Daily Archives: 19 May 2021

How Does This Work, Exactly?

Posted on by
Reply

In a Thursday article concerning Colonial Pipeline apparently paying ransom to get their systems back online the Wall Street Journal‘s writers let this tidbit slip.

Bloomberg reported earlier Thursday that Colonial had paid the hackers a sum of nearly $5 million, and that the decryption tool ultimately wasn’t effective in restoring operations. Instead, Colonial was able to recover by relying on system backups, Bloomberg reported.

Which raises two questions. If Bloomberg‘s reporting is accurate,

  • Where were Colonial’s CEO, COO, and CIO that they allowed the hack to occur in the first place?
  • Where were Colonial’s CEO, COO, and CIO that they didn’t go to those backups right away instead of rewarding their attackers for the privilege of being their victim?

Colonial management’s apparent cowardice not only serves to expose their company to further extortion, it exposes their peers in the industry and businesses everywhere to this sort of extortion.

Just as bad is the Biden administration’s timid response. The longstanding (not just under this administration) vulnerability of all of our nation’s financial, power, water, fuel infrastructure, coupled with Biden’s ducking away from the current attack (it’s a private matter), exposes our nation to state-level attack and crushing defeat.

That’s Nice

Posted on by
Reply

The Senate Homeland Security Committee held a hearing last week regarding the Colonial Pipeline fiasco (which has much wider implications than just one company cravenly paying off its attacker/rewarding its attacker for the attack).

Congressman John Katko (R, NY), Ranking Member of that committee also wrote a letter to Brandon Wales, Acting Director of the Cybersecurity and Infrastructure Security Agency, which is a part of the Department of Homeland Security. In his letter, Katko asked a number of questions regarding how well CISA works with its counterparts in other agencies and how well CISA’s inspections of the nation’s pipelines were going.

He also wrote optimistically

[T]he Pipeline Cybersecurity Initiative, housed within the National Risk Management Center (NRMC), has shown promise as a voluntary, public-private partnership between CISA, Transportation Security Administration (TSA), Department of Energy (DOE), and a range of pipeline-dominant critical infrastructure stakeholders. It is the Committee’s understanding that the core of this initiative revolves around conducting Validated Architecture and Design Review (VADR) assessments on pipeline assets.
These VADR assessments have proven effective at identifying a wide range of potential vulnerabilities within pipeline systems – some of which have been publicly distilled. Better understanding common security flaws and common misconfiguration issues is in everyone’s best interests, and these aggregated insights will help enhance national resilience.

It’s good to erect barriers that actually work.

Two things remain necessary, though. One is, once those barriers are set up, to go clean out the areas behind the barriers: to identify and remove existing malware from the operational and support software, to clean out the existing backups—both of software and of data—to improve training of human operators and support personnel regarding their role in preventing malware from reentering via phishing, spam, and so on, with more severe sanctions than heretofore applied to personnel who fail.

The other is to recognize that those barriers—software and human—will always be imperfect, will always become obsolete in the ongoing arms race between malefactors and targets, and will always need development, upgrade, and anticipation of future developments and potentials for attack.