Colonial Pipeline Attack Prompts Government Regulations for Cybersecurity

  • By Dawna M. Roberts
  • Jun 02, 2021

The Colonial Pipeline attack was a wake-up call for consumers and government agencies who realize that our country’s infrastructure is at extreme risk of takedown at any moment.

What is Happening?Colonial Pipeline Ransomware Attack

On the heels of the Colonial Pipeline attack, the U.S. Department of Homeland Security is busy crafting cybersecurity regulations that affect the oil and gas industry. 

After the ransomware attack, Colonial Pipeline had to shut down for a week to fix the problem before resuming operations. During those few days, panic spread about oil shortages, and fuel prices spiked. Government regulators understand the need for better security to prevent these occurrences in the future. 

First reported by the Washington Post, Data Breach Today reiterates that 

“The pending regulations also will require companies to have an executive who is responsible for cybersecurity and has a direct line to the TSA and the Cybersecurity and Infrastructure Security Agency to report an incident, the Post reports. Gas and oil firms will also be required to conduct security assessments.

The first of these new regulations is expected to be issued later this week, according to the newspaper. These will be followed in the coming weeks by other new mandatory cybersecurity requirements for oil and gas companies.”

What Does the Department of Homeland Security Say?

According to The Washington Post a spokesperson told Information Security Media Group, 

“The Biden administration is taking further action to better secure our nation’s critical infrastructure. TSA, in close collaboration with CISA, is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems. We will release additional details in the days ahead.”

Threat experts say these regulations are a good “first step,” but more is needed. To protect our infrastructure and those services that consumers depend on to sustain life, a more proactive approach is necessary.

Highlights of the Colonial Pipeline Attack

The Colonial Pipeline attack was a surprise to everyone. Many hacker gangs have vowed not to interfere with infrastructure-based companies. However, Colonial has deep pockets, which made them an excellent target. 

As a result of the attack, Colonial Pipeline had to shut down 5,500 miles of the pipeline until they could restore their systems. The result was fuel shortages along the East Coast and a spike in prices. 

Colonial Pipeline paid hackers a ransom of $4.4 million for a decryption key, but it turned out to be false and did not work. The DarkSide ransomware gang is responsible for the attack. Shortly after, the group announced they were shutting down its ransomware-as-a-service operations due to their servers having seized their and cryptocurrency accounts being drained. Furthermore, The DarkSide ransomware gang has also been responsible for other attacks where very recently they made over $90 million from their ransomware attack campaign.

This incident served as an example of how much the power generation industry is far behind in terms of cybersecurity precautions, thus the need for new regulations. 

Data Breach Today quotes an executive from Coalfire,

“These organizations over the years have slowly blended their corporate and operational technology networks, creating a nasty opportunity for bad things to occur, as we have seen in the Colonial Pipeline incident.”

After 911, the U.S. government formed the TSA, tasked with keeping America safe. The TSA has been criticized since 2018 by the Government Accountability Office for its lack of preparation against these types of attacks. In its report, the GAO said, 

“Given that many pipelines transport volatile, flammable, or toxic oil and liquids, and given the potential consequences of a successful physical or cyberattack on life, property, the economy and the environment, pipeline systems are attractive targets for terrorists, hackers, foreign nations, criminal groups, and others with malicious intent.”

This latest attack has shed new light on the issue and fueled decisive action by government officials. Along with President Biden’s cybersecurity plans, these new regulations will dovetail into the overall goal of securing our nation better against these now common ransomware threats.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

ChatGPT Suffered From a Major Data Breach Exposing its Subscribers

ChatGPT Suffered From a Major Data Breach Exposing its Subscribers

ChatGPT is OpenAi's chatbot designed to simulate conversations with other people. The tool utilizes a massive language model to produce realistic and believable responses for a conversation.

Weekly Cybersecurity Recap March 24

Weekly Cybersecurity Recap March 24

Cyber-attacks are a major problem that exposes millions of people to fraud on an annual basis. This week there were attacks on some truly massive organizations like the NBA and PayPal, as well as a cyber security company and a few medical companies.

Independent Living Systems LLC Gets Hacked, Exposing 4 Million Patients

Independent Living Systems LLC Gets Hacked, Exposing 4 Million Patients

Independent Living Systems LLC is a healthcare facility provider for the elderly, physically challenged, and impaired. The company establishes short-term healthcare facilities for those that need extra care.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address