Colonial Pipeline Hack: What Now?

In what was arguably the most high-profile ransomware attack to ever target a US company, foreign actors were able to successfully shut down Colonial Pipeline and force a fuel shortage across the Southeast. Although the pipeline is now back online and operations have been fully restored, the reality of just how vulnerable US infrastructure is to such attacks is now concerningly clear.

According to Transportation Secretary Pete Buttigieg, this attack “has been a wakeup call on how actors anywhere in the world can impact us right here at home.” It’s an attack that has certainly exposed serious vulnerabilities in the US cybersecurity strategy – flaws that the Biden administration is now scrambling to address.

In the Wake of the Colonial Pipeline Hack, President Biden signed an executive order designed to bolster the nation’s cybersecurity. This executive order takes a number of approaches to accomplish this key goal, including:

• Creating a standardized playbook for the federal government’s response to cybersecurity incidents
• Requiring IT service providers to inform the government of breaches that could impact US networks
• Pushing for upgrades to the government’s IT infrastructure, including a move to more secure cloud services and the requirement of multifactor authentication and encryption
• Establishing a “Cybersecurity Safety Review Board” meant to analyze cyberattacks as they happen and make recommendations
• Taking steps to improve the security of software sold to the government
• Putting in place a government-wide endpoint detection and response system that is designed to improve info-sharing within the federal government

These actions all constitute a step in the right direction as we all grapple with the reality of just how damaging cyberattacks can be. However, the war against cybercrime is only heating up as attacks such as the Colonial Pipeline Hack become increasingly common. Until our cybersecurity matches the level of innovation and determination that foreign attackers have shown, every element of US industry, government, and infrastructure will continue to be at risk.