> I'm a veteran. I served under both parties. I don't care which side of the aisle fixes this.
The idea that there are things entirely unpartisan or unpolitical is a polite fiction we can work with when things are somewhere around normal - usually even when things are pretty far from normal.
I get the army drilled this stance into you, but at some point the price the people pay for corruption includes their security.
I think you're technically right but missing what the guy is actually doing. When he says "this isn't about politics" he's not making some naive claim that governance exists outside of politics. He's saying "please don't retreat into the red team blue team thing here." And that's a legitimate move.
The word politics has basically split into two meanings that we swap between without noticing. There's the original sense, the art of navigating collective decisions, how we share power and resources. That version is unavoidable and actually kind of noble. Then there's what the word has come to mean in practice, which is identity-driven team sport. My side versus your side. Performance and signaling.
When you say "it is, in fact, about politics" you're technically correct in the first sense but you're activating the second sense, which is exactly the frame he's trying to get people out of. He's trying to create a space where people engage with the substance without immediately sorting into camps. That's valuable even if the distinction is a little artificial.
It's kind of a trap honestly. The escape hatch from tribal politics has itself become a political move, so you can always say "well actually that's political too." True, but not very useful if you're trying to get anywhere.
Oh i think you misunderstand. I know perfectly well what he's doing, and I am saying I understand. I know it works. Even when everything is not normal - collective decisions can be made.
I'm saying to consider if we've reached the point where the effects of political corruption is shaping reality beyond that point.
> I think you're technically right but missing what the guy is actually doing. When he says "this isn't about politics" he's not making some naive claim that governance exists outside of politics. He's saying "please don't retreat into the red team blue team thing here." And that's a legitimate move.
We've got a great term for the latter, and everyone is already familiar with it. Add the adjective "party". Done.
continuing off the tangent, "party" is a noun, not an adjective. In a construction "party politics", it functions _like_ an adjective, but it remains a noun.
Similarly, "computer" in "computer games" is a noun that modifies the meaning of the following noun. Modifying nouns like this always are in singular.
The Republican party won't change so long as they keep getting rewarded electorally. People respond to incentives, not to pleading.
To put it a different way, if America wants republicans to get good at collective decision making, they need to play team sports and vote democrats, repeatedly for at least 10 years. Probably longer, since that incompetence is so entrenched. There is no other way, and anyone who tries to be non-partisan is just wasting time.
But you should write that to the OP, they are the one who misuses the term "politics" in the 2nd sense. The answer to confusing terms is not a retreat from the original definition, but education. Otherwise you're opening doors to these political moves.
Surely the reason why appeasement isn't working is that we just haven't appeased hard enough!
"Both sides" / "tribes bad" / "transcend the conflict" discourse is such cancer, because intentionally ignoring the most pertinent parameters of a conflict is not a neutral choice. When Donald Trump said he would end the Russia/Ukraine conflict on Day 1, we didn't fear that he was lying, we feared that he was serious because we all knew that the only way to actually do it would have been to force Ukrainian defeat. When your toddler is screaming because the smell of cooking has made him hungry but he has to wait, giving in to his demands is not conflict-transcending 3D chess, it's teaching your kid that tantrums are an effective tool. The same goes for politics.
It will have to get a lot of worse in order to get better. Voters have to be in a lot more pain to give the non-crazy party control to actually fix fundamental problems.
Note: I'm an independent, but the current administration is incompetent on an embarrassing level.
there is no need to rewrite it, because it's fine. What's not fine is people not observing it, and defending it with their lives, and making sure that violations are actioned with penalties, social stigma and disdain.
I agree with you, but I don't see these things as possible. Maybe the D party will enact campaign finance rules if they got a super majority. Given gerrymandering I'm not sure that is ever possible though.
Look around at the politics of the majority of countries on the planet. Voters being in pain doesn't mean they suddenly start making the right choice. Quite the opposite in fact.
There's a long way to go on the path the USA is currently on. Ask anyone from India or Russia or Argentina or Egypt or Nigeria how democracy actually works.
The electorate does give control but they get bored after a few years and want to wreck everything all over again. It's goldfish levels of political memory in this country.
It’s not just the incompetence, it’s the meanness. If this administration were simply incompetent, it would be bad but not alarming or scary. It’s the fact that they want to hurt a portion of the population that worries me greatly.
I mean Eisenhower was the Republican President immediately leading up to LBJ signing the Civil Rights and Voting Rights Acts in 64-65 (i.e. the inflection point of the D/R "switch") and would realistically be considered a Democrat president:
- Accepted the New Deal
- Championed the Interstate Highway system (massive federal spending)
A lot of effort under Biden was to make diinformation a big push and they offloaded work to third parties, so I'd be curious to know how many of the firings or resignations came from the government being pulled away from censorship in league with social media as opposed to losing harscore cybersecurity professionals. Makes me want to jump back on the cybersecurity bandwagon. I think the the CISA and NSA mandate for memory-safe software roadmap is good. I'm more of a SPARK 2014 fan than Rust, but I think by 2027, I'll shift to 30% focus on Rust and see where the government contracts go. I'm building a high-integrity secure, mostly formally verified automation and controls software for a state-of-the-art portable hoist able to function in aerospace that I am also co-engineering with my partner inventor.
