Responding to the Colonial Pipeline Cyberattack [Weekly Cybersecurity Brief]

In the wake of the recent cyberattack on the Colonial Pipeline, we are confronted once again with the reality that cybersecurity is a large-scale and critical concern. Now, a series of responses have been introduced on behalf of both the pipeline company and the government to handle the immediate issue and the issue at a macro level.

Following the news that cybercriminal group DarkSide carried out an attack that caused Colonial Pipeline to shut down operations impacting much of the East Coast, CNBC reported that the pipeline company paid the ransom demand attached to the attack. According to the article, NBC News learned that the ransom cost nearly $5 million. While not responding about the payment, Colonial Pipeline did state that its decision to halt its system was done as a “precautionary measure,” but has since returned to operating. When asked about this situation, Anne Neuberger, deputy national security advisor for cyber and emerging technologies, stated that the decision to pay the ransom is a private one made by the company. However, she explained that the FBI has raised concerns that doing so may encourage the increase in ransomware activity.

Federal agencies and private cybersecurity companies are teaming up to investigate the Colonial Pipeline attack, but it is the larger concern that is weighing heavily. Considering that the incident joins a seemingly growing list of cyberattacks, a Biden administration official addressed this worrisome trend during a hearing with the Senate according to CNN. The report from CNN quotes acting Cybersecurity and Infrastructure Security Agency Director Brandon Wales as telling the Senate Homeland Committee that “Malicious cyber actors today are dedicating time and resources towards researching, stealing, and exploiting vulnerabilities, using more complex attacks to avoid detection and developing new techniques to target information and communication technology supply chains.” Also speaking to the pipeline occurrence, Department of Homeland Security Secretary Alejandro Mayorkas pointed out that while ransomware is not a new issue, but it has significantly grown over the course of the past year.

While started after the outbreak of the SolarWinds attack, the Colonial Pipeline attack and recognition of the increase in such cybersecurity events led President Biden to sign an executive order that seeks to enhance defense mechanisms. It also reflects the need for better protection of the country’s infrastructure systems. The White House released a statement explaining that this solution cannot rely on federal action alone though. It will take private companies aligning with the effort as well. Included in the 34-page document are steps such as “the removal of contractual barriers to reporting federal agency breaches, the reporting of severe cyberattacks within three days [and] the establishment of a Cybersecurity Safety Review Board to investigate significant incidents,” according to CNet. The administration also announced that it plans to put together a task force responsible for tracking down hackers.

Key Takeaways:

“Colonial Pipeline paid $5 million ransom to hackers” – Eamon Javers & Amanda Macias, CNBC

https://www.cnbc.com/2021/05/13/colonial-pipeline-paid-ransom-to-hackers-source-says.html

  • Following the news that cybercriminal group DarkSide carried out an attack that caused Colonial Pipeline to shut down operations impacting much of the East Coast, CNBC reported that the pipeline company paid the ransom demand attached to the attack.
  • NBC News learned that the ransom cost nearly $5 million.
  • Anne Neuberger, deputy national security advisor for cyber and emerging technologies, said that the decision was made as a private one by the company. But she raised some concern that this trend may continue if it becomes common practice to pay off ransom demands.

“Four key takeaways on the US government response to the pipeline ransomware attack” – Zachary Cohen and Geneva Sands, CNN

https://www.cnn.com/2021/05/11/politics/colonial-pipeline-cyber-hearing-senate-homeland-security-committee/index.html

  • Federal agencies and private cybersecurity companies are teaming up to investigate the Colonial Pipeline attack, but it is the larger concern that is weighing heavily.
  • A Biden administration official addressed this worrisome cybersecurity trend during a hearing with the Senate according to CNN.
  • Infrastructure Security Agency Director Brandon Wales told the Senate Homeland Committee that “Malicious cyber actors today are dedicating time and resources towards researching, stealing, and exploiting vulnerabilities, using more complex attacks to avoid detection and developing new techniques to target information and communication technology supply chains.”

“Biden signs executive order aimed at shoring up US cybersecurity” – Steven Musil, CNet

https://www.cnet.com/news/biden-signs-executive-order-aimed-at-shoring-up-us-cybersecurity/

  • President Biden signed an executive order that seeks to enhance cybersecurity defense mechanisms and address the need to protect the nation’s infrastructure.
  • A White House Statement explained that it will take efforts on behalf of the private sector to create solutions to this growing trend.
  • In addition to the steps outlined the executive order, there are plans to launch a task force created to prevent hackers from carrying out more ransomware campaigns.
Share
Share on facebook
Share on twitter
Share on linkedin
Share on email