I've actually worked in govt systems. If you think the whole endless threats of jail make for more secure systems you are truly clueless.
These systems are RIDDLED with the WORST outdated crap you can imagine. Absolute insane hoop jumping so plenty of pressure to work around security just to get jobs done (seriously - start with the help desk if you want access - they are so used to password resets the procedures become a joke - literally - what's the username and that's it, because if you have thousands of folks on 30 day password rotations with insane complexity all you do is password resets endlessly). Password sharing can also be crazy so passwords float all over.
The govt has had it's top stuff leaked. Office of personnel management leaked insanely sensitive stuff. They contract with the WORST folks in security. It's really crazy.
Google has never asked me to rotate my password. I have non-SMS two factor authentication options, they do pretty sophisticated rate and geo monitoring so you are not annoyed but pretty secure.
Cyberattacks, mechanical failures, weather disasters, meteor strikes, terrorist bombs, stupid construction workers ALL could affect this pipeline. People on HN have no risk perspective. Make the system resilient to a proactive few day outage. Why does this system have to run 365 / 24 / 7? Have you mitigated EVERY possible issue - including disgruntled employees? No - then instead of over doing one corner, design some give in the system.
I want to add that the physical limits of how the design is done is as much as corruption/stupidity.
By physical limits I mean us, the wet ware in the middle of all this. These systems can be designed years if not decades before they are actually brought online. By simple temporal placement they get the materials and techniques of that time span. By the time these things are ageing out of the system they will have some old tech on them.
These systems are RIDDLED with the WORST outdated crap you can imagine. Absolute insane hoop jumping so plenty of pressure to work around security just to get jobs done (seriously - start with the help desk if you want access - they are so used to password resets the procedures become a joke - literally - what's the username and that's it, because if you have thousands of folks on 30 day password rotations with insane complexity all you do is password resets endlessly). Password sharing can also be crazy so passwords float all over.
The govt has had it's top stuff leaked. Office of personnel management leaked insanely sensitive stuff. They contract with the WORST folks in security. It's really crazy.
Google has never asked me to rotate my password. I have non-SMS two factor authentication options, they do pretty sophisticated rate and geo monitoring so you are not annoyed but pretty secure.
Cyberattacks, mechanical failures, weather disasters, meteor strikes, terrorist bombs, stupid construction workers ALL could affect this pipeline. People on HN have no risk perspective. Make the system resilient to a proactive few day outage. Why does this system have to run 365 / 24 / 7? Have you mitigated EVERY possible issue - including disgruntled employees? No - then instead of over doing one corner, design some give in the system.