> the government being pulled away from censorship in league with social media
The right sure said that a lot, but it repeatedly failed to materialize. The twitter files were especially embarrassing, where Elon alleged government censorship but his "detective" was forced to admit that it didn't exist. Oops!
> [@mtaibbi] Although several sources recalled hearing about a “general” warning from federal law enforcement that summer about possible foreign hacks, there’s no evidence - that I've seen - of any government involvement in the laptop story. In fact, that might have been the problem...
Contrast this to "we can do it the easy way or the hard way" from the current administration. Yikes!
> And what's happening at CISA right now should terrify every American who depends on running water, electricity, and the ability to vote in free elections.
The answer is right at the beginning. Current administration has the explicit goal to not have free elections going forward. It has been stated plainly, on TV. The rest is collateral damage, and an attack on critical infrastructure will be a good excuse to invade the next country, declare state of emergency or outright war and get rid of elections completely.
Apparently that's where you stopped reading. If you continue reading, with a little be of logical reasoning and comprehension, you will learn that Plankey has been nominated by Trump, has bipartisan support, and even that Trump started the CISA agency. The only thing holding it up are 2 republicans and 1 democrat over some contract that probably has something to do with their buddies getting some contract deal. This isn't about "this administration", it's about your everyday political favors behind closed doors that has been happening since governments have been a thing.
That doesn't account for the ~1,000 employees being gutted from the agency and leaving a maliciously incompetent acting director in place. Both of which are directly caused by the current admin and won't be remedied by Plankey getting a confirmation, possibly for years.
For what it’s worth CISA built upon previous work in the DHS (basically rebranded NPPD as CISA) which evolved from NCSD which itself merged NCS and other cybersecurity teams in the wake of 9/11. America has been doing cybersecurity longer than any other country I think but presenting a rebranding as somehow something Trump is leading the charge on is a weird take.
No no no you don't understand, he was joking. You see, when trump says something I like it's earnest, but if he says something that makes me look bad then he's joking.
Repeated statements by Trump and his circle claiming he’ll run in 2028. Statements by Trump that his supporters won’t ever need to vote again. That little insurrection they tried on January 6th 2021. Their current weaponization and staffing of ICE by people with questionable backgrounds and morals and deploying them against their political enemies under the pretext of illegal immigration (Texas has a bigger problem than Wisconsin For what it’s worth). Constantly praising dictatorial leaders like Putin and Xi while threatening and talking shit about Democratic allies.
So whether or not metastasizes to that point, pretending like this concern has no grounding in actual actions taken and statements uttered is wild, because this playbook isn’t new and the intended direction seems more clear than not.
Hard agree with this and this matches what I’m hearing about the agency. That said, the failures start with Noem, DHS, and its approach to governing. Policies have been actively hostile to those working at the agency, messaging is prioritized over action, policies that make it harder to work overtime or telework or flex to the needs of actual problems, etc and that will likely continue under a new director.
We’ve torched cooperation, shown we cannot protect classified information - if one didn’t know better one would think it was on purpose - but in general incompetence typically reigns. They just don’t think the agency should exist after they said elections in 2020 were generally secure.
Well, yes, but that someone else doesn’t need to be a foreign adversary.
There is a certain type of mentality that just doesn’t believe that government should do anything, and that private enterprise will always have the solution.
Those people appear to be in control of all levers of power in the United States.
It's simpler than ideology about government vs. private enterprise. These are purely transactional people, looking out for what can benefit themselves. It's just about grabbing things for personal gain.
No these aren't no government types otherwise they'd be jan 6'ing every capitol when tariffs were imposed. These people are just trumpbots, there is no philosophy or consistency you will be able to find. They are not smart enough leastways to even in theory hold any philosophical position.
Real world evidence doesn't seem to validate this position.
For example - The ratio of government employees (including contractors) to US population is at an all time high[1], and the ratio of GDP to government expense is at an all time high[2].
It should be obvious if you have a profilgate printer priting dollars left and right, and the printer's controllers livelyhood depends on the printer working, workers will eventually lease printing to anyone willing to pay the controllers.
Thus, doesn't seem like a problem of wealthy people to me. You are always going to have wealthy people in any society. But it seems the fault is at having a printer, and letting people who aren't your neighbor, to control it.
I'm open minded in this being a "Chicken or egg" Problem. But I'd need to hear a compelling argument for it.
But they seem to also believe in heavy-handed government intervention to prop up failing businesses. For example Trump's recent announcement that he'll require the military to buy coal power on long-term contracts:
So on the one hand they're saying government shouldn't do anything, but on the other hand they love having the government put its finger on the scales of the market.
