Last week, US pipelines suffered a ransomware attack that forced a complete shutdown to the entire fuel distribution pipeline including gasoline and jet fuel and jet fuel distribution across the U.S. east coast.
Colonial Pipeline owns and operates a 5,500 mile pipeline that runs from Texas to New Jersey. According to the company’s website, the pipeline carries 100 million gallons of fuel every day, spans 14 states, and serves seven airports directly.
What Happened So Far?
Thursday, May 6, 2021 – Hackers Launched Colonial Pipeline Attack:
Hackers who attacked the biggest US pipeline and fuel distributor have nearly stolen about 100 Gigabytes of data before locking down the whole computer system and payment demands. This incident shook the whole US Cyber Security.
Friday, May 7, 2021 – Hackers Demand For Payment:
Colonial Pipeline was forced to pay nearly $5 million demanded by Eastern European hackers who caused this ransomware attack. However, the reports say that the company had no intentions of paying that extortion amount to restore the country’s largest fuel pipeline.
Saturday, May 8, 2021 – US Government Assists Attack Response:
U.S top companies and organizations including the White House, the FBI, CISA, and NSA immediately shut down their servers operated by Eastern European hackers. This stops the flow of data Colonial Pipeline data from the United States to alleged hacker locations in Russia.
Fuel shortage caused panic in the United States from distributors to consumers. In a statement, Colonial Pipeline said,
“It will take several days for the product delivery supply chain to return to normal. Some markets served by Colonial Pipeline may experience, or continue to experience, intermittent service interruptions during the start-up period. Colonial will move as much gasoline, diesel, and jet fuel as is safely possible and will continue to do so until markets return to normal.”
Following this incident and paying $5 million to the Eastern Hackers, Joe Biden administration on Wednesday announced orders to tighten the cybersecurity and software security practices.
The most recent attacks including “SolarWinds, Microsoft Exchange, and the Colonial Pipeline” suggest that US cybersecurity needs an improvement or else they will become the victim again.
“We encourage private sector companies to follow the Federal government’s lead and take ambitious measures to augment and align cybersecurity investments with the goal of minimizing future incidents,”Biden Administration’s Announcement
However, the executive order aims to remove contractual barriers to information sharing between IT service providers and the government. This remains a complex barrier because it didn’t describe how that task would be accomplished. The order also calls for standardizing federal agencies’ responses to cybersecurity incidents.
Government officials and private sector officials are coming forward as a Cybersecurity Safety Review Board. The purpose of this collaboration is to make recommendations on cybersecurity. It’ll be modeled after the National Transportation Safety Board, which reviews airline safety, incidents, and crashes.
According to Redmond Magazine,
The order advocates the federal use of zero-trust architectures, with secure use of cloud-based services. Additionally, the order “mandates the deployment of multifactor authentication and encryption with a specific time period,” although details weren’t provided.
The order described establishing a “Government-wide Endpoint Detection and Response (EDR)” system to better share information on security incidents. Federal agencies also are ordered to establish “robust and consistent logging practices.”
A pilot program to label software, indicating the degree to which secure software development practices were used, is described in the order. This program might take the form of the current Energy Star program, which oversees energy-efficiency labels.
The United States needs to invest and upgrade as much as possible to improve its Cyber Security Defense. These cyber-attacks highlight how vulnerable they are.
More Tech Stuff Awaiting For You To Read:
- YouTube Announces $100M Fund For YouTube Shorts!
- Epic Games Took Apple For A Ride To The The Courtroom!
- Google Assistant Pronunciation Update!