Colonial Hack - Government’s Readiness for Cyberattacks
The recent Colonial pipeline cyberattack put the dangers of digital sabotage into sharp relief.
Just as Americans were emerging from the COVID-19 pandemic lockdown, fuel shortages resulting from the attack on the pipeline curtailed their exodus.
The attack disrupted the supply of gas to Washington DC, Florida, Georgia, North Carolina, and Virginia. In some areas, the shortage continued long after the ransom was paid and the pipeline restored to normal operation.
Not only did the attack occur at a crucial point in the US’s recovering economy, but the ripple effects of the attack are still being felt weeks after the attack. The pipeline’s shutdown caused the price of gas to surge to over $3 per gallon for the first time since 2014.
Who Hacked Colonial Pipeline?
DarkSide, the group responsible for the attack, is based in Eastern Europe, although it also has ties to Russia.
Using a ransomware-as-a-service business model, DarkSide develops and sells malicious software and ransomware tools.
Noted for their “stealthy techniques,” cybersecurity experts say DarkSide excels at creating “attack tools and techniques [that] would evade detection.”
The group shut down its operations shortly after the Colonial ransomware attack but, before doing so, issued an almost apologetic response to the incident, saying, “Our goal is to make money and not creating problems for society.”
How Did Colonial Get Hacked?
Cybersecurity experts are still trying to determine how DarkSide breached its network, which relies on connected technology to control and monitor the flow of gas through its 5,500 miles of pipe.
An outside cybersecurity firm, FireEye Mandiant, is assisting Colonial with their investigations, but so far, it’s unclear how the attack happened.
From pressure sensors to a high-tech “smart pig” robot that scans the pipeline for anomalies, much of the pipeline’s operational technology is digital. It’s, therefore, possible that the attackers first breached the company’s internal network before accessing the pipeline itself.
The company is facing a putative class action suit that accuses Colonial of failing to protect its systems effectively. Although no details have been forthcoming, Colonial says it has made some headway in improving its cybersecurity since the attack.
The company is under pressure from the government to get to the bottom of the incident and explain its online security practices. It may also come under fire from the FBI after flouting their official advice and handing over a $4.4m ransom payment.
The Implications Of The Colonial Pipeline Hack Explained
While some suggest that the ransomware attack on Colonial was little more than “a textbook hack-and-pay gone wrong,” others fear it is just the latest in a spate of attacks targeting critical national infrastructure.
Even if it’s nothing more than a ransomware attack gone awry, the Colonial Pipeline cyberattack laid bare the “cybersecurity vulnerability in critical infrastructure.”
The government has already responded, with Joe Biden issuing an executive order on improving the nation’s cybersecurity shortly after the incident occurred.
The order calls on the Federal Government to improve its ability to detect and deter such cyberattacks, along with other initiatives aimed at improving information sharing between the private sector and the government, and creating a standardized protocol for responding to such attacks.
Given the FBI’s stance on ransom payments, it seems likely Joseph Blount, the CEO of Colonial Pipeline, will be facing difficult questions about his decision to pay the ransom when he testifies before the House Homeland Security Committee in June.
It’s also probable that Colonial Pipeline will come under increasing pressure to share information about the attack, “for Congress to legislate effectively on ransomware.”
The government is also eager to share information with other businesses and track down the perpetrators in the hopes that these moves will help deter future attacks.
The Colonial Pipeline cyberattack reminds us just how vulnerable our national infrastructure is. While the government is taking some ambitious measures to improve cybersecurity and minimize future attacks, unless the private sector steps up its game, the threats will continue.
What not just America but every country in the world needs is a coherent approach to cybersecurity that encourages threat information sharing, utilizes zero-trust architecture, improves supply chain security, and creates a standard protocol for responding to ransomware attacks.
If Colonial Pipeline is serious about cybersecurity, it needs to prove it by sharing information about the attack so such knowledge can be used to “build a stronger understanding of cybersecurity vulnerabilities to critical infrastructure.”