The common thread that resolves this apparent conflict is, of course, billionaires. 100% of Republicans and ~60% of Democrats are in office primarily to serve at the whims of billionaires. They will pursue whatever policies will give more power to billionaires, consistency and hypocrisy are irrelevant.
"So on the one hand they're saying government shouldn't do anything, but on the other hand they love having the government put its finger on the scales of the market."
Rather: They don't want the government to impede capitalist interests (greed), so they're using the government to further their corruption and greed
That is basically the Republicans' entire existence at this point. They would rather blow it up/make it disfunction/burn in down than have a working government. They have proven so with actions/policy like their willingness to pile destructive levels of debt onto the nation in order leverage the damage to their political goal of destroying government.
It's amazing what people will ignore to suit their prejudices. The Presidential cryptocurrency should have been the clearest signal that this was going to be all-grift, all of the time. I don't think any previous President would have been allowed to destroy half of the White House, either. The exact sort of thing that, if an "enemy" had did it, they would be demanding a war over.
You did get the memo from POTUS that loyalty is more important than intelligence, right?
Un-bias intelligence in this operation is not welcomed. One is told what is "factual truth" (not facts themselves) by those who operate out of Pennsylvania Avenue in DC.
If you're not blindly loyal and in line with the administration, then you'll be at risk of losing whatever role you have unless your loyalty is proven then you may receive some of that back based on how much you have demonstrated.
--
The problem in infosec in this world is not competence, it is cult of personality. This is why black t-shirt dislike black polo shirts not so secretly.
We're in an era of Disaster Capitalism. Some of the richest people have realized they've nearly extracted all the money they can gain on the current trajectory of nations and came to the conclusion they can make even more money if they destroy everything and then are the ones to rebuild society, their way.
Fallout's storyline from the live-action series, where Vault-Tec dropped the first nuke and started the apocalypse simply so they could wipe out the competition and rebuild later, is a little too on-the-nose.
Ya historically this doesn't traditionally work out for the rich instigators/accelerationist. idk maybe their bunkers are immune from having dirt shoved in the air intakes, either way it's not clear to me that they understand that the people they are trying to fuck over the hardest are the ones who know how to work all the industrial equipment and built the bunkers.
> CISA's own joint advisory confirmed that Volt Typhoon actors maintained access inside some victim environments for at least five years, using living-off-the-land techniques that make them nearly invisible to traditional security tools.
According to CISA's joint advisory (AA24-038A), here's specifically how they stayed inside for 5 years:
Valid credentials and stolen accounts. They repeatedly dumped NTDS.dit (the Active Directory database) from domain controllers to harvest every credential in the environment. In one confirmed case they extracted NTDS.dit from three domain controllers over a four-year period. They kept coming back to re-dump so they always had current, valid passwords.
Only operated during normal business hours. They studied the victim's work patterns and only used compromised credentials when legitimate admins would be active, so authentication logs looked normal.
Targeted log deletion. They deleted specific logs to cover their tracks.
Routed traffic through compromised SOHO routers. Fortinet, Cisco RV320, Netgear, and other end-of-life home/small office routers. Made their traffic appear to originate from legitimate residential IPs, not foreign infrastructure.
Zero malware. Literally none. They used only wmic, ntdsutil, netsh, PowerShell, cmd.exe, certutil, ldifde, net, and other native Windows tools. Nothing for an EDR to signature match against.
Minimal activity between credential dumps. They got in, dumped creds, did light recon, then went silent. They weren't exfiltrating data. They were pre-positioning for future disruption. That silence is what made them invisible.
It's a term-of-art that means to use the tools that are already available on the target machine. So rather than shipping a custom binary/shellcode/etc which exfiltrates data or whatever, you string together existing powershell/unix/etc commands to do so. It's effective because it's hard to distinguish these from legitimate processes.
Traditional malware relies on delivery of “payload” with a custom program and data, and/or establishing persistence by installing files to local storage.
These behaviors generate distinctive evidence of compromise in-progress, active, and after the fact, so your AV software or forensics team can identify it.
“Living off the Land” means minimizing or eliminating the payloads and the system modifications, and leveraging anything and everything that is found already existing in the system.
Obviously while presenting extra logistical challenges, LOL can be stealthier and easier to deploy on your target systems.
We won't. This is what the end of empire looks like. The US is going to end up a backwards, superstitious, backwater. I would be surprised if the "U" part of USA survives the century.
The one thing that keeps me going through the fall of the US is the knowledge that despite all, there are still lots of happy people in Russia and China. People live their lives under those single-party authoritarian regimes, and many of them are happy. Maybe I can be happy here, too.
“He gazed up at the enormous face. Forty years it had taken him to learn what kind of smile was hidden beneath the dark moustache. O cruel, needless misunderstanding! O stubborn, self-willed exile from the loving breast! Two gin-scented tears trickled down the sides of his nose. But it was all right, everything was all right, the struggle was finished. He had won the victory over himself. He loved Big Brother.”
