Comment by egorfine

10 days ago

> it absolutely does make sense for the government to force such companies

Problem is, a) governments are infiltrated by russian assets and b) governments are known to enforce detrimental IT regulations. Germany especially so.

> power plants, telco infra, traffic infrastructure or hospitals

Their system _will_ get hit by ransomware or APTs. It is not possible to mandate common sense or proper IT practices, no matter how strict the law. See the recent incident in South Korea with burned down data center with no backups.

8 comments

egorfine

mschuster91 10 days ago

> Problem is, a) governments are infiltrated by russian assets and b) governments are known to enforce detrimental IT regulations. Germany especially so.

The regulations are a framework called "BSI Grundschutz" and all parts are freely available for everyone [1]. Even if our government were fully corrupted by Russia like Orban's Hungary - just look at the regulations on their face values and tell me what exactly you would see as "detrimental" or against best practice?

> It is not possible to mandate common sense or proper IT practices, no matter how strict the law. See the recent incident in South Korea with burned down data center with no backups.

I think it actually is. The BSI Grundschutz criteria tend to feel "checkboxy", but if you tick all the checkboxes you'll end up with a pretty resilient system. And yes, I've been on the implementing side.

The thing is, even if you're not fully compliant with BSI Grundschutz... if you just follow parts of it in your architecture, your security and resilience posture is already much stronger than much of the competition.

[1] https://www.bsi.bund.de/DE/Themen/Unternehmen-und-Organisati...

hiharryhere 10 days ago

Government isn’t perfect but I’d be interested to know what alternative you propose?

egorfine 10 days ago
a) Incarceration time for IT execs and responsible engineers.
b) Let companies go out of business once they fail to protect their own crucial data.
None of that is possible.
- msl 9 days ago
  
  Responsible for what? If the government does not mandate any behavior, what basis does it have to incarcerate anyone?
- scns 9 days ago
  
  Those are only punishments, which are shown to not work. Solutions are needed
- throwaway_fjmr 9 days ago
  
  so you are not proposing anything real then? I can pull "magic indestructible backup solution" out of my arse, too :(
  
  1 reply →