The administrative attack surface
A few days after sending an application to the Dutch Ministry of Defence for a senior cyber and information security advisory role, I read an NRC article about publicly accessible details of Dutch military infrastructure. Not leaked documents. Not espionage. Not shadowy dead drops in rainy parking garages. Public websites. Pipeline routes. Radar dependencies. Cable maps. Technical drawings. Backup systems. Segmentation details. Power feeds. Coordinates. Bits of information scattered across agencies, permits, infrastructure registries, environmental datasets and planning portals like breadcrumbs dropped by a committee convinced that nothing bad ever happens in spreadsheets. ...