Political party in power makes it an explicit goal to dismantle government agencies and privatize all regulations, safety, security, environmental protections.
Chaos ensues.
Average American - "This isn't about politics. Both sides are to blame. We must work together."
Unless people collectively get their heads out of their asses the situation isn't going to magically reverse itself.
Alex Stamos talked about this a bit on TWiT late last year:
"It's getting hard to not be conspiracy minded here. They closed CSRB, destroyed CISA. CISA has no confirmed director. This just adds to kind of a complete surrender at least on the cyber side. We are spectacularly poorly prepared right now for a cyber attack."
Hopefully there's still MAD (mutually assured destruction). That is, the US has (I presume) a rather formidable array of cyber offensive capabilities. Anyone thinking of cyber attacking the US might find that concerning - hopefully concerning enough that they decide that an attack isn't worth it.
I mean, I'd far rather that that US had both offensive capability and a solid defense. But the situation is not totally hopeless - or so I hope.
I've only really heard of cisa in terms of "fighting disinformation", which seemed more than a little dubious. Can someone speak to what their mission is and how effective they've been at it?
Or is this like the DHS where you just get to say that we haven't had any more 9/11s, so clearly the money and complete transformation of how we think about personal liberties was worth it?
Theoretically, it makes sense that we would need something like a cyber defense agency. Realistically, this doesn't seem like something the government (even at the best of times) would be capable of doing effectively.
Before its recent extension into the mis/disinformation (censorship) space, CISA was primarily focused on coordinating public/private response to cyber threats and distributing information about known vulnerabilities. It is the primary US sponsor of the CVE system, for instance. It also provides guidance regarding best practices to industry and government agencies.
By getting CISA involved in speech regulation, former directors made CISA into a political football, risking its core mission. (This actually happened during the first Trump admin, under a Trump appointee, but continued into the Biden administration.) There is no reason that an organization established to tackle cyber threats should be involved with regulating speech via third parties in NGOs and industry. None. Not even if that speech takes place “on the internet.”
This is a good thing. CISA was run by a bunch of BAH consultants that loved to push 8-9 digit cyber security software / license requirements to agencies with no thoughts on how to pay for it. Cyber security in federal is one big circle jerk. Cyber vendors pay into non-profits to write whitepapers why you need X, Y, Z software. This in turn was pushed by IT consultants from the major System Integrators, whom CIO's loved to bend the knee to because that was their near retirement career path. CISA would eventually push these as requirements, with even a bribe of "use our contract, we'll pay for year 1" but no idea how to pay for future years.
I work in a cabinet level agency running an $350M IT program. I'm good what I do, including cyber. We're too focused on paperwork compliance and vendor agents that provide little to no value for 8-9 digit annual costs.
Anonymous Account because I'd like to keep my job.
As an American taxpayer who has a twenty-five year decade long career in IT this concerns me. Doesn't surprise me in the least but concerns me. Yet you see this waste and take to HN instead of reporting the waste and abuse via channels such as whistleblowers?
I'm glad you're good at what you do, but to me, and this attitude of "I know this is an issue but I'm still gonna waste taxpayer funds as part of my job and perl-clutch on HN" is concerning.
Outside of your paycheck contributions and otherwise, that isn't your money friend.
This is how any large federally funded markets operate in the United States. Businesses pay into trade associations or lobbying groups, and they try to impact public policy to ultimately increase/decrease regulation or get funding in future years. This is just the IT version of that.
> This Isn't About Politics
> I'm a veteran. I served under both parties. I don't care which side of the aisle fixes this.
The idea that there are things entirely unpartisan or unpolitical is a polite fiction we can work with when things are somewhere around normal - usually even when things are pretty far from normal.
I get the army drilled this stance into you, but at some point the price the people pay for corruption includes their security.
It is, in fact, about politics.
I think you're technically right but missing what the guy is actually doing. When he says "this isn't about politics" he's not making some naive claim that governance exists outside of politics. He's saying "please don't retreat into the red team blue team thing here." And that's a legitimate move.
The word politics has basically split into two meanings that we swap between without noticing. There's the original sense, the art of navigating collective decisions, how we share power and resources. That version is unavoidable and actually kind of noble. Then there's what the word has come to mean in practice, which is identity-driven team sport. My side versus your side. Performance and signaling.
When you say "it is, in fact, about politics" you're technically correct in the first sense but you're activating the second sense, which is exactly the frame he's trying to get people out of. He's trying to create a space where people engage with the substance without immediately sorting into camps. That's valuable even if the distinction is a little artificial.
It's kind of a trap honestly. The escape hatch from tribal politics has itself become a political move, so you can always say "well actually that's political too." True, but not very useful if you're trying to get anywhere.
Oh i think you misunderstand. I know perfectly well what he's doing, and I am saying I understand. I know it works. Even when everything is not normal - collective decisions can be made.
I'm saying to consider if we've reached the point where the effects of political corruption is shaping reality beyond that point.
