Comment by kevincloudsec

What’s playing out between AT&T/Verizon and Congress is something I see all the time at a smaller scale across the industry, that is, rganizations routinely avoid getting real visibility into their security posture because the moment you document a problem, you own it. If you never look, you get plausible deniability.

I work in AWS security, and it’s wild how many companies run production workloads with no continuous monitoring, no config drift detection, nothing. Not because the tools aren’t there, but because leadership doesn’t want a dashboard full of red. A clean report means you’re secure, right? No report means you might be secure. For a lot of people, that ambiguity feels safer than a concrete list of issues with remediation attached.

That’s the real issue here. It’s not just about CALEA or backdoors. It’s that our approach to critical infrastructure security often boils down to “don’t ask, don’t tell.” Mandiant did an assessment. The findings exist. And two of the largest telecom providers in the country would rather fight Congress than let those findings see daylight. That says a lot about the state of those networks.