Two years after Colonial Pipeline attack, CISA says ‘much work’ remains to ensure security, resilience of critical infrastructure
On the second anniversary of the Colonial Pipeline ransomware attack, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) addressed the event as ‘a watershed moment in the short but turbulent history of cybersecurity.’ The incident highlighted the vulnerability of critical infrastructure systems in the U.S., while also raising concerns about the growing threat of ransomware attacks, particularly on critical systems, and the need for increased cybersecurity measures to protect against them.
In light of the need to ensure the security and resilience of critical infrastructure amid complex threats and increasing geopolitical tensions, CISA has called upon industry stakeholders to ensure that the technology that underpins the critical services that Americans rely on every hour of every day is safe and secure. It also focused on the need to prioritize cybersecurity at the highest levels, continue to invest in the JCDC model, and the need to normalize cyber risks for the general public with the recognition that cyber-attacks are a reality for the foreseeable future.
The Colonial Pipeline attack in May 2021 was executed by DarkSide, a Russian-based cybercriminal group, forcing the fuel pipeline company to go offline, resulting in an operational disruption in an abundance of caution to contain the ransomware attack. The disruption prompted a regional emergency declaration along the East Coast, apart from highlighting the nation’s need for enhanced security of its most critical fuel pipelines.
“On May 7, 2021, a ransomware attack on Colonial Pipeline captured headlines around the world with pictures of snaking lines of cars at gas stations across the eastern seaboard and panicked Americans filling bags with fuel, fearful of not being able to get to work or get their kids to school,” Jen Easterly, CISA director, and Tom Fanning, chairman and CEO of Southern Company and chair of CISA’s Cybersecurity Advisory Committee, wrote in a Sunday post titled, ‘The Attack on Colonial Pipeline: What We’ve Learned & What We’ve Done Over the Past Two Years.’ “This was the moment when the vulnerability of our highly connected society became a nationwide reality and a kitchen table issue.”
“The good news is that since that event, the Biden-Harris Administration has made significant strides in our collective cyber defense, harnessing the full power of the U.S. government to address the full spectrum of the threat,” Easterly and Fanning wrote. “At the Cybersecurity and Infrastructure Security Agency (CISA), we have been laser-focused on improving resilience across our Nation’s critical infrastructure. Recognizing that organizations need a simple way to access actionable and timely cybersecurity information, we developed stopransomware.gov to provide a central location for alerts and guidance for businesses and individuals.”
The post also said, “recognizing that only cohesive collaboration across government will scale to meet the threat, we launched the Joint Ransomware Task Force with our FBI partners to orchestrate the federal government’s response to the epidemic of ransomware.”
Furthermore, recognizing the need to bring together industry, government, and internal partners and tear down siloes that create gaps for the adversary, “we established the Joint Cyber Defense Collaborative (JCDC)—a concept born out of the U.S. Cyberspace Solarium Commission on which one of us served as a Commissioner—to catalyze a community of experts on the front lines of cyber defense—from across the public and private sectors—to share insights and information in real-time to understand threats and drive down risk to the nation,” the post added.
The post added that since its establishment, the JCDC led the national response to one of the most extensive software vulnerabilities discovered; played a central role in CISA’s Shields Up campaign to protect critical infrastructure from potential Russian cyber-attacks; and, “along with our partners at the Transportation Security Administration (TSA), brought together more than 25 major pipeline operators and industrial control systems partners to strengthen security practices to safeguard the operational technology networks critical to pipeline operations, efforts that complement the Security Directives TSA issued in the aftermath of the attack on Colonial Pipeline.”
Easterly and Fanning added that separately, with the support of Congress, “we expanded our capability known as ‘CyberSentry’ which enables heightened visibility into and more rapid detection of cyber threats that could target our nation’s most critical operational technology networks. Finally, we worked to help organizations of all sizes and skill levels prioritize the most impactful cybersecurity investments with the introduction of cybersecurity performance goals, or CPGs.”
“While we should welcome this progress, much work remains to ensure the security and resilience of our critical infrastructure in light of complex threats and increasing geopolitical tension,” according to Easterly and Fanning.
The CISA post also pointed to the U.S. Intelligence Community, which issued a stark warning of a potential future in its recent Annual Assessment, noting that ‘if Beijing feared that a major conflict with the United States were imminent, it almost certainly would consider undertaking aggressive cyber operations against U.S. homeland critical infrastructure…China almost certainly is capable of launching cyber-attacks that could disrupt critical infrastructure services within the United States, including against oil and gas pipelines, and rail systems.’
Easterly and Fanning highlighted in their post that “we cannot afford to dismiss this warning. We must do everything today to be prepared for such a scenario.”
Outlining four necessary steps, the CISA post said that “we must ensure that the technology that underpins the services that Americans rely on every hour of every day is safe and secure. For too long, we have sacrificed security for features and speed to market, leaving us increasingly vulnerable, with the burden of security placed on those least able to bear it. As listed in one of the core pillars in the President’s National Cyber Strategy we need security to be built into the creation of new technology—as a foundational imperative—rather than bolted on at the end requiring continuous security updates from consumers,” it added.
The agency also pointed to the need to prioritize cybersecurity at the highest levels. “The days of relegating cybersecurity to the CIO or the CISO must end. CEOs and Boards of Directors must embrace cyber risk as a matter of good governance and prioritize cybersecurity as a strategic imperative and business enabler,” it added.
It also added that investing in the JCDC model of persistent and proactive operational collaboration between government and industry must continue, where the default is to share information on malicious cyber activity, knowing that a threat to one is a threat to all.
“Finally, we need to normalize cyber risks for the general public with the recognition that cyber-attacks are a reality for the foreseeable future,” the CISA post said. “We cannot completely prevent attacks from happening, but we can minimize their impact by building resilience into our infrastructure and into our society. We need to look no further than our Ukrainian partners for an example of the power of societal resilience.”
Easterly and Fanning acknowledged that these changes are not easy, “but we need to hold ourselves accountable to the hard lessons learned from two years ago. Are we going to make the choices that will lead us to a secure, resilient, and prosperous future or are we going to allow inaction to dictate a future in which our national security and our way of life hang in the balance? We have proven that it can be done but only if we act now…together,” they added.
A complimentary guide to the who`s who in industrial cybersecurity tech & solutions
Free DownloadRelated
