Sign in / up

back to article Five Eyes tell critical infra orgs: Take these actions now to protect against China's Volt Typhoon

The Feds and friends yesterday issued yet another warning about China's Volt Typhoon gang, this time urging critical infrastructure owners and operators to protect their facilities against destructive cyber attacks that may be brewing. The Tuesday alert – issued by the US government's Cybersecurity and Infrastructure Security …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. Mike 137 Silver badge

    A bit late?

    The CISA fact sheet recommends:

    * Empower cybersecurity teams to make informed resourcing decisions

    * Effectively apply detection and hardening best practices

    * Receive continuous cybersecurity training and skill development

    * Develop comprehensive information security plans and conduct regular tabletop exercises

    * Establish strong vendor risk management

    * Ensure performance management outcomes are aligned to the cyber goals

    It seems to me that unless all of this is already in place and operational there ain't a hope in hell of protecting against the advised threat. How is it that critical infrastructure infosec is so utterly inoperative? Or is it that the CISA is unaware of its actual state and is merely spouting truisms?

    8 0 Reply
    1. TheBruce
      Reply Icon

      Re: A bit late?

      Having worked in IT for a few decades and the last decade in cybersecurity. The main issue is lack of talent and budget. A big issue that I've seen is HR doing the hiring and being utterly incapable of identifying capable qualified staff. Also unqualified management that keeps buying promises and nothing usefull being delivered. My emploer hired a highly recommended person as CIO who forced Gurucul on us. What do you know they were on the Gurucul board of directors. It was a complete waste of money and never worked.

      11 0 Reply
      1. HuBo Silver badge
        Reply Icon
        Facepalm

        Re: A bit late?

        Hmmm, not sure where the name comes from, but as "cul" in French is an english "ass" ... Guru's ass?

        0 1 Reply
    2. Peter-Waterman1
      Reply Icon

      Re: A bit late?

      Microsoft could learn a thing or two from this

      0 0 Reply
  2. ShortLegs

    Its too late if one has been struck

    But if one hasn't been hacked, then its a timely reminder

    4 0 Reply
    1. Will Godfrey Silver badge
      Reply Icon
      Flame

      There have been more than enough "Timely reminders" in the form of the wreckage of infrastructure, repeatedly reported over the last few years, so why the fuck is nobody doing anything about it. Talk about fingers in your ears laa, laa, la.

      3 0 Reply
      1. CrazyOldCatMan Silver badge
        Reply Icon

        n the form of the wreckage of infrastructure, repeatedly reported over the last few years, so why the fuck is nobody doing anything about it

        Easy answer - it costs money and the dumb MBAs that seemingly run most of the US industry can't see the benefit of spending money (because it reduces your profit margin and hence share price) on something as nebulous as "security" (unless its for them - to keep the proles away and making sure they don't have to breathe prole-tainted air).

        Start making jail sentences for senior company officers for network breaches where the company hasn't complied with basic security rules and it *might* change. But that'll never happen because the US Governments corporate overlords won't let it.

        2 0 Reply
  3. STOP_FORTH Silver badge
    Gimp

    Counter measures

    Use acupuncture, it's the last thing they'd expect.

    3 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like