The unfortunate thing is that I think the cost analyst end of this makes it cheaper just to pay it out vs paying staff or a bigger staff to keep it from happening...plus that staff has to be 99-100% effective, but hackers only have to be successful once to get what they want.
The only thing I have going for me is that all my systems are isolated/stand alone and most of the platforms are civilian based, so the criteria isn't as stringent as say an F-18 or E-2 nor is it classified.
But on the flipside, I do have to deal with people who authorize my stuff that can't comprehend that something doesn't touch a network or the internet either and it takes a ton of paperwork to do things, but we thankfully have a good handle on that so we don't have reinvent the wheel all the time.
Well I requested a copy of my build sheet and the service advisor, sales manager, salesman and sales manager all looked at me like I was asking for the arc of the covenant and had zero idea of what I was asking for. Are build sheets a thing of the past? Am I asking for the wrong thing? They used to be available through etis but now that has been decommissioned. Do they still exist and if so what do I ask for or how do I steer them I. The right direction. They just keep wanting to give me a copy of the window sticker.
You have my respect. I’ve worked with our security group testing/resolving security vulnerabilities. I could not do that as my primary job. It’s way too stressful.