Breitbart tells us that the Pentagon is shoveling money at cyber attacks to the tune of $100 million in half a year. Meanwhile, the Wall Street Journal reports that the US electric grid has been infiltrated by both the Chinese and the Russians.
I don't understand this. Why don't these organizations simply block all traffic originating from IPs assigned to non-friendly nations? That's pretty simple with iptables. Is there some compelling reason to allow that traffic in? Yeah, attackers could get around that by spoofing their IP or with US-based proxies, but I still think this is an 80% solution.
You might be wondering: "maybe people in the organization want to go to websites in those non-friendly nations." The way that iptables (and I presume other firewalls) works is that it can be configured to allow connections that are originated locally while denying remotely originated connections.