@defcon unreal art this year fun to see effects and highlights through the filters
Hnikar
- 1 Followers
- 17 Following
- 16 Posts
@GovTrack thanks for the update email, do you know if there's been any action on the public health emergency preparedness program for the CDC? I'm not sure how the CDC was able to send out a continuation of the grant this year.
@sawaba i took a look at your cyber business death list. Did you consider adding a field for human death impact or human impact/consequences ?
Recently been changing passwords because of the #lastpassbreach funny to learn that airlines have a low character limit for passwords, most have 16 and unusual restrictions. But #amtrak as many as you want. Who would have thought that Amtrak have a more modern website 🫠. Also, I wanna ride more trains
@thedarktangent my first pass on this: I really liked the defining of a "high risk" community. This tracks with the public health perspective of "high risk" people. We usually define it as 65+, pregnant people, and others with low immune systems (forgive the inexact language). It looks like public health, #cisa could take a centers for diseases control like approach, providing guidance to the general public and guidance to high risk vulnerable populations. I did notice that the committee recognizes some companies might not consider themselves to be high risk it would be important for a clear definition of who is high risk and i think the committee is developing a good one. But even in public health it's not necessary to have 100% compliance with public health interventions we just need most to follow those interventions in order for them to be effective.
Different inside of the information technology sector is that everyone has access to everyone else right now. Challenge!
This is a silly model, this is the incident response playbook from #cisa Like, it hasn't aged into a good strategy. It's just a bunch of activities dumped into a flow chart without deeper understanding of the actions. There are 3 circular loops in this. And there's no concept of operations to follow, like preparedness, response, and recovery phases. https://www.cisa.gov/sites/default/files/publications/Federal_Government_Cybersecurity_Incident_and_Vulnerability_Response_Playbooks_508C.pdf
The planning p from incident command system is ok, but at least it only has one loop in it. It's quite confusing and took me 3 years to actually grasp that it's just a meeting planner. The missing part for most folks I think are the meeting goals and agendas.
The emergency management community is not exactly better. We have the poete models of planning, organizing, equipping, training, and exercising which is an idea. And it's interesting to see cisa create a similar model for the information technology sector. But I'm concerned the cyber security field is just making it harder for other sectors to understand them.
@thedarktangent I'm really curious if the larger cyber security field is going to move into a public health kind of focus with a strategic perspective. Where cisa will consider the larger scope of society. I should have read the most recent cyber strategy, I really think the cdc and cisa can trade notes and learn from each other, but I'm just not sure how to start that conversation.