AWS and starlink have exposure of risk. You would think DHS work here went to net beneficial outcomes for both of them, and the wider telco sector. (Assuming you meant the tech sector)
What risk? There isn’t a consumer liability, and they can control the cybersecurity risk-reward balance they’re exposed to. From their perspective, oversight is the liability.
A good rule of thumb, at least for the next couple of months, is that any rules and regulations that have been criticised by the billionaires, banks or oil & gas industry are likely to be shredded. (The “deep state” stuff is mostly whoever has the king’s ear sort of politics. It’s unclear that had any influence here.)
I get what youre saying but Im not sure absolute liability is quite right. Im thinking of SBOM directives, or industry network security requirements for bgp announcements, for example. Amazon and, I assume, some of the other mega corps are AGES ahead of industry at large. Like huge multi year investments so that theyre plausibly close to complying with secure provenance, review, build tracking, and artifact integrity reporting from initial CR to request processing for everything that touches customer or business data. My impression is that the industry generally isnt any further than tracking some package names and version strings and calling it SBOM. If the new directives can preclude a large number of contract competitors that seems like a huge win.
Or, maybe Im thinking more of advantageous requirements/regulations than oversight per se.
Arent they differentiating only _if_ they required to get federal and dod money? The coordination definitely seems to be more of amzn (and similar) employees providing technical expertise to congress and regulators. They certainly take deployments and internal security seriously, but it doesnt seem to be monetizable outside of the contract requirements. Or maybe im missing your point?
What OP is saying is instead of having some sort of legal liability attached or outside directives being handed to them, they would rather implement on their own or push their own standards.
A notable example is SEC mandates on breach disclosures, which will most likely be dead now. Those were a major forcing function to make companies realize security is important. Otherwise, paying a ransom and doing the bare minimum to not get cut by Chubbs or AXA is the norm.
I agree with JumpCriscross on his read of this situation. It ain't great. At least I'm well off enough to weather the negative impacted by a lot of the chaos. Sucks for everyone else.
> The coordination definitely seems to be more of amzn (and similar) employees providing technical expertise to congress and regulators
It's bidirectional. CISA, FBI, and others often get intel or actively take down a botnet or offensive actor, and will percolate this information to security teams at larger organizations before percolating en masse.
For example, when this one APM/data collection tool that almost every DevOps team ik was using was pwned early last year, CISA notified CISOs days before they officially announced it in the news.
