George Kamide

is there to enable the farm also makes it vulnerable to the food supply stuff. And that was even before I was in cyber. But I understood that software dependency and that vulnerability. And also, yeah, I think just the I don't know if transparency is the right word, but like There's so many layers in it. And I think many of people who occupy different layers can't see through to the other one.

is there to enable the farm also makes it vulnerable to the food supply stuff. And that was even before I was in cyber. But I understood that software dependency and that vulnerability. And also, yeah, I think just the I don't know if transparency is the right word, but like There's so many layers in it. And I think many of people who occupy different layers can't see through to the other one.

Right. So they're operating kind of in an information vacuum and like, I'm just going to look my thing over here and really not consider the implications downstream. But I think if we can get to models where there's more information sharing, you may not have. something to do with it today, but there's maybe information in the system that can be used later.

Right. So they're operating kind of in an information vacuum and like, I'm just going to look my thing over here and really not consider the implications downstream. But I think if we can get to models where there's more information sharing, you may not have. something to do with it today, but there's maybe information in the system that can be used later.

So, for example, you know, NASA maintains a third party database where pilots and airlines can anonymously report errors and misconfigurations and problems and accidents. And others can learn from that. And every year that data is collated into like updated guidance for pilots. Right. So I just think that is a very powerful idea. The ability to basically show your work and your mistakes.

So, for example, you know, NASA maintains a third party database where pilots and airlines can anonymously report errors and misconfigurations and problems and accidents. And others can learn from that. And every year that data is collated into like updated guidance for pilots. Right. So I just think that is a very powerful idea. The ability to basically show your work and your mistakes.

Because in Cyberland, a breach is going to hit a headline. So and so lost all this stuff. Turns out an S3 bucket was left open to the Internet. Or so-and-so taken for a ride because of the move at file transfer exploit. Okay. And then like maybe two weeks later, we see in the popular media another thing hit by ransomware.

Because in Cyberland, a breach is going to hit a headline. So and so lost all this stuff. Turns out an S3 bucket was left open to the Internet. Or so-and-so taken for a ride because of the move at file transfer exploit. Okay. And then like maybe two weeks later, we see in the popular media another thing hit by ransomware.

If we dig in, as people who work in cyber will see, it was the same vulnerability or the same exploit. But I feel like if people could catch something, because they're always near misses in cyber. For every headline, there are probably 10 instances where there was an oh shit moment and they caught it before it was a problem. Either it was a vulnerability or a misconfiguration.

If we dig in, as people who work in cyber will see, it was the same vulnerability or the same exploit. But I feel like if people could catch something, because they're always near misses in cyber. For every headline, there are probably 10 instances where there was an oh shit moment and they caught it before it was a problem. Either it was a vulnerability or a misconfiguration.

But there's so much shame in cyber and people are so afraid to talk about those mistakes that withholding that I think is keeping us less safe overall.

But there's so much shame in cyber and people are so afraid to talk about those mistakes that withholding that I think is keeping us less safe overall.

Whereas if somebody could feel comfortable enough to report like this happened and we kind of have intelligence sharing through the ISACs, but I don't know of a mechanism where people are publicly sharing, and it should be anonymous, problematic settings, configurations, mistakes.

Whereas if somebody could feel comfortable enough to report like this happened and we kind of have intelligence sharing through the ISACs, but I don't know of a mechanism where people are publicly sharing, and it should be anonymous, problematic settings, configurations, mistakes.

overlapping tool sets, whatever was the problem so that other people can learn from that and that we don't have multiple casualties because of the same issue. And I think, for example, if we had that in the food supply, it would actually not only be a breadth issue, it would be a depth issue, right? You could have people talking about software issues in processing like OT, ICS instances.

overlapping tool sets, whatever was the problem so that other people can learn from that and that we don't have multiple casualties because of the same issue. And I think, for example, if we had that in the food supply, it would actually not only be a breadth issue, it would be a depth issue, right? You could have people talking about software issues in processing like OT, ICS instances.

It could also be, who knows, like just the billing software, right? That's what a lot of ransomware just hits that operational part of the business. Anyway, I just think because we're operating in opaque layers, it gets harder and harder for us to understand like where we could do better, essentially.

It could also be, who knows, like just the billing software, right? That's what a lot of ransomware just hits that operational part of the business. Anyway, I just think because we're operating in opaque layers, it gets harder and harder for us to understand like where we could do better, essentially.

You had pointed out to me, or I think you'd said it to me, that we have more traceability and information in a barcode, like on the back of a pack of Oreos, than we do in our standard supply chain of software.

You had pointed out to me, or I think you'd said it to me, that we have more traceability and information in a barcode, like on the back of a pack of Oreos, than we do in our standard supply chain of software.