Saturday, May 8, 2021

It's Infrastructure, Weak

Criminal and possibly terrorist cyberattacks are landing more and more often on America's critical infrastructure systems, and after the last guy made sure those doors were left wide open, it's a wonder then that the country hasn't been forced offline by more assaults like these.


The attack hit Colonial Pipeline, which carries gasoline, diesel and jet fuel from Texas to New York and moves about 45% of all fuel consumed on the East Coast.

In a statement late Friday, Colonial Pipeline said it was "the victim of a cybersecurity attack" though the company didn't say who launched the attack or what the motives were.

"In response, we proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems," the company said.

Colonial Pipeline said it contacted federal agencies and law enforcement, as well as enlisting a third-party cybersecurity firm to help with an investigation "into the nature and scope of this incident."

The Georgia-based company transports more than 100 million gallons, or 2.5 million barrels of fuel daily, including gasoline, diesel fuel, home heating oil, jet fuel and fuels for the U.S. military through its pipeline system, according to the company's website.

The pipeline shutdown comes amid growing concerns over vulnerabilities in the country's infrastructure after several recent cyberattacks, including last year's attack at the software company SolarWinds that hit several U.S. government agencies, including the Pentagon, the Treasury Department, the State Department and the Department of Homeland Security, as reported by NPR.

The Biden administration responded to the SolarWinds attack by issuing an executive order to help the country better protect itself against cybersecurity attacks.

"The fact that this attack compromised systems that control pipeline infrastructure indicates that either the attack was extremely sophisticated or the systems were not well secured," said Mike Chapple, a computer science professor at Notre Dame.


"This pipeline shutdown sends the message that core elements of our national infrastructure continue to be vulnerable to cyberattack," he said.

Chapple notes that securing infrastructure involves different federal agencies and requires centralized leadership. "Last year, Congress authorized the creation of a national cybersecurity director within the White House, but this position remains unfilled by the Biden administration," he said
 
Part of Biden's infrastructure plan needs to be funding for and implementation of new security measures for the systems that control pipelines, sanitation systems, water works, and power plants. If those go offline for an extended period of time, we're done.

And everyone knows it.

No comments:

Post a Comment