> I think you're technically right but missing what the guy is actually doing. When he says "this isn't about politics" he's not making some naive claim that governance exists outside of politics. He's saying "please don't retreat into the red team blue team thing here." And that's a legitimate move.
We've got a great term for the latter, and everyone is already familiar with it. Add the adjective "party". Done.
continuing off the tangent, "party" is a noun, not an adjective. In a construction "party politics", it functions _like_ an adjective, but it remains a noun.
Similarly, "computer" in "computer games" is a noun that modifies the meaning of the following noun. Modifying nouns like this always are in singular.
The Republican party won't change so long as they keep getting rewarded electorally. People respond to incentives, not to pleading.
To put it a different way, if America wants republicans to get good at collective decision making, they need to play team sports and vote democrats, repeatedly for at least 10 years. Probably longer, since that incompetence is so entrenched. There is no other way, and anyone who tries to be non-partisan is just wasting time.
But you should write that to the OP, they are the one who misuses the term "politics" in the 2nd sense. The answer to confusing terms is not a retreat from the original definition, but education. Otherwise you're opening doors to these political moves.
Politics used to mean diplomacy and work across multiple groups with differing but also overlapping incentive structures.
Not two “teams” beating each other over the head.
^ this is correct
Surely the reason why appeasement isn't working is that we just haven't appeased hard enough!
"Both sides" / "tribes bad" / "transcend the conflict" discourse is such cancer, because intentionally ignoring the most pertinent parameters of a conflict is not a neutral choice. When Donald Trump said he would end the Russia/Ukraine conflict on Day 1, we didn't fear that he was lying, we feared that he was serious because we all knew that the only way to actually do it would have been to force Ukrainian defeat. When your toddler is screaming because the smell of cooking has made him hungry but he has to wait, giving in to his demands is not conflict-transcending 3D chess, it's teaching your kid that tantrums are an effective tool. The same goes for politics.
It will have to get a lot of worse in order to get better. Voters have to be in a lot more pain to give the non-crazy party control to actually fix fundamental problems.
Note: I'm an independent, but the current administration is incompetent on an embarrassing level.
We're going to need to, at the very bare minimum, fix campaign finance before we are able to produce a party that will fight for a stable democracy.
Tbh, I don't see any way going back to democracy and rule of law is possible without completely rewriting our constitution.
> without completely rewriting our constitution.
there is no need to rewrite it, because it's fine. What's not fine is people not observing it, and defending it with their lives, and making sure that violations are actioned with penalties, social stigma and disdain.
I agree with you, but I don't see these things as possible. Maybe the D party will enact campaign finance rules if they got a super majority. Given gerrymandering I'm not sure that is ever possible though.
Look around at the politics of the majority of countries on the planet. Voters being in pain doesn't mean they suddenly start making the right choice. Quite the opposite in fact.
There's a long way to go on the path the USA is currently on. Ask anyone from India or Russia or Argentina or Egypt or Nigeria how democracy actually works.
Sometimes they do, but yes, I am worried about the flip side as well.
The electorate does give control but they get bored after a few years and want to wreck everything all over again. It's goldfish levels of political memory in this country.
It’s not just the incompetence, it’s the meanness. If this administration were simply incompetent, it would be bad but not alarming or scary. It’s the fact that they want to hurt a portion of the population that worries me greatly.
There have been competent Republican administrations. Take for example Eisenhower. Or Nixon who won the cold war with his China switch.
But the GOP turned into the MAGA cult.
I mean Eisenhower was the Republican President immediately leading up to LBJ signing the Civil Rights and Voting Rights Acts in 64-65 (i.e. the inflection point of the D/R "switch") and would realistically be considered a Democrat president:
- Accepted the New Deal
- Championed the Interstate Highway system (massive federal spending)
- Pushed for higher marginal tax rates
- Supported a regulated mixed economy
- Warned against the military-industrial complex.
A lot of effort under Biden was to make diinformation a big push and they offloaded work to third parties, so I'd be curious to know how many of the firings or resignations came from the government being pulled away from censorship in league with social media as opposed to losing harscore cybersecurity professionals. Makes me want to jump back on the cybersecurity bandwagon. I think the the CISA and NSA mandate for memory-safe software roadmap is good. I'm more of a SPARK 2014 fan than Rust, but I think by 2027, I'll shift to 30% focus on Rust and see where the government contracts go. I'm building a high-integrity secure, mostly formally verified automation and controls software for a state-of-the-art portable hoist able to function in aerospace that I am also co-engineering with my partner inventor.
> the government being pulled away from censorship in league with social media
The right sure said that a lot, but it repeatedly failed to materialize. The twitter files were especially embarrassing, where Elon alleged government censorship but his "detective" was forced to admit that it didn't exist. Oops!
> [@mtaibbi] Although several sources recalled hearing about a “general” warning from federal law enforcement that summer about possible foreign hacks, there’s no evidence - that I've seen - of any government involvement in the laptop story. In fact, that might have been the problem...
Contrast this to "we can do it the easy way or the hard way" from the current administration. Yikes!
