Crisis situations like this one can induce the fog-of-war and lead to tradeoffs during remediation. While we may not know the full extent of the damage for some time, as is always the case in an event like this, we need to stop the bleeding. We must not afford the adversary an easy path to more information.
The passage of the IoT Cybersecurity Improvement Act of 2020 means that NIST will start to address the gap in post-market guidance to help organizations adequately address newly discovered vulnerabilities in devices already on their networks.
The time has come for Congress to regulate security in the software industry by mandating minimal best practices for software companies selling software products or services in America.