@hrbrmstr Mate, RSAC did not lead to a single vendor liability framework or a single CEO/Chair of a stupidly pwed large company getting banned from managing corporations even temporarily.

This holier-than-thou routine about 'discussion about defending critical infrastructure and fostering trust in technology' rubs me the wrong way.

If you want accountability, how about holding directors of edge vendors accountable for the security of their wares and the lack thereof enabling the Chinese and Russians to hit FVEY CNI?

If you want accountability, invite Jen Easterly and ask her what the much-vaunted SbD pledge actually achieved, and why CISA did not work with NIST to make SSDF into a workable standard and thus the basis for a sound vendor liability regime.

Also ask her about the following extracts from GAO-24-106576 - if CISA has forever been indispensable to CNI cyber resilience, why did it have fewer OT incident responders for a number of years than people on a cricket team?

P.S. I couldn't care less what anyone, regardless of their discipline, thinks about 'defense of democratic norms' if they demonise Hindus, Buddhists and Jain like me and my family by referring to Nazi Hakenkreuzes as our sacred Swastikas.

P.P.S. 'the very protections we've built' - mate, the Chinese exploit security products like firewalls because they know the product security and inspectability is sub-par. Give me a break.