I am both heartened by the fact that there are volunteers willing to help society, but also very sad that this is even needed. Where and how has the American government - both sides i feel - so disastrously failed its people, that it is needed to rely on volunteers to help with something that i feel should have been managed by government.
Before anyone starts rambling on about politics too much on any side, i blame all sides. What i recall from my basic education so many decades ago is that government should help to provide at least some fundamental areas of infrastructure (e.g. roads and such, etc.), and then commerce (private enterprise, etc.) can take place above it, and than things proceed from there, yada yada.
I don't know what is more basic infrastructure than water and its associated management? Where is the NSA in all of this? What about Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), where are they in all of this?
Clearly, this story ticked me off, and apologies for that...but, if we're at the stage in society where volunteers is a viable solution for a very fundamental element in life...then clearly lots of other things have severely failed.
The CISA has 3,000 employees and a budget of $3B, which is a lot, but not enough where they can be involved in everything. For reference there are 12,500 utility scale power plants and 148,000 public water systems in the United States. The scale of the problem means they must be mostly an advisory organization, where most of the work gets done by people at the infrastructure organizations or, sure, volunteers.
Now, I’m not saying that the CISA is doing a good job, I genuinely have no idea. Determining that would take a lot of knowledge, probably insider knowledge, and weighing what they’re doing against what resources they have available. But them not being involved in some random project that showed up in your newsfeed doesn’t mean they have severely failed.
Most of our infrastructure was built a long time ago (except roads) and don’t actively see maintenance. No one from the current generations has had to pay for real impactful infrastructure for decades. Now that all the infrastructure is failing or has security holes nobody wants to pay for it to be fixed. If you look up major infrastructure repairs in the last few decades you will see much of what could have been long term fixes were reduced to short term fixes.
Properly fixing infrastructure has become expensive as construction costs have skyrocketed in the last few decades.
Look at the CHIPS bill, huge infrastructure gain but also was a part of the 9% inflation because building this infrastructure is expensive. The American people were warned about it causing inflation but wanted it anyways. When inflation hit they all conveniently forgot the cost of new infrastructure in the US and chose to cling to lies about how disastrous the last 4 years have been.
That is why today no one does anything about problems until a bridge collapses. You can make more money today by passing the buck to the next generation and passing blame to whoever came before you.
CHIPS was signed into law in August 2022. The yearly inflation rate for 2023 was 4.12%. Inflation, especially in the wake of the COVID-19 pandemic, was caused by an extremely large amount of different issues and chalking 9% inflation up to infrastructure spending is a wild jump.
Good thing I didn’t chalk up infrastructure spending as the only cause by stating “part”.
> but also was a part of the 9% inflation
Yes there are other reasons, COVID payments being another reason, which citizens were warned about. The first payment was signed by Donald Trump himself. Any time there is an increase in spending it will cause inflation. Increasing defense spending is another cause which happens yearly.
Did CHIPS and stimulus checks also cause inflation in Germany, Italy, France, Japan, Canada in Britain? Asking because they all had higher inflation than US.
Part of looking for solutions requires root cause analysis. Which can be "blameless" but there is at some point a need to figure out where the holes are in a system to be able to patch them. Otherwise people will never know if they're paying for a problem to occur (taxes) and then paying to help fix them too (donations + volunteering)!
While I see your point, over time, I’ve come to think that cybersecurity is a fundamentally different and indomitable beast. Consider the sheer number of software projects, devices, and products being developed, each inevitably introducing all kinds of bugs, versus the relatively small number of people who truly understand the craft of real offensive security.
The very concept of “offensive security” is indicative of the problem.
If you want to make a secure military base, you do not hire a spec ops team to develop one. If you want to make a bulletproof vest, you do not hire a gunsmith to design new synthetic fibers.
Having offensive teams on hand to verify and validate is necessary, but largely orthogonal to the task of design and development. The skillsets are highly dissimilar.
The fact that people think this is the golden way shows how absolutely intellectually bankrupt the entire commercial cybersecurity industry is on a theoretical level. And the complete inability to protect against the regular and standard threat actors today shows and supports that empirically.
I don't have any inside knowledge to expand on this, but it's interesting that Voting Village has had a public participatory component (website, social media, annual appearance at DEFCON, CFPs guiding messaging on topics on hardware and misinformation); the DARPA AIxCC appears to follow that model, and yet this Franklin Project is much harder to link to a website, social media, mailing list, etc. Is it too early, is it invite-only...?
I am both heartened by the fact that there are volunteers willing to help society, but also very sad that this is even needed. Where and how has the American government - both sides i feel - so disastrously failed its people, that it is needed to rely on volunteers to help with something that i feel should have been managed by government.