The last government contracting I observed was in Swift and TypeScript, of all things.
> I get the army drilled this stance into you
Nah, this didn't come from there.
> And what's happening at CISA right now should terrify every American who depends on running water, electricity, and the ability to vote in free elections.
The answer is right at the beginning. Current administration has the explicit goal to not have free elections going forward. It has been stated plainly, on TV. The rest is collateral damage, and an attack on critical infrastructure will be a good excuse to invade the next country, declare state of emergency or outright war and get rid of elections completely.
"You will only have to vote once more. Then we'll fix it"
Apparently that's where you stopped reading. If you continue reading, with a little be of logical reasoning and comprehension, you will learn that Plankey has been nominated by Trump, has bipartisan support, and even that Trump started the CISA agency. The only thing holding it up are 2 republicans and 1 democrat over some contract that probably has something to do with their buddies getting some contract deal. This isn't about "this administration", it's about your everyday political favors behind closed doors that has been happening since governments have been a thing.
That doesn't account for the ~1,000 employees being gutted from the agency and leaving a maliciously incompetent acting director in place. Both of which are directly caused by the current admin and won't be remedied by Plankey getting a confirmation, possibly for years.
For what it’s worth CISA built upon previous work in the DHS (basically rebranded NPPD as CISA) which evolved from NCSD which itself merged NCS and other cybersecurity teams in the wake of 9/11. America has been doing cybersecurity longer than any other country I think but presenting a rebranding as somehow something Trump is leading the charge on is a weird take.
> Current administration has the explicit goal to not have free elections going forward.
Where do you get this from?
Some people have eyes and ears.
Vibes, gut feelings, a general understanding of the history of authoritarian movements. But no, let's wait and see if He goes all the way.
from the actual words said by the president???
No no no you don't understand, he was joking. You see, when trump says something I like it's earnest, but if he says something that makes me look bad then he's joking.
https://www.usatoday.com/story/news/politics/2025/10/25/trum...
https://www.huffpost.com/entry/donald-trump-laura-ingraham-f...
Repeated statements by Trump and his circle claiming he’ll run in 2028. Statements by Trump that his supporters won’t ever need to vote again. That little insurrection they tried on January 6th 2021. Their current weaponization and staffing of ICE by people with questionable backgrounds and morals and deploying them against their political enemies under the pretext of illegal immigration (Texas has a bigger problem than Wisconsin For what it’s worth). Constantly praising dictatorial leaders like Putin and Xi while threatening and talking shit about Democratic allies.
So whether or not metastasizes to that point, pretending like this concern has no grounding in actual actions taken and statements uttered is wild, because this playbook isn’t new and the intended direction seems more clear than not.
Hard agree with this and this matches what I’m hearing about the agency. That said, the failures start with Noem, DHS, and its approach to governing. Policies have been actively hostile to those working at the agency, messaging is prioritized over action, policies that make it harder to work overtime or telework or flex to the needs of actual problems, etc and that will likely continue under a new director.
We’ve torched cooperation, shown we cannot protect classified information - if one didn’t know better one would think it was on purpose - but in general incompetence typically reigns. They just don’t think the agency should exist after they said elections in 2020 were generally secure.
If one didn't know better one would think it's incompetence.
Should've made them do leetcode
> shown we cannot protect classified information
Extremely embarrassing that the current POTUS should be in prison specifically for his mishandling of classified information
Ever feel like these things are being burned down not just on purpose, but for the gains of someone else?
Well, yes, but that someone else doesn’t need to be a foreign adversary.
There is a certain type of mentality that just doesn’t believe that government should do anything, and that private enterprise will always have the solution.
Those people appear to be in control of all levers of power in the United States.
It's simpler than ideology about government vs. private enterprise. These are purely transactional people, looking out for what can benefit themselves. It's just about grabbing things for personal gain.
No these aren't no government types otherwise they'd be jan 6'ing every capitol when tariffs were imposed. These people are just trumpbots, there is no philosophy or consistency you will be able to find. They are not smart enough leastways to even in theory hold any philosophical position.
Real world evidence doesn't seem to validate this position.
For example - The ratio of government employees (including contractors) to US population is at an all time high[1], and the ratio of GDP to government expense is at an all time high[2].
It should be obvious if you have a profilgate printer priting dollars left and right, and the printer's controllers livelyhood depends on the printer working, workers will eventually lease printing to anyone willing to pay the controllers.
Thus, doesn't seem like a problem of wealthy people to me. You are always going to have wealthy people in any society. But it seems the fault is at having a printer, and letting people who aren't your neighbor, to control it.
I'm open minded in this being a "Chicken or egg" Problem. But I'd need to hear a compelling argument for it.
[1] https://www.brookings.edu/articles/the-true-size-of-governme...
[2] https://www.imf.org/external/datamapper/exp@FPP/USA
ze/l,dcg;klsd;fmg'sex WHATD. you need to learn how monetary policy works. there's nothing in your response worth correcting it's so wrong.
