Well said. And why I may be slightly less “cynical” than you are regarding futility of efforts to improve “program maturity” and deploy “zero trust architectures,” I fully agree that “In short, I think our community needs to organize and plan for a time when a coordinated effort to influence policy makers may bear fruit. We need to think about what sorts of triggering events might kick off such a campaign, and work across institutions.” But to inspire this type of participation and solidarity across the community would likely require ability to first concretely and convincingly define actual risks (impact and likelihood) - especially at a time when research and education face so many risks.
I'm on the fence with this - one one hand having that risk assessment is helpful, esp. when making the case to the Powers That Be. On the other, the evidence of risk is overwhelming and in our faces daily, i.e., the endless stream of compromises that fill our news feeds. Yet rarely, if ever, are the vendors who put these flawed products out held accountable, rather, we are blamed for not addressing them fast enough. The supply chain issues cuts across domains, from universities, to the DIB, to the major vendors. I fear what I'm calling 'supply chain weaknesses' has become so common that we don't see it anymore. But we also don't collectively nor consistently call it what it is, flawed products.
Well said. And why I may be slightly less “cynical” than you are regarding futility of efforts to improve “program maturity” and deploy “zero trust architectures,” I fully agree that “In short, I think our community needs to organize and plan for a time when a coordinated effort to influence policy makers may bear fruit. We need to think about what sorts of triggering events might kick off such a campaign, and work across institutions.” But to inspire this type of participation and solidarity across the community would likely require ability to first concretely and convincingly define actual risks (impact and likelihood) - especially at a time when research and education face so many risks.
I'm on the fence with this - one one hand having that risk assessment is helpful, esp. when making the case to the Powers That Be. On the other, the evidence of risk is overwhelming and in our faces daily, i.e., the endless stream of compromises that fill our news feeds. Yet rarely, if ever, are the vendors who put these flawed products out held accountable, rather, we are blamed for not addressing them fast enough. The supply chain issues cuts across domains, from universities, to the DIB, to the major vendors. I fear what I'm calling 'supply chain weaknesses' has become so common that we don't see it anymore. But we also don't collectively nor consistently call it what it is, flawed products.