Guest essay by Eric Worrall
Bloomberg claims Colonial paid the ransom to cybercriminals who halted 45% of East Coast fuel supplies. But this episode has exposed just how vulnerable vital US systems are to hacking or system failure.
Colonial Pipeline Paid Hackers Nearly $5 Million in Ransom
- Payment came shortly after attack got underway last week
- FBI discourages organizations from paying ransom to hackers
Colonial Pipeline Co. paid nearly $5 million to Eastern European hackers on Friday, contradicting reports earlier this week that the company had no intention of paying an extortion fee to help restore the country’s largest fuel pipeline, according to two people familiar with the transaction.
The company paid the hefty ransom in difficult-to-trace cryptocurrency within hours after the attack, underscoring the immense pressure faced by the Georgia-based operator to get gasoline and jet fuel flowing again to major cities along the Eastern Seaboard, those people said. A third person familiar with the situation said U.S. government officials are aware that Colonial made the payment.
When Bloomberg News asked President Joe Biden if he was briefed on the company’s ransom payment, the president paused, then said: “I have no comment on that.”
Anybody can get hacked, the hackers have an inherent advantage. System security professionals have to get it right every time, cybercriminals only have to get it right once.
But what happens after you are hacked is at least as important as protecting systems from being hacked.
Colonial allegedly paying the ransom tells me they felt they had no other choice. Why would they pay the ransom if they could simply restore the hacked systems from a backup copy? Either they don’t have a backup, they didn’t trust their backup, or they didn’t think they could restore the backup in a reasonable timeframe.
Giving code written by criminals a second chance to mess with your system is surely an act of desperation. If a criminal wants to shake down their victims a second time, its a lot easier to plant additional malware weaknesses by coercing their victims to run a $5 million “cleanup” tool, than break through what will surely be tougher security a second time from scratch.
There are other risks besides cyberhacking which might create the need for a restoration from backup. In 1859 the Carrington Event, a colossal solar flare struck the Earth, causing enormous electrical disturbances throughout the primitive telegraph system of the time. A similar event today wouldn’t necessarily destroy everything electronic, but there would be extensive damage. A lot of computer hardware would suffer total or partial failure. Some might be repairable, but a lot of it would have to be junked and replaced.
Everyone has heard of a nuclear EMP device, but there are non-nuclear EMP devices which are easy to build but capable of causing extraordinary damage at range to electronic equipment. Originally developed in the Soviet Union for nuclear fusion research, these non-nuclear EMP devices convert a sizeable percentage of the energy released by a chemical explosion into an electromagnetic shockwave, like a localised man made Carrington event. It is only a matter of time until eco-crazies start pointing home made EMP devices at oil and gas infrastructure.
There are plenty of other risks which need to be managed. I once saw an entire utility company fail, because they refused to give a 10% pay rise to the only person in the company who understood how their badly written 30 year old systems worked (not me, someone else). After his departure, management discovered they were no longer able to issue utility bills. They had no idea how important that one person was to their operations and profitability.
Lets hope Colonial has those secure backups ready, and adequate risk management systems in place, for when the next Carrington event or another widespread disaster or attack takes out some of their computer systems.