Colonial Pipeline Attack Prompts Government Regulations for Cybersecurity

Posted on by Dawna M. Roberts in News June 02, 2021
https://content.infopay.net/storage/thumbnails/m2vZ4nkGE5EPMxrkQ2mxYWmBWsxaBvDgk8czswsH.jpg

The Colonial Pipeline attack was a wake-up call for consumers and government agencies who realize that our country’s infrastructure is at extreme risk of takedown at any moment.

What is Happening?Colonial Pipeline Ransomware Attack

On the heels of the Colonial Pipeline attack, the U.S. Department of Homeland Security is busy crafting cybersecurity regulations that affect the oil and gas industry. 

After the ransomware attack, Colonial Pipeline had to shut down for a week to fix the problem before resuming operations. During those few days, panic spread about oil shortages, and fuel prices spiked. Government regulators understand the need for better security to prevent these occurrences in the future. 

First reported by the Washington Post, Data Breach Today reiterates that 

“The pending regulations also will require companies to have an executive who is responsible for cybersecurity and has a direct line to the TSA and the Cybersecurity and Infrastructure Security Agency to report an incident, the Post reports. Gas and oil firms will also be required to conduct security assessments.

The first of these new regulations is expected to be issued later this week, according to the newspaper. These will be followed in the coming weeks by other new mandatory cybersecurity requirements for oil and gas companies.”

What Does the Department of Homeland Security Say?

According to The Washington Post a spokesperson told Information Security Media Group, 

“The Biden administration is taking further action to better secure our nation’s critical infrastructure. TSA, in close collaboration with CISA, is coordinating with companies in the pipeline sector to ensure they are taking all necessary steps to increase their resilience to cyber threats and secure their systems. We will release additional details in the days ahead.”

Threat experts say these regulations are a good “first step,” but more is needed. To protect our infrastructure and those services that consumers depend on to sustain life, a more proactive approach is necessary.

Highlights of the Colonial Pipeline Attack

The Colonial Pipeline attack was a surprise to everyone. Many hacker gangs have vowed not to interfere with infrastructure-based companies. However, Colonial has deep pockets, which made them an excellent target. 

As a result of the attack, Colonial Pipeline had to shut down 5,500 miles of the pipeline until they could restore their systems. The result was fuel shortages along the East Coast and a spike in prices. 

Colonial Pipeline paid hackers a ransom of $4.4 million for a decryption key, but it turned out to be false and did not work. The DarkSide ransomware gang is responsible for the attack. Shortly after, the group announced they were shutting down its ransomware-as-a-service operations due to their servers having seized their and cryptocurrency accounts being drained. Furthermore, The DarkSide ransomware gang has also been responsible for other attacks where very recently they made over $90 million from their ransomware attack campaign.

This incident served as an example of how much the power generation industry is far behind in terms of cybersecurity precautions, thus the need for new regulations. 

Data Breach Today quotes an executive from Coalfire,

“These organizations over the years have slowly blended their corporate and operational technology networks, creating a nasty opportunity for bad things to occur, as we have seen in the Colonial Pipeline incident.”

After 911, the U.S. government formed the TSA, tasked with keeping America safe. The TSA has been criticized since 2018 by the Government Accountability Office for its lack of preparation against these types of attacks. In its report, the GAO said, 

“Given that many pipelines transport volatile, flammable, or toxic oil and liquids, and given the potential consequences of a successful physical or cyberattack on life, property, the economy and the environment, pipeline systems are attractive targets for terrorists, hackers, foreign nations, criminal groups, and others with malicious intent.”

This latest attack has shed new light on the issue and fueled decisive action by government officials. Along with President Biden’s cybersecurity plans, these new regulations will dovetail into the overall goal of securing our nation better against these now common ransomware threats.

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s c... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien” is ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the country, ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% of the... Read More

FREE IDENTITY THREAT SCAN
Scan Your Records for Breaches, Leaks & Exposures!