[CQ-Contest] ARRL contests results site down

[jpescatore at aol.com]

I've worked in what is now called cybersecurity my entire career, the last 10 years (before retiring late in 2023) at SANS, a large cybersecurity training and information company. I'm still an editor on the bi-weekly newsletter where working consultants/trainers ccomment on news items. Below is what ran Tuesday - the ARRL piece is towards the end:
 NewsBites Volume XXVI – Issue 40 | SANS NewsBites
Note the last comment doesn't quite understand what the ARRL is...
73 John K3TN

Editor's Note

As a ham radio operator (K3TN) this one hit home! The ARRL hasn't put out much information, but many systems remain unavailable a full week after the incident. This will be a good case study for the IT and IT security problems small/medium-sized non-profit organizations face with small IT staffs. Pressures to meet demands for new services often consume staff and budget that are needed to assure reliability and security (today's buzzword is 'resiliency') of existing crown jewel services. Another common problem: CEOs and Boards need to have it driven home that security through obscurity ('Who would attack us??') doesn't exist on the internet any more than it exists in Tornado Alley.


John Pescatore

ARRL is saying they don't believe the member database is affected. And while the information is public, much is available from the FCC, that database represents an authoritative connection of that information to the member. If you're an ARRL member, be on the watch for phishing emails leveraging your information.


Lee Neely

The ARRL is the communication system of last resort in the event of a "Black Sky" event and may be required to coordinate a cold start of the grid. However, it is highly resilient, and this application is not a single point of failure.


William Hugh Murray