Cybersecurity Threats: The Colonial Pipeline, announced it was the victim of a cybersecurity attack on May 8th. Here’s what both sides are saying. To have stories like this and more delivered directly to your inbox, be sure to sign up for our newsletter.
Top Story: Cybersecurity Threats
Nowhere is natural selection more painfully obvious than on the African plains. It’s a constant battle for survival, and only the fittest survive. This is on full display when a pack of lions hunt for their next meal. While approaching a herd of antelopes, they circle the group, quietly looking for the weakest link. Antelopes’ natural defense is their speed, so the lions merely have to isolate the slowest one. When they do, it’s usually game over. Now, because our behavior is influenced by the natural world, similar situations are carried out by humans. In fact, a similar dynamic unfolded last week in the United States when the Colonial Pipeline, the largest petroleum pipeline in the United States, announced it was the victim of a cybersecurity attack on May 8th. So far, this appears to be the largest attack ever on an American energy system, and the reality is that no company is safe. When asked what security pros can do right now to lower their risk for a similar attack in the future, Forrester analyst Allie Mellen took a cue from the antelopes and said, “Outrun the guy next to you.” Here’s what both sides are saying about the Colonial Pipeline Hack.
On The Right
Conservative politicians and right-leaning commentators believe the pipeline attack highlights two weaknesses. The first is President Biden’s image and ability on the world stage, especially as it relates to standing up to Russian President Vladimir Putin. The second is the Biden administration’s green-energy agenda, which they believe will make the US grid even more vulnerable to future attacks.
Although “the FBI identified a criminal syndicate named DarkSide as creators of the ransomware used in the attack,” Samuel Chamberlain of the New York Post says, “The group’s members are Russian speakers, and their malware is coded not to attack networks using Russian-language keyboards.” For that reason, this attack would’ve been impossible “without the tacit or explicit knowledge of Vladimir Putin’s government,” Sen. Tom Cotton (R-Ark.), a member of the Senate Intelligence Committee, told “Fox News Primetime” Monday. “It shows that Joe Biden’s weak policy on Russia is having consequences for the American people,” he added. Then on Fox News’ “Hannity,” former Texas Governor and Energy Secretary Rick Perry said the forced shutdown should serve as a “wake-up call” for Biden to “build more pipelines instead of shutting them down.” Former House Speaker Newt Gingrich said, “We ought to pass a law immediately that makes this kind of hacking subject to a death penalty.”
Meanwhile, the Wall Street Journal Editorial Board takes aim at Biden’s $2.3 trillion American Jobs Plan, saying, “The Colonial Pipeline shutdown is a warning of worse to come.” By “using the ‘infrastructure’ label to remake the energy economy [and] squeeze fossil fuels,” the “climate change lobby” will “make the grid more vulnerable.” Pointing to the prior SolarWinds attack and Texas power outage, the editors think the government should “help companies harden their information systems.” However, “That won’t happen with Mr. Biden’s 500,000 new EV charging stations and rooftop solar panels on every home,” they say. In fact, “Infrastructure will become more vulnerable as more systems get electrified and connected.” In reality, the writers state, modern devices like “solar panels, EV chargers, and ‘smart’ appliances” are multiplying “new entry points for cyber criminals to take over.” Ultimately, “Defending the US against cyber attacks is the Biden Administration’s most important infrastructure job, but that’s not what its $2.3 trillion proposal would do.”
Finally, Tom Rogan of the Washington Examiner says, “This is a major escalation against US interests, one that almost certainly would not have occurred without the Kremlin’s approval.” According to Rogan, “Putin is seeing whether the US will dance to Russia’s waltz, agreeing that these attacks are criminal acts rather than state-sanctioned terrorist attacks.” President Biden needs to stop the music altogether, Rogan writes. “Unless Russia immediately arrests and extradites DarkSide’s team, and not simply some random other hackers, [he thinks] Biden should direct the National Security Agency to retaliate in kind against Russia’s energy infrastructure.” At the end of the day, Rogan believes “It is imperative to US national security that Russia not believe itself capable of using the state versus nonstate ‘gray zone’ to endanger millions of American lives and livelihoods.”
On The Left
Left-leaning outlets are equally concerned and think the recent attack illustrates the need to move cybersecurity higher up on the priority list. Similar to their right-leaning counterparts, they warn this won’t be the last time an occurrence like this will happen.
The Washington Post Editorial Board says the pipeline hack “is only the most dramatic of many recent reminders that the whole of the US government must act to quell the threat — now.” An executive order from President Biden “mandating minimum cybersecurity requirements for federal contractors” is a good start. Yet, this can’t be just an executive branch decision, they write. “Congress [must also] impose similar requirements on those outside the chain of procurement who operate critical infrastructure.” Lastly, the editors note that “targets can’t defend themselves completely on their own.” Rather, the US and other countries must stick together to “reduce what these criminals can earn, but they must also increase what those criminals must pay for their sabotage.” Ultimately, protecting against ransomware attacks is a group effort. Individuals must update their phone software, businesses need to “safeguard their systems,” and governments are implored to “write rules that would help those people protect themselves.”
Writing for Recode, Sara Morrison attempts to strike an optimistic tone, noting “the attack underscores two of the Biden administration’s stated priorities: improving American infrastructure and cybersecurity.” At the end of last year, Biden said his “administration will make cybersecurity a top priority at every level of government.” Similarly, he “unveiled a $2 trillion infrastructure plan that includes $100 billion to modernize the electrical grid.” Morrison states Biden will also “unveil an executive order soon that will strengthen cybersecurity at federal agencies and for federal contractors,” but this may not be enough. “These measures are more focused on preventing another SolarWinds-like attack,” Morrison writes. Moreover, federal officials said, “They don’t think the order does enough to prevent a sophisticated attack, nor would it apply to a privately held company like Colonial.” Ultimately, the next attack “could be a lot worse if measures aren’t taken at the highest levels to prevent it.”
Lastly, Zachary Wolf of CNN says essentially the same thing, warning that the “Colonial Pipeline [hack] wasn’t the first and won’t be the last cyber pirate attack.” In fact, “Hackers have gotten more brazen,” attacking everything “from the city of Atlanta to the DC Police Department.” Quoting Rob Lee, the CEO of Dragos, a cybersecurity firm, Wolf notes it’s going to get worse. Lee said, “All of our industries are going through some form of digital transformation, which means they’re becoming more connected and taking advantage of things like cloud resources. That connectivity allows adversaries to come into those systems and compromise them in these ways.” Emphasizing what is becoming clearer every day, this attack that took “down the aorta of fuel for the East Coast should be sending shockwaves through the country,” he writes.
Flag This: Cybersecurity Threats
Although there are some nuances to the arguments above, both sides agree that this attack highlights the vulnerable state of America’s digital infrastructure. According to the SBA, “There were nearly 42,000 online security incidents around the world over the past year.” Of those, 43 percent targeted small businesses. Over 80 percent of security breaches are simply due to weak or stolen passwords. In 2020, the top three most commonly used passwords were 123456, 123456789, and picture1. With that said, as we all graze online — shopping for shoes, reading an article, or watching a video — but remember there are lions lurking in the digital bushes. Using complex passwords like full sentences may seem tedious, but at the end of the day, may offer your best chance to outrun the guy next to you.
Flag Poll: Cybersecurity Threats
What do you think the United States needs to do in order to adequately address the ever-increasing issue of cybersecurity? Comment below to share your thoughts.