I think the question this raises is why critical systems like that have unrestricted 3rd party access and are open to being bricked remotely. And furthermore, why safety critical gear has literally zero backup options to use in case of an e.g. EMP, power loss, or any other disruption. If you are in charge of a system where it crashing means that people will die, you are a complete moron to not provide multiple alternatives in such a case and should be held criminally liable for your negligence.
Agreed on all points, but if we're going to start expecting people to do that kind of diligence, re: fail-safes and such (and we should), then we're going to have to stop stretching people as thin as we tend to, and we're going to have to give them more autonomy than we tend to.
Like the kind of autonomy that let's them uninstall Crowdstrike. Because how can you be responsible for a system which at any time could start running different code.
What I don't get why nobody questions how's OS that needs all third-party shit to function and be compliant, gets into critical paths in the first place??