Before anyone starts rambling on about politics too much on any side, i blame all sides. What i recall from my basic education so many decades ago is that government should help to provide at least some fundamental areas of infrastructure (e.g. roads and such, etc.), and then commerce (private enterprise, etc.) can take place above it, and than things proceed from there, yada yada.
I don't know what is more basic infrastructure than water and its associated management? Where is the NSA in all of this? What about Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), where are they in all of this?
Clearly, this story ticked me off, and apologies for that...but, if we're at the stage in society where volunteers is a viable solution for a very fundamental element in life...then clearly lots of other things have severely failed.
> What about Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), where are they in all of this?
The CISA does this type of thing all the time. Here is an example just from their recent news releases in the past week: https://www.cisa.gov/news-events/alerts/2024/11/21/cisa-rele...
The CISA offers to assist infrastructure providers in a number of ways: https://www.cisa.gov/resources-tools/services/assist-visits Presumably the NRWA could have asked the CISA for help with this initiative.
The CISA has 3,000 employees and a budget of $3B, which is a lot, but not enough where they can be involved in everything. For reference there are 12,500 utility scale power plants and 148,000 public water systems in the United States. The scale of the problem means they must be mostly an advisory organization, where most of the work gets done by people at the infrastructure organizations or, sure, volunteers.
Now, I’m not saying that the CISA is doing a good job, I genuinely have no idea. Determining that would take a lot of knowledge, probably insider knowledge, and weighing what they’re doing against what resources they have available. But them not being involved in some random project that showed up in your newsfeed doesn’t mean they have severely failed.
[delayed]
Most of our infrastructure was built a long time ago (except roads) and don’t actively see maintenance. No one from the current generations has had to pay for real impactful infrastructure for decades. Now that all the infrastructure is failing or has security holes nobody wants to pay for it to be fixed. If you look up major infrastructure repairs in the last few decades you will see much of what could have been long term fixes were reduced to short term fixes.
Properly fixing infrastructure has become expensive as construction costs have skyrocketed in the last few decades.
Look at the CHIPS bill, huge infrastructure gain but also was a part of the 9% inflation because building this infrastructure is expensive. The American people were warned about it causing inflation but wanted it anyways. When inflation hit they all conveniently forgot the cost of new infrastructure in the US and chose to cling to lies about how disastrous the last 4 years have been.
That is why today no one does anything about problems until a bridge collapses. You can make more money today by passing the buck to the next generation and passing blame to whoever came before you.
CHIPS was signed into law in August 2022. The yearly inflation rate for 2023 was 4.12%. Inflation, especially in the wake of the COVID-19 pandemic, was caused by an extremely large amount of different issues and chalking 9% inflation up to infrastructure spending is a wild jump.
Good thing I didn’t chalk up infrastructure spending as the only cause by stating “part”.
> but also was a part of the 9% inflation
Yes there are other reasons, COVID payments being another reason, which citizens were warned about. The first payment was signed by Donald Trump himself. Any time there is an increase in spending it will cause inflation. Increasing defense spending is another cause which happens yearly.
Did CHIPS and stimulus checks also cause inflation in Germany, Italy, France, Japan, Canada in Britain? Asking because they all had higher inflation than US.
I wish we could stop looking for someone to blame or complain about and start looking for solutions. I think that’s the spirit of volunteering here.
Part of looking for solutions requires root cause analysis. Which can be "blameless" but there is at some point a need to figure out where the holes are in a system to be able to patch them. Otherwise people will never know if they're paying for a problem to occur (taxes) and then paying to help fix them too (donations + volunteering)!
While I see your point, over time, I’ve come to think that cybersecurity is a fundamentally different and indomitable beast. Consider the sheer number of software projects, devices, and products being developed, each inevitably introducing all kinds of bugs, versus the relatively small number of people who truly understand the craft of real offensive security.
The very concept of “offensive security” is indicative of the problem.
If you want to make a secure military base, you do not hire a spec ops team to develop one. If you want to make a bulletproof vest, you do not hire a gunsmith to design new synthetic fibers.
Having offensive teams on hand to verify and validate is necessary, but largely orthogonal to the task of design and development. The skillsets are highly dissimilar.
The fact that people think this is the golden way shows how absolutely intellectually bankrupt the entire commercial cybersecurity industry is on a theoretical level. And the complete inability to protect against the regular and standard threat actors today shows and supports that empirically.
I don't have any inside knowledge to expand on this, but it's interesting that Voting Village has had a public participatory component (website, social media, annual appearance at DEFCON, CFPs guiding messaging on topics on hardware and misinformation); the DARPA AIxCC appears to follow that model, and yet this Franklin Project is much harder to link to a website, social media, mailing list, etc. Is it too early, is it invite-only...?