treat ITSec with at least minimal care (where "minimal" is set by the gov)

What are your thoughts?

Government is run by retards. They don't need to have their retard hands in everything. The less they are into the better.

Also, companies that do business with the government do in fact have to implement security as requested. Especially DOD contractors.

Edit: Have you seen how bad actual government websites are run? They have some of the worst design and security.

@Demolishun I have, and I like their security. At least in LT gov CyberSec is taken very seriously. Esp core services. And some respectful whitehats are working for gov to ensure sec.

IDK what it's like in other countries.

The trouble starts at the point that the government is run by lobbyists.

Most "statements" from a politician - especially in IT - are only explainable that way.

The second thing is that prevention isn't profitable for lobbyists... After all, a lot of companies rely on the income of taking care of the after math.

Goes for IT, minimum wage, ...

@IntrusionCM the way you put it the situation looks very grim :)

Eastern Europe used to have a system where everything was run by the government - as cautionary tale for people who think that the government is any better.

Government is in no way accountable, and the state cannot really go bankrupt.

Here in Spain we have a public company called Incibe that offers cibersecurity support to private companies and individuals. So you have a place to ask for help or be informed about security if you want it.

@netikras

It is very grim. Just that we are still in denial as most of us still live a good life or just block the madness out of hopelessness / lack of power.

Take the current situation e.g. in Europe.

Due to the record prices for electricity & gas, many people tried getting money from welfare.

Now, most of these welfare programs get authorized by a communal authority.

Which are already low on resources giving that many communal authorities need to be on a strict saving program.

What took once a month, takes now up to half a year plus... (Germany, but it will be pretty much the same in many other countries).

So people have to wait half a year to get """maybe"""" a life saving welfare check so they don't get bankrupt.

All of this has a lot to do with IT...

Most of the bureaucratic processes are not only **ridiculously retarded*** - but the workflows are completely broken.

Here in Germany it is very unlikely that two communal authorities can exchange documents.... Why? Because ... Well. Because!

Why standards... Why decide on government basis, after all Bavaria needs its Extrawurst. Federalism in Germany is the worst.

While I'm against unauthorized exchange of information between authorities... It's ridiculous that you still have to run as an errand boy for sth that could be done in seconds, but that now can take weeks as someone has e.g. to verify that you organized the right documents.

Working in welfare you learn that bureaucratic processes and the unwillingness to help people in need by the government is what makes most people turn to criminals.

Especially the "unwilling" part. As some communal agencies excel at having that one worker who thinks they're judge, jury and executioner in one person and can deliberately withhold information or deny welfare checks.

... Which would be harder if there was less "manual" and more "automatic" way of processing information.

Uff. Every time this topic comes up I'm reminded why I stopped working welfare.

If you wonder where the link to cyber security is: The number one reason is to say that these kinds of information exchanges cannot be done in a secure manner.

... While on the other hand it's possible to create biometric databases on international basis. Or mass surveillance. Or other stuff.

Ya know where it matters?

@netikras

Tbh, .lt is an absolute unit when it comes to itsec and egov.
Prices, prices, awards and more prices for .lt digitisation.
Wonder whether you fed us an elaborate cat fishing thread, but I'll bite.

You guys fuck!

Germany?
The very concept of dynamic infographics does not go past lower management.
Directors printing out emails and thus sacking five digits it projects are no rarity.
Every. Position. In. It. Is. Baby-sitting. Corporate., Gov. Or. End. Users.
No shit.

France?
Open source everything!
Is there anything in the interest of the public? It's open data.
Is there a platform addressing more than one party?
Gotta have an open api.
Thus, everything is measured by the highest standard facing the public.
Quite some times this leads to the minimal consens. Which can be quite shit under highly regulated EU and national law and stakeholders.
Just as Germany, democracy and federation break things. Many chefs spit in a soup, or what's the saying?

@netiras

If you want something done right, never trust gvmnt to do it. If they have any, ANY occasion they gonna fuck it up. So.. I think that would be terrible approach. I dont trust them to not fuck up any part of such setup