governance

Drift Protocol Lost $285M Because Two People Signed the Wrong Thing

John Z Black Apr 3, 2026

Incidents & Breaches #defi #drift-protocol #solana #hack #cryptocurrency #governance

Attackers social-engineered two multisig signers and used Solana's durable nonce feature to pre-sign transactions that drained Drift Protocol. No code exploit needed.

DOGE Sent a Lawyer With No Nuclear Experience to Run NRC Meetings. He Dismissed Safety Concerns.

John Z Black Mar 23, 2026

Policy, Law & Governance #doge #nrc #nuclear-safety #governance #regulatory #policy

A 31-year-old DOGE-placed lawyer with zero nuclear background was chairing technical meetings at the Nuclear Regulatory Commission and reportedly dismissing staff safety concerns -- at exactly the wrong moment.

Robots Are Moving Into Sensitive Environments. Security Gets Decided at Procurement.

John Z Black Mar 19, 2026

Security Operations & Resilience #robotics #procurement #cyber-physical #supply-chain #civil-liberties #enterprise-security #governance

U.S. robotics firms are pushing Congress for procurement barriers against Chinese suppliers. Robot dogs are already patrolling data centers. The security posture is decided before install day, during sourcing and contract language.

FedRAMP Says Authorized. That Doesn't Mean Enforced.

John Z Black Mar 19, 2026

Policy, Law & Governance #fedramp #cloud-assurance #cisa #governance #public-sector-security #resilience #oversight

ProPublica raises questions about major cloud authorizations. Congress pressed on CISA staffing. Post-incident recovery data shows uneven performance long after disclosure. Compliance and enforcement capacity are not the same thing.

FedRAMP's Trust Gap: When Technical Warnings Lose to Procurement Momentum

John Z Black Mar 18, 2026

Policy, Law & Governance #fedramp #cloud-security #governance #procurement #assurance #public-sector #risk-management

Federal cyber experts reportedly called Microsoft's cloud a 'pile of shit' -- and approved it anyway. That's not just a Microsoft story. It's a story about what certification badges actually mean.

Federal Cyber Reality Check: Capacity, Coordination, and Confidence Are Out of Sync

John Z Black Mar 18, 2026

Policy, Law & Governance #cisa #dhs #critical-infrastructure #governance #policy #incident-response #federal-cyber

Staffing gaps, fuzzy lead-agency roles, and public messaging that doesn't always match operational uncertainty -- the layers of federal cyber aren't running in sync right now.

Breach Disclosure Lag Is Becoming the Real Story in Financial Supply Chains

John Z Black Mar 18, 2026

Incidents & Breaches #breach #financial-services #third-party-risk #disclosure #ransomware #governance #incident-response

The Marquis breach started with a ransomware attack. The damage is still accumulating months later -- not because of what happened technically, but because of how disclosure was handled.

Four Major Companies Still Won't Talk About the Oracle EBS Breach

John Z Black Mar 17, 2026

Policy, Law & Governance #oracle #cl0p #breach #disclosure #governance #sec #enterprise-risk

Broadcom, Bechtel, Estee Lauder, and Abbott Technologies got named in the Cl0p Oracle EBS breach. None have said a word. The silence is becoming its own problem.