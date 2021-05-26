Cancel
CreatorsPublishersAdvertisers
View more in
Industry

Embracing 'zero trust' is the right answer to the Colonial pipeline hack

Posted by 
The Hill
The Hill
 17 days ago
https://img.particlenews.com/image.php?url=391wac_0aBryl4a00
© Courtesy Colonial Pipeline

Over the past several years, entities ranging from small town police departments to business titans like FedEx have fallen prey to the computer virus scourge known as ransomware. In each case, hackers managed to plant malicious encryption software in a victim’s computer system, halting operations until the victim either paid an exorbitant fee to unlock its systems or rebuilt its computer operations from near scratch. Despite the fact that a new entity has been falling victim to ransomware nearly every 14 seconds, those attacks thankfully never managed to cause anything close to a wide-scale disruption of day-to-day life in the United States.

Or at least that was the case until that malware worked its way into the systems of Colonial Pipeline.

Due to that ransomware infection, allegedly launched by a group of Russian criminals, Colonial was forced to completely shut down over 5,500 miles of pipelines. Owing to the fact that those lines are responsible for moving nearly 50 percent of the gasoline up and down the East Coast, drivers in some areas were suddenly confronted with gas scarcity and price spikes reminiscent of the 1970s OPEC oil embargo.

Even considering that Colonial had to restrict the flow of gas for less than one week, it is decidedly unnerving that one of the most vital pieces of America’s infrastructure could be knocked completely offline by what some experts deemed “a relatively small player” in the hacking world.

Unsurprisingly, Washington has furiously reacted to the Colonial Pipeline incident. Numerous Congressional members have vowed to pour additional billions into federal cybersecurity programs that protect American energy systems and tighten the virtual regulatory screws on the energy sector.

Increased resources for federal cybersecurity programs are, to be sure, a good idea. More funding and oversight power will be largely pointless, however, if it is expended with only the simple goal of preventing hackers from ever penetrating other Colonial-like systems.

Instead, the federal government should reset its expectations of private companies so that their cybersecurity programs are deemed successful when they either stop an incoming attack or dramatically limit the harm caused by hackers. Cybersecurity professionals have a name for such a strategy: “zero trust.”

Under a zero-trust strategy it is assumed that hackers will inevitably manage to penetrate cyber defenses, and so heavy investment must also be made in resources that hunt down and remove intruders as well as resilience mechanisms that minimize the harm any given hacker can do.

Some government leaders might reflexively reject that approach as a response to the Colonial hack, arguing that it is little more than another excuse for companies to underinvest in cybersecurity.

Those zero trust detractors will however have to answer this question: If zero-trust strategies are the gold standard for America’s top cyber defenders, why isn’t it okay for private companies?

Consider that earlier this year the National Security Agency issued guidance “strongly recommending” that U.S. defense and intelligence agencies and their government contracting partners embrace (their words) the adoption of zero-trust architectures. The NSA elected to promote that strategy based on the conclusion that it “better position(s)” cybersecurity professionals “to secure sensitive data, systems, and services.”

The NSA is, of course, no slouch when it comes to cybersecurity — in fact it is widely acknowledged to be the most advanced and best resourced cyber defense agency in the world. So, if the NSA is saying that it and its siblings in the defense community should assume that they will be breached, then there is simply no rational basis for holding private companies to a higher standard.

The Biden administration has spread the zero-trust gospel even further, specifically by issuing an Executive Order directing all federal agencies to similarly adopt that type of information security architecture.

The next few months will offer some stellar opportunities for the White House to promote the adoption of zero-trust models by the private sector. Transportation Secretary Pete Buttigeig, for instance, has stated that when and if an infrastructure bill is passed into law, it will be an “expectation” that projects it funds will have “robust cybersecurity resilience and planning written into” them.

Secretary Buttigieg would be well-served to center those expectations around zero trust. Had that been the overarching strategy for Colonial, the operational and economic fallout would almost certainly have been far less thanks to planning that would have anticipated the possibility of a successful ransomware penetration and developed plans to minimize its impact.

If nothing else, the Colonial pipeline experience serves as yet another reminder that cyberattacks are here to stay. Using a zero-trust strategy to confront them will put America on the path to ensuring that they rarely constitute more than a nuisance. President Biden and Congress now have the opportunity to shift us into that positive direction, and let’s all hope they do so.

Brian E. Finch is a partner at Pillsbury Winthrop Shaw Pittman LLP in Washington D.C.. Follow him on Twitter @BrianEFinch

Dave DeWalt is the former CEO of McAfee and FireEye.

Michael S. Rogers was the 17th director of the National Security Agency and 2nd Commander of U.S. Cyber Command. He is chairman of the Board of Advisors at Claroty.