And completely ignores who is President and his explicit words.
But they seem to also believe in heavy-handed government intervention to prop up failing businesses. For example Trump's recent announcement that he'll require the military to buy coal power on long-term contracts:
https://arstechnica.com/science/2026/02/trumps-latest-plan-t...
So on the one hand they're saying government shouldn't do anything, but on the other hand they love having the government put its finger on the scales of the market.
The common thread that resolves this apparent conflict is, of course, billionaires. 100% of Republicans and ~60% of Democrats are in office primarily to serve at the whims of billionaires. They will pursue whatever policies will give more power to billionaires, consistency and hypocrisy are irrelevant.
"So on the one hand they're saying government shouldn't do anything, but on the other hand they love having the government put its finger on the scales of the market."
Rather: They don't want the government to impede capitalist interests (greed), so they're using the government to further their corruption and greed
You think they truly believe private enterprise is going to defend the country from cyberattacks?
I personally find the mentality truly not sane. So, why not? Absolutists appear to not think through a lot of things.
On top of that, there is the whole accelerationist ideology factor, which is also deeply insane to me.
That is basically the Republicans' entire existence at this point. They would rather blow it up/make it disfunction/burn in down than have a working government. They have proven so with actions/policy like their willingness to pile destructive levels of debt onto the nation in order leverage the damage to their political goal of destroying government.
https://en.wikipedia.org/wiki/Starve_the_beast
Each new fire is a distraction from the chaos created by the previous one.
It's a distraction only if people let themselves be distracted.
It's amazing what people will ignore to suit their prejudices. The Presidential cryptocurrency should have been the clearest signal that this was going to be all-grift, all of the time. I don't think any previous President would have been allowed to destroy half of the White House, either. The exact sort of thing that, if an "enemy" had did it, they would be demanding a war over.
You did get the memo from POTUS that loyalty is more important than intelligence, right?
Un-bias intelligence in this operation is not welcomed. One is told what is "factual truth" (not facts themselves) by those who operate out of Pennsylvania Avenue in DC.
If you're not blindly loyal and in line with the administration, then you'll be at risk of losing whatever role you have unless your loyalty is proven then you may receive some of that back based on how much you have demonstrated.
--
The problem in infosec in this world is not competence, it is cult of personality. This is why black t-shirt dislike black polo shirts not so secretly.
Yes, a thousand little petty warlords in waiting.
We're in an era of Disaster Capitalism. Some of the richest people have realized they've nearly extracted all the money they can gain on the current trajectory of nations and came to the conclusion they can make even more money if they destroy everything and then are the ones to rebuild society, their way.
Fallout's storyline from the live-action series, where Vault-Tec dropped the first nuke and started the apocalypse simply so they could wipe out the competition and rebuild later, is a little too on-the-nose.
Ya historically this doesn't traditionally work out for the rich instigators/accelerationist. idk maybe their bunkers are immune from having dirt shoved in the air intakes, either way it's not clear to me that they understand that the people they are trying to fuck over the hardest are the ones who know how to work all the industrial equipment and built the bunkers.
> CISA's own joint advisory confirmed that Volt Typhoon actors maintained access inside some victim environments for at least five years, using living-off-the-land techniques that make them nearly invisible to traditional security tools.
What are these living-off-the-land techniques?
According to CISA's joint advisory (AA24-038A), here's specifically how they stayed inside for 5 years: Valid credentials and stolen accounts. They repeatedly dumped NTDS.dit (the Active Directory database) from domain controllers to harvest every credential in the environment. In one confirmed case they extracted NTDS.dit from three domain controllers over a four-year period. They kept coming back to re-dump so they always had current, valid passwords. Only operated during normal business hours. They studied the victim's work patterns and only used compromised credentials when legitimate admins would be active, so authentication logs looked normal. Targeted log deletion. They deleted specific logs to cover their tracks. Routed traffic through compromised SOHO routers. Fortinet, Cisco RV320, Netgear, and other end-of-life home/small office routers. Made their traffic appear to originate from legitimate residential IPs, not foreign infrastructure. Zero malware. Literally none. They used only wmic, ntdsutil, netsh, PowerShell, cmd.exe, certutil, ldifde, net, and other native Windows tools. Nothing for an EDR to signature match against. Minimal activity between credential dumps. They got in, dumped creds, did light recon, then went silent. They weren't exfiltrating data. They were pre-positioning for future disruption. That silence is what made them invisible.
It's a term-of-art that means to use the tools that are already available on the target machine. So rather than shipping a custom binary/shellcode/etc which exfiltrates data or whatever, you string together existing powershell/unix/etc commands to do so. It's effective because it's hard to distinguish these from legitimate processes.
Traditional malware relies on delivery of “payload” with a custom program and data, and/or establishing persistence by installing files to local storage.
These behaviors generate distinctive evidence of compromise in-progress, active, and after the fact, so your AV software or forensics team can identify it.
“Living off the Land” means minimizing or eliminating the payloads and the system modifications, and leveraging anything and everything that is found already existing in the system.
Obviously while presenting extra logistical challenges, LOL can be stealthier and easier to deploy on your target systems.
I don't know about this specific case, but there is a list of well-known techniques: https://lolbas-project.github.io/
Funny enough, CISA made a joint advisory on it: https://www.cisa.gov/sites/default/files/2025-03/Joint-Guida...
My understanding is you could write an article like this for every agency right now. Rebuilding is going to be very expensive assuming we get there.
We won't. This is what the end of empire looks like. The US is going to end up a backwards, superstitious, backwater. I would be surprised if the "U" part of USA survives the century.
The one thing that keeps me going through the fall of the US is the knowledge that despite all, there are still lots of happy people in Russia and China. People live their lives under those single-party authoritarian regimes, and many of them are happy. Maybe I can be happy here, too.
I think that's exactly how Russia operates, sadly. Vodka helps, I guess.
“He gazed up at the enormous face. Forty years it had taken him to learn what kind of smile was hidden beneath the dark moustache. O cruel, needless misunderstanding! O stubborn, self-willed exile from the loving breast! Two gin-scented tears trickled down the sides of his nose. But it was all right, everything was all right, the struggle was finished. He had won the victory over himself. He loved Big Brother.”
Political party in power makes it an explicit goal to dismantle government agencies and privatize all regulations, safety, security, environmental protections.
Chaos ensues.
Average American - "This isn't about politics. Both sides are to blame. We must work together."
Unless people collectively get their heads out of their asses the situation isn't going to magically reverse itself.
Alex Stamos talked about this a bit on TWiT late last year:
https://twit.tv/shows/this-week-in-tech/episodes/1056?autost..."We are spectacularly poorly prepared right now for a cyber attack."
Then we will deserve it. (Sad to say.)
Hopefully there's still MAD (mutually assured destruction). That is, the US has (I presume) a rather formidable array of cyber offensive capabilities. Anyone thinking of cyber attacking the US might find that concerning - hopefully concerning enough that they decide that an attack isn't worth it.
I mean, I'd far rather that that US had both offensive capability and a solid defense. But the situation is not totally hopeless - or so I hope.
And a cyberattack would justify another war and extra powers of emergency. Perfect!
I've only really heard of cisa in terms of "fighting disinformation", which seemed more than a little dubious. Can someone speak to what their mission is and how effective they've been at it?
Or is this like the DHS where you just get to say that we haven't had any more 9/11s, so clearly the money and complete transformation of how we think about personal liberties was worth it?
Theoretically, it makes sense that we would need something like a cyber defense agency. Realistically, this doesn't seem like something the government (even at the best of times) would be capable of doing effectively.
Before its recent extension into the mis/disinformation (censorship) space, CISA was primarily focused on coordinating public/private response to cyber threats and distributing information about known vulnerabilities. It is the primary US sponsor of the CVE system, for instance. It also provides guidance regarding best practices to industry and government agencies.
By getting CISA involved in speech regulation, former directors made CISA into a political football, risking its core mission. (This actually happened during the first Trump admin, under a Trump appointee, but continued into the Biden administration.) There is no reason that an organization established to tackle cyber threats should be involved with regulating speech via third parties in NGOs and industry. None. Not even if that speech takes place “on the internet.”
This is a good thing. CISA was run by a bunch of BAH consultants that loved to push 8-9 digit cyber security software / license requirements to agencies with no thoughts on how to pay for it. Cyber security in federal is one big circle jerk. Cyber vendors pay into non-profits to write whitepapers why you need X, Y, Z software. This in turn was pushed by IT consultants from the major System Integrators, whom CIO's loved to bend the knee to because that was their near retirement career path. CISA would eventually push these as requirements, with even a bribe of "use our contract, we'll pay for year 1" but no idea how to pay for future years.
I work in a cabinet level agency running an $350M IT program. I'm good what I do, including cyber. We're too focused on paperwork compliance and vendor agents that provide little to no value for 8-9 digit annual costs.
Anonymous Account because I'd like to keep my job.
As an American taxpayer who has a twenty-five year decade long career in IT this concerns me. Doesn't surprise me in the least but concerns me. Yet you see this waste and take to HN instead of reporting the waste and abuse via channels such as whistleblowers?
I'm glad you're good at what you do, but to me, and this attitude of "I know this is an issue but I'm still gonna waste taxpayer funds as part of my job and perl-clutch on HN" is concerning.
Outside of your paycheck contributions and otherwise, that isn't your money friend.
This is how any large federally funded markets operate in the United States. Businesses pay into trade associations or lobbying groups, and they try to impact public policy to ultimately increase/decrease regulation or get funding in future years. This is just the IT version of that.
I live and work in the DMV. I get it. Doesn't change my point.
"America [...] Is Burning Down and Nobody's Coming to Put It Out [because it decided to do so to itself]"
There, fixed the title with some subbtle edits. /s