I've worked in what is now called cybersecurity my entire career, the last 10
years (before retiring late in 2023) at SANS, a large cybersecurity training
and information company. I'm still an editor on the bi-weekly newsletter where
working consultants/trainers ccomment on news items. Below is what ran Tuesday
- the ARRL piece is towards the end:
NewsBites Volume XXVI – Issue 40 | SANS NewsBites
Note the last comment doesn't quite understand what the ARRL is...
73 John K3TN
Editor's Note
As a ham radio operator (K3TN) this one hit home! The ARRL hasn't put out much
information, but many systems remain unavailable a full week after the
incident. This will be a good case study for the IT and IT security problems
small/medium-sized non-profit organizations face with small IT staffs.
Pressures to meet demands for new services often consume staff and budget that
are needed to assure reliability and security (today's buzzword is
'resiliency') of existing crown jewel services. Another common problem: CEOs
and Boards need to have it driven home that security through obscurity ('Who
would attack us??') doesn't exist on the internet any more than it exists in
Tornado Alley.
John Pescatore
ARRL is saying they don't believe the member database is affected. And while
the information is public, much is available from the FCC, that database
represents an authoritative connection of that information to the member. If
you're an ARRL member, be on the watch for phishing emails leveraging your
information.
Lee Neely
The ARRL is the communication system of last resort in the event of a "Black
Sky" event and may be required to coordinate a cold start of the grid. However,
it is highly resilient, and this application is not a single point of failure.
William Hugh Murray
_______________________________________________
CQ-Contest mailing list
CQ-Contest@contesting.com
http://lists.contesting.com/mailman/listinfo/cq-contest
|