The Hill

The Hill

226K+
Followers
22K+
Post
169M+
Views
ABOUT

The Hill is a top US political website, read by the White House and more lawmakers than any other site -- vital for policy, politics and election campaigns.

 https://thehill.com/
IN THIS ARTICLE
#Pipelines#Colonial Pipeline#Hackers#Computer Security#Encryption#Nsa#The White House#Transportation#U S Cyber Command#Board Of Advisors#Numerous Congressional#Twitter#Mcafee#Malware#American Energy Systems#Cyberattacks#Ransomware#Sensitive Data#Private Companies#Resilience Mechanisms
YOU MAY ALSO LIKE
News Break
OPEC
News Break
Data Security
News Break
Public Safety
News Break
Economy
News Break
Industry
Related
Computer SciencePosted by
Newsweek

Colonial Pipeline Hack Isn't the End for Bitcoin, Say Crypto Experts

Last month, the U.S. was hit by a cyberattack targeting the Colonial Pipeline—an oil transfer pipe thousands of miles long that carries fuel across the nation. The pipe's operators were reported to have paid a ransom to the hacking group, known as DarkSide, to end the attack, but not before large parts of the East Coast were left with gasoline shortages.
POTUSCNBC

Cyber standards are key in battling ransomware attacks

The development of a set of cybersecurity standards could go a long way in arming companies with more options when it comes to breaches. Without these standards companies are less likely to reveal they've been breached or have paid ransomware. Cyber attackers are taking advantage of failures in fundamentals. The...
IndustryLaw.com

National Security Implications of the Colonial Pipeline Hack

This article appeared in Cybersecurity Law & Strategy, an ALM publication for privacy and security professionals, Chief Information Security Officers, Chief Information Officers, Chief Technology Officers, Corporate Counsel, Internet and Tech Practitioners, In-House Counsel. Visit the website to learn more. It is difficult, if not impossible to think of a...
Industryavast.com

Colonial Pipeline hobbled by a single password

Colonial Pipeline CEO told the U.S. Senate that the massive ransomware attack that disrupted fuel shipments was caused by attackers stealing one password. Colonial Pipeline CEO Joseph Blount told a U.S. Senate committee that the ransomware attack that disrupted fuel distribution to the majority of the eastern United States was caused by attackers stealing a single password that protected the enterprise’s VPN. “In the case of this particular legacy VPN, it only had single-factor authentication,” Blount informed the panel, convened this week in order to examine the attack and other similar threats to U.S. infrastructure.
Fraud Crimesmonteozlive.com

US recovers most of ransom paid after Colonial Pipeline hack

United States investigators have recovered millions of dollars of cryptocurrency paid to Russian ransomware hackers in the Colonial Pipeline cyberattack, the Justice Department said in a statement on Monday June 7. “Earlier today, the Department of Justice has found and recaptured the majority of ransom Colonial paid to the DarkSide...
Congress & Courtscheddar.com

Colonial Pipeline CEO Faces Congress After Ransomware Hack

The CEO of the Colonial Pipeline faced questioning from lawmakers Tuesday about the ransomware attack that crippled operations and led to massive fuel supply disruptions in nearly half of the East Coast of the U.S. last month. The testimony highlighted the danger still posed by ransomware attacks and the vulnerability of both public and private systems. CNET Editor at Large Ian Sherr joined Wake Up with Cheddar to discuss.
Public Safetyvoonze.com

Colonial Pipeline was hacked using simply a compromised password

To be updated with all the latest news, offers and special announcements. - Advertisement - The Colonial Pipeline incident is considered one of thecyber attacks against critical infrastructure most dangerous American in history. It is also a sample of everything not to do in computer security, such as using outdated software without updating or paying extortionists.
Public Safetyslashdot.org

How A New Team Of Feds Hacked The Hackers And Got Colonial Pipeline's Ransom

"Ransomware is very seldom recovered," said April Falcon Doss, executive director of the Institute for Technology Law and Policy at Georgetown Law. One possibility is that the FBI was tipped off by a person associated with the attack. Either the person or group behind the scheme, Doss says, or someone associated with DarkSide, a Russia-based ransomware developer that leases its malware to other criminals for a fee or a share of the proceeds.
Fraud Crimesnationalcybersecuritynews.today

Ransom group linked to Colonial Pipeline hack is new but experienced | #computerhacking | #hacking

The ransomware group linked to the extortion attempt that has snared fuel deliveries across the U.S. East Coast may be new, but that doesn’t mean its hackers are amateurs. Who precisely is behind the disruptive intrusion into Colonial Pipeline hasn’t been made officially known and digital attribution can be tricky, especially early on in an investigation. A former U.S. official and two industry sources have told Reuters that the group DarkSide is among the suspects. read more.
Congress & CourtsPosted by
Daily Dot

Feds seize most of Bitcoin paid out over Colonial Pipeline hack

The U.S. Justice Department (DOJ) announced on Monday the seizure of millions of dollars in Bitcoin paid out by Colonial Pipeline to the DarkSide ransomware group. Deputy Attorney General Lisa Monaco stated during a press conference that investigators were able to recapture a majority of the funds paid out by the company after it temporarily suspended its operations last month in response to the attack.
Fraud Crimesfox4news.com

Colonial Pipeline cyberattack ransom recovered, feds say

WASHINGTON - The U.S. Justice Department said it has recovered millions of dollars in cryptocurrency paid as a ransom to hackers responsible for the Colonial Pipeline cyberattack that led to temporary gas shortages along the East Coast in May. "The Department of Justice has found and recaptured the majority of...
Public Safetybiztechmagazine.com

The Colonial Pipeline Hack: What Should Security Leaders Do Now?

On May 7, the taps turned off. After learning it was the victim of a ransomware attack perpetrated by Russia-based hackers, Colonial Pipeline made the decision to suspend both IT and operational technology operations as security teams worked to quantify the damage and restore affected systems. The six-day shutdown shows...
IndustryItproportal

Colonial Pipeline attack began with compromised account credentials

The Colonial Pipeline ransomware attack, which saw one of the largest pipelines in the US shut down its servers and raised the price of oil to $3 per gallon, began with a compromised VPN account, investigators have found. As reported by multiple media sources, including The Verge, the VPN service...