Thomas, Joel, Ipad discussed on Beers with Talos
Capabilities and An improving remediation capabilities after the fact so seems like a more modern approach to the problem But his at evergreen like is going to be something that needs to be revisited annually. There's some language there's some language in the echo about revisiting. I don't think it is as i. There are definitely areas where they're going to come back and look at this fairly regularly where that language wasn't present and in so you're right in highlighting that but not only. Are they taking. What i would what i would call is the modern set of controls policies. That i was reading it thinking of biden as the ceo for for the company that is the federal government united states. And this is what this is what. He's telling his subordinates to do. Now if you've ever been in an at a fair sized organization we will now see how that direction survives encounters with people who are more or less motivated to that but one of the interesting things about that is a lot of things in that your centralized into ceasar in kind of gives authorities and responsibilities indices to of like give the high sign that yeah this agency has done what they should have done or knows agencies lightning behind on things and sees has gotten a lot of good publicity and have have gone through a lot of what i call like a honeymoon period recently and my thoughts reading. This is that that honeymoon period is about to be over. There's going to be sufficient response. Ability placed onto caesar in terms of securing things and also not as like like they are. They are in other people's bailiwicks kinda swinging around things so it will be. It'll be interesting to see what the politics are of interagency aspect for susa and then how is held to account for future breaches where cease has an amount of observation control but lacks total control over these networks and how much blame slash whatever goes to them versus the agency in how much finger-pointing occurs. It also seems like they actually had people like mitchell say people that have worked or lived in the cybersecurity industry. Right some of this right because it's not like biden sat behind a desk and say i am discreet idea. We should do all these things. It doesn't read to me like a bunch of bureaucrats scott in a room and wrote a document right. It's raised me like someone who works in. This industry knows what the heck they're talking about. What was part of the framework of establishing this this document. So it doesn't read as a bureaucratic nightmare is what i'm saying. It doesn't really rely knish document as chief apologist bureaucratic bullshit. Telling all kinds of secrets outside of the bbc chad today mattis completely different person from the matt that i knew from years. Now the there there was did to add on the on the executive order. Yeah so i had a couple of things. I mean the first one is you know. I think it's important to sit back and recognize that as joel said it's not like this came out of nowhere right. This has been the hard work of dozens and dozens of people in our space volunteering. Their spare time working on it at work revising it again and again and coming to an agreement that i'm sure it was not easy to get right and i'm not saying that this is something that literally came out of it. I think tank. But i mean these types of orders. They don't come out of nowhere right. There was the result of working groups. That are just doing countless hours of work that no one appreciates or thinks about really for the most part And so to me. I think it's really important that number one. We recognize that we recognize the hard work that went into this and the work of groups like mats and with the ransomware task force that work on very similar things that no doubt played into this and i think it's also important number two and like i preface this with. I am not a big policy guy. I'm not a big procedure. Guy right. I have come understand the value of procedures as we spoke about on a previous episode. Right like it's a necessary evil in order to have things done quickly correctly and consistently and i feel the same way with this kind of guidance. Right like i don't think legislation for the sake of legislation is a good idea. I think that's a bad idea. But i think in this particular case. This is what we needed right. These are a series of steps that we can take to help. Make the united states more secure make business more successful so i just wanted to take a second highlight that because i know a lot of security people are going to hear this and listen to this kind of gloss over it and think. Oh this isn't important. This is incredibly important. This is how we make actual change discussing policy like this. Bring the industry on board getting the industry in line and then proposing it to the public in a way that not only makes sense but is supported by the security community. That's super valuable. I definitely agree with that. I think that it's interesting in light of events to see something like this. Come out that is is full of really good ideas who i was going to say whose time has come but maybe their time came like you know several years ago and step forward step forward rock the book but there were also some other interesting ideas put forth last week that i think that some of us took notice of From from the tried and true concepts that we saw the executive order to maybe a bit of a different solution. In the form of letters of marque did you guys see. This missed it. I yield to the gentleman columbia maryland ipad. I've had my say. I hope it isn't interesting if antiquated typically more bound to maritime law than cyberspace But at a letter of marque was was basically a A a licensed Pirate hunt effectively govern. We should probably introduce what we're talking about so to be fair. Yes so thomas thomas. who's major general. Thomas airs retired. You saying netted states air force was the general counsel for the air force space forces trump administration appointee and he had a opinion piece in the wall street journal. Who's tell you it. Knocked me out of the park this week. For good ideas come out of the wall street journal and i will try to be to be fair to his expression of what what he was trying to get across julie arguing that they should use the letter remark process to create what he calls. I think cyber scouts in In us government's not that gonna scout service guys in in in in private sector to then direct information from the private sector backed the national security agency. So now my favorite part of this. You guys probably didn't see the entire policy side of the world. React to this. Because i had said something about about on twitter about wall street. Journal's opinion pieces this week they had a earlier in the week a piece from the we work. Ceo that you know. Some people took issue with And then there was this and yeah like bad. Take school or over at the wall street journal this week. And so i end something and rob kentucky. Who is Is a well known. Sarah policy guy.