Sometimes, you just have to be amazed at the inanity of things our government – and private associations- do. No, I’m not talking about the 6th of January or TheDonald. (Although, those two certainly do eclipse this stupidity.)
What am I talking about?
This is the 18th year of Cybersecurity Awareness Month. Let that sink in- 18 years. And, still we have pipelines, railroads, airports, power plants, water systems, hospitals, and companies succumbing to ransomware and hacks.
What is the point of making folks aware there’s a problem- and then doing absolutely nothing to stop it?
Oh, sure, the government has decided that pipelines and railroads need cybersecurity. And, the railroads (see below for more) are not getting an “optional” rule- this time it will be defined- and required. The problem- the proposed rules only apply to “high risk” railroads. And, for the life of me- or what anyone in the government says- I have no clue what the feds consider a high risk railroad. Aren’t they all dangerous, as they move at high speeds, cross roads, and travel through cities and towns.
Or the rules imposed on pipelines. Which rules only seem to require them to notify the government when they have been subjected to cybercrimes. Because after the fact notice is so darned effective.
After all, pipelines have been “subject” to “voluntary” guidelines since 2016 (and physical security rules forgave been around for 15 years, too). (You do recall that Colonial Pipeline was hacked badly enough to create a gas crisis along the East Coast, right? Yup, those voluntary guidelines certainly did protect the US citizenry.) Supposedly, these rules (which may even be beefed up) will become required- any day now.
And, I’m dying to know how making government contractors be required to report security breaches will make anyone safer. Because the penalty should then not timely report them- they’ll be fined. Yup. That certainly makes me sleep more securely at night.
While I’m at it, I should add that the IRS requires practitioners to take precautions. None of them are highly stringent; we adopted those more than a decade ago. (Yes, I know that means a bunch of tax “professionals” have been leaving their clients’ data at risk.)
I – and that means we, the US citizenry- can only hope that the two (stalled) infrastructure bills get passed soon. So, we can harden our electric grid and water distribution systems against hackers. So, our aviation industry will be protected against hackers. It’s a start.
A very late one, I might add.
