'Repent Harlequin', said the Tick-Tock Man or looking at a Nitro Zeus level future on the Empire of the Clouds. :-o }:-]

1) If your organisation is entirely or fundamentally or massively dependent on the ''cloud' or critical parts thereof, you may wish to game survival in the possible 'hunger games'.

Why? Clouds can be wonderfully efficient, easy, opex replacement for capex, etc... etc.. but they can also form a chokepoint, a 'fatal funnel',,,

It is phunney how the internet was originally designed to be a resilient and distributed network to survive nuclear attack,,, and now is a highly integrated and interdependent system with systemic risk to failure and attack.

Nitro Zeus level elements seem to be designed to shut down a nation-state by cyberwr means.

How you may ask? Well, "they" are not going to tell us, but the means may include:

Systemic weakness in design and operation of IT and high tech building blvcks,, e.g. Juniper operating systems, KRACK weakness in WPA2, EC and RSA encryption deliberate weakness, designed in backdoors and zero days, fundamental flaws in security of any and every blinky magic box before it leaves the factory, operational weakness in software (devOps for one and no secdevOps ain't gonna fix that ;) :D )

Chip level malware, and speciifically fior the empires of the clouds,, be it aws, google, azure, oracle, ibm, etc... etc... XDoS (coined by DARPA)/DDoS. :)

This also includes exploit of things like full 'hahvad' architectures, firmware and software updatges (Cleaner ennywun?) , override ISR of antivirus, anti malware, siems, machine larnings, DNS, DDE, DLLs, DKIM, DMARC, DeeDeeDee and DummDummDumm.

Already happening in energy and utilities and telcos and financials,,, and other non critical infrastructure operations as well in addition.

We ren't going to patch our way out of this mess. What happens when you keep putting more and more bandaids or tape on a weakspot? ;) :D In an emergency, tape may be a good temp measure to help you limp to the nearest service station, but as a lng term fix, even riggers tape isn't a good choice and when it's masking tape or scotch tape,, no strength and no resistance to the 'elements'

Overblown? /FUD? Perhaps, but the means exist now for ybergeddon/didgital pearly harbour/etc... level attacks and impact at both virtual and physical means availabvle to any semi-sophisticated group or collection of indivduals and the 'bar' keeps dropping every day. :-o

We failed with ICS-SCADA security and failed with IT/IA security and now we are failing with IoT security.

Remember Mirai? "Marai was estimated at 100,000 devices. Preliminary research suggests the coming storm will utilize 10 to 20 times the number devices Marai used! Mirai was a sily simple. but the 'test took down a few Tier 1 providers and the dependencies,,, like many we can't name ( security doncha know ;) :D )

Imagine he HR depts, payroll systems, databases, information exchanges,,, and of course , the retail, online banking, and social networking systems, companies, and apps that will go down when massive or rpeated brownouts and blackouts occur. What happens to air transport when all the major air carriers go down? BA, Delta, United, Southwest, and ATC at ports and country air corridors go down as well? And you can't get yer netflix, hulu, inel reports,, whupsie!

;) :D This may not happen,,, but probabilities are that it will and rishing. ;) :D

We can depend on the governments of the world to vconitue pathway developments to offensive cyber weaponry and means,, but not the defensive measures or remediation. There is no cyber USARIID.

Commercial CNI, howevers, stating with the cloud and Tier I providers may well be advised to take deep defensive measures to protect their customers and their profitability. ;a) :D