SN 1031: How Salt Typhoon Gets In

Beep boop - this is a robot. A new show has been posted to TWiT…

What are your thoughts about today’s show? We’d love to hear from you!

Steve was talking about how can we make companies keep their software up to date?

The EU is changing the playing field in this respect. With the NIS2 requirements (critical infrastructure), the CEO is personally responsible for ensuring that their company is fulfilling the requirements - enabling MFA where available, systems are updated, systems that can’t be updated are isolated etc.

Likewise, the employees working alone in the factory (they go to a remote area of the factory or the are is highly automated and only needs an overseer, for example), if they have an accident, they need to have a PNA (Personal Notfall-Anlage - Personal emergency alarm system) which automatically calls for help if they fall and don’t respond or if they press the emergency button. If an employee is seriously injured or dies and they don’t have a PNA, the CEO, site manager and, I believe, the shift manage are all personally liable, so could face manslaughter charges.