What’s New: A ransomware attack caused one of the East Coast’s largest fuel pipeline operators to shut down its entire network yesterday, according to The Washington Post.
Why This Matters: While these attacks occur more frequently than the public might understand, Colonial’s 5,500 miles of pipelines carry fuel to more than 50 million consumers.
“There are absolutely cases in industrial operations where ransomware impacts operations,’’ said Robert M. Lee, CEO and cofounder of Dragos, a major cybersecurity firm that handles incidents in the industrial control sector. “Oftentimes, though, that impact isn’t the impact that gets news media attention. They may not be to the level that this case is, but there are lots of industrial control companies that are battling ransomware around the United States.”
What I’m Thinking:
Lot’s of unknowns. While a state-backed attacker is possible, I doubt it because that would be a very dangerous action. Likely a non-state, criminal group or individual.
My money is on poor security. While these attacks can be sophisticated, more often than not the root problem is bad cybersecurity practices. I’m guessing that’s the case here.
Remember Monday. In this week’s newsletter, I highlighted a new report on ransomware and said, “The US intelligence/military enterprises should specifically be tasked to identify, deter, disrupt, and dismantle foreign ransomware attackers and their networks. These attacks should be treated as cyberterrorism and nation states who enable or harbor these attackers should be engaged accordingly.” I stand by this.