It's a performative announcement - most American and Israeli cybersecurity vendors either don't sell in China or white label a Chinese product for the Chinese market.

I know 2 companies in that list that have done that very thing because otherwise it would have put their FedRAMP and CMMC pipelines at risk.

Every govt is. But whoever has most power is most corrupted.

"Murder is bad!"

"So rape isn't?!"

Come on.

Or the US in particular that applies a lot of resources into willfully keeping every ICS and SCADA out there insecure, including their own.

This. Also do not underestimate developing countries internal security budgets. Most middle income countries can now afford DACH sized cybersecurity procurement deals.

There's also great potential to build misattribution in. Just pause between combining the attacks from the Internet and renaming variables to watch a Dolph Lundgren movie.

Yes, you're missing that if you mess with the power grid the US will go and kinetically strike back (read: bomb your country) or attack you with its own cyber warfare capabilities, unlike the EU. That's why the EU is experiencing cyber attacks and cyber warfare with clear culpability from Russia, but is unable to do much about it besides give Ukraine more weapons. If Russia launched a cyber attack and shut down JFK the way it did Heathrow, the US would actually do something about it even with all the Trump is a Russian agent stuff aside.

> Let's hope those chicken never come home to roost.

Bare minimum it gives chinese tech suppliers a great pitch to convince buyers to choose their products over US suppliers. Even if theirs are also full of backdoors, at least they have no history of taking advantage of them to kidnap heads of state far away.

Good point. It's easier to say you got hacked by nation state actors than to tell your boss you accidentally screwed up a major system with no way to recover. It's not like 99% of the management could tell the difference.

In the 2019 book "Sandworm", which discusses cyber warfare against infrastructure like this, but between Russia and Ukraine, the author begs the question in an interview with a US military/intelligence official,

"why doesn't the US go after these hackers and designate targeting civilian infrastructure as a crime?"

To which the response was essentially "The US would like to reserve those types of cyber attacks for their own uses"

These quotes are very loose, I read it last year, but essentially, the US didn't make a stink about older grid attacks in order to save face when the US does it.

Additionally, much of VZ's difficulty was due to the massive sanctions against the nation. Sanctions are effectively attacks on a nation's citizens to pressure the government. Disabling power infrastructure is absolutely in-line with the motives of sanctions and embargos.

It happened to 90s systems which were used in the 2000s so you are still technically correct ;)

US cyber capabilities have an edge because they can analyze all of our data stored with US tech companies and they have interception points on all major internet cables.

Their human intelligence is much better prepared to "convince" someone to act against their own interest if they can look at your last ten years of communication, family pictures, and web browsing history before they even meet you.

Imagine working in a foreign country where death penalty is applied to certain crimes, like blasphemy or homosexuality. They just need to find one person in the target organization who has a secret twitter account that talked badly about god and then they hit them up and tell them to plug in a certain USB stick to a certain system. Cyber operation succeeded because they have a shell.

> India has neither the ability nor the desire to attack the US.

Extraordinarily wrong on the first part.

Some countries have even outsourced some of their cyberattack capability to Indian companies in the past, and not for cost reasons.