Guest essay by Eric Worrall
Bloomberg claims Colonial paid the ransom to cyber criminals who cut 45% of fuel supplies on the east coast. However, this episode demonstrated how vulnerable US vital systems are to hacking or system failure.
Colonial Pipeline paid nearly $ 5 million in ransom to hackers
By William Turton, Michael Riley, and Jennifer Jacobs14. May 2021, 00:15 GMT + 10 Updated May 14, 2021 09:01 GMT + 10
- The payment came shortly after the attack started last week
- The FBI prevents organizations from paying ransom to hackers
Colonial Pipeline Co. paid nearly $ 5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying a blackmail fee for restoring the country’s largest fuel pipeline, according to two people familiar with the transaction numbers.
The company paid the large ransom in hard-to-understand cryptocurrency within hours of the attack, underscoring the immense pressure of the Georgia-based operator to return gasoline and jet fuel to the major cities along the east coast. A third person familiar with the situation said US government officials were aware that Colonial made the payment.
…
When Bloomberg News asked President Joe Biden if he had been informed of the company’s ransom payment, the president paused and then said, “I have no comment on that.”
…
Read more: https://www.bloomberg.com/news/articles/2021-05-13/colonial-pipeline-paid-hackers-nearly-5-million-in-ransom
Anyone can be hacked, the hackers have an inherent advantage. System security professionals need to get it right every time, cyber criminals only need to get it right once.
But what happens after you’ve been hacked is at least as important as protecting systems from hacking attacks.
Colonial, who allegedly paid the ransom, tells me that they felt they had no other choice. Why should they pay the ransom when they could easily restore the hacked systems from a backup? Either they don’t have a backup, they didn’t trust their backup, or they didn’t think they could restore the backup in a reasonable time frame.
Giving code written by criminals a second chance to mess with your system is certainly an act of desperation. If a criminal wants to shake off their victims a second time, it is much easier to fix additional malware vulnerabilities by forcing their victims to run a $ 5 million cleanup tool than the certainly tougher security from scratch a second time on to break through.
In addition to cyberhacking, there are other risks that may require restoring from backup. In 1859, the Carrington event struck Earth with a colossal solar flare and caused tremendous electrical disturbance throughout the primitive telegraph system of the time. A similar event today wouldn’t necessarily destroy everything electronic, but it would do a lot of damage. Many computer hardware would fail in whole or in part. Some could be repairable, but much of it would have to be scrapped and replaced.
Everyone has heard of a nuclear EMP device, but there are non-nuclear EMP devices that are easy to build but can cause electronic damage to electronic equipment within range. Originally developed in the Soviet Union for nuclear fusion research, these non-nuclear EMP devices convert a significant percentage of the energy released by a chemical explosion into an electromagnetic shock wave, like a localized artificial Carrington event. It’s only a matter of time before eco-crazy people start pointing homemade EMP devices at the oil and gas infrastructure.
There are many other risks that need to be managed. I once saw an entire utility company fail because it refused to give the only person in the company who understood how their poorly written 30 year old systems work (not me, someone else) a 10% raise to grant. After his departure, management found that they could no longer issue utility bills. They don’t know how important this one person is to their business and profitability.
Let’s hope Colonial has these secure backups and adequate risk management systems in place should the next Carrington incident or other widespread disaster or attack shut down some of their computer systems.
Like this:
Loading…
Comments are closed.