top of page

The Case for a US Red Team Bureau

Writer's picture: Casey FoxCasey Fox

Government expansion isn’t a popular view right now, but this one makes sense. CISA does great work with education, policies, procedures, tooling, etc., and while their scope of ethical hacking for critical infrastructure is important, it’s far too limited. We need a better way of auditing cybersecurity for US-based business instead of relying on foreign and domestic adversaries. We all know it’s important and it’s a problem, but it really hits home when it’s your kid’s data.


The PowerSchool Breach


I don’t have any info on how the PowerSchool breach occurred. Education isn’t listed as one of the 16 officially designated critical infrastructure sectors, but it’s possible it could be indirectly included due to public safety. It’s also possible that the hackers exploited a weakness through recon of public-facing infrastructure, but if I were betting, it would be on someone clicking a malicious link on an email that gave hackers a foothold.


A Complex Web of Vendors


While PowerSchool may have extensive cyber protocols, they likely work with many vendors that do not. Those vendors work with their vendors and so on and so on. Cybersecurity is hard and, realistically, if a hacker wants in bad enough, it’s only a matter of time and money. It’s typically a business decision to see if the ROI makes sense.


Wouldn’t it be better if we were at least the ones doing the hacking? The level of effort would be pretty low to build a semi-autonomous vulnerability scanner on US IPs to exploit vulnerabilities and weaknesses. You’d have to identify targets, but how is this any different than a financial audit from the IRS? Maybe the Red Team Bureau pushes their findings to the IRS for remediation since they already have the infrastructure? Maybe your business gets a tax credit for a healthy cyber audit or a credit after successful remediation?


Shared Responsibility


The point is, it’s too big of a problem and it’s too complex to expect that everyone out there trying to earn a living is going to have the time and resources necessary to keep up with the arms race. This is a place where we need to take shared responsibility. When something like this happens, we all pay the price, even the ones too young to pay.

2 views0 comments

Recent Posts

See All

Your Shore

Introducing 'Your Shore': A New Era in IT Delivery Solutions In today's rapidly evolving tech landscape, businesses face constant...

Comments


bottom of page