I came across this article today through the LinkedIn group for security folks. What is interesting to me is the second page where folks are proactively seeking the government to Penetration Test their networks to be at least partially shielded from future actions.
I love and hate this idea.
I love that it’s proactive. There are PLENTY of people out there who are in the SCADA arena who minimize the potential of hacktivists. I’ve seen and heard it with my own eyes and ears (dual nic’d machines to both SCADA and business networks, etc). They don’t get that they don’t get it – which is frustrating. And it’s harder to tell a governmental agency to shove off.
But I hate that it’s the government. Not that as a country our government shouldn’t protect our critical infrastructure. But I don’t think that the governmental oversight and protection is the best layer of security. I think there should be some sort of referral set up to have people go talk to a security company and THEN have the government scan them. That way you weed out both crappy security companies and bad security practices.