> One of the goals of the National Security Agency (NSA) is to advance the state of cybersecurity
Don't forget the NSA does both offense and defense. More so offense from what I've gathered. Advancing 'the state of cybersecurity' whilst also using 0day they refuse to alert others of / patch / disclose, and use 0day for themselves only[0]
To be fair, a lot of the people involved in the offensive side find their forever homes in defensive cybersecurity orgs in the private sector. If you take a long view of it, the offensive/defensive split is a lot less ominous.
It's important to remember this because those two subgroups are often in contention with one another. This is why you see high ranking members of the NSA (or other groups) advocating for strong encryption as well as high ranking members advocating against encryption. It is always clear who is who by what they are advocating for. But we definitely have a bias for hearing red team instead of blue team. I hope that shifts, because blue team is far more important (and a substantially more difficult problem).
Data diodes are a relatively cheap and foolproof technology to use, it shouldn't be extremely niche, it should be widely deployed. The ability to monitor a SCADA system externally with ZERO chance of control ingress is a powerful tool.
Data diodes are widely deployed in critical infrastructure SCADA systems and widely understood by practitioners in that field - that’s the niche where they fit really well.
That still doesn’t have anything to do with a cybersecurity curriculum meant for a general audience being somehow “not good” for failing to cover them.
Don't forget the NSA does both offense and defense. More so offense from what I've gathered. Advancing 'the state of cybersecurity' whilst also using 0day they refuse to alert others of / patch / disclose, and use 0day for themselves only[0]
[0] https://en.wikipedia.org/wiki/